herbalist

I don't use P2P much anymore, and have never used it to the point of wanting a dedicated PC for it. When I do run P2P, finding trojans disguised as or hidden inside of legitimate files is quite common. P2P has proven to be an easy way for some to take control of a lot of PCs with trojans and rootkits. I used to post at a couple of P2P forums and was amazed at how little regard many of them for their own security (not pointing at you, Multibooter). Several that I talked to at those forums refused to run an AV or firewall. They were so obsessed with getting every possible bit of transfer speed and were totally convinced that security software would cost them some of that speed. Botnet owners love those dedicated P2P users. Fast PCs on very fast connections with open ports and no defenses, perfect for DDOS attacks. My P2P usage is primarily music and some software. Everything I download (P2P or otherwise) is scanned with online scanners. Applications I get through P2P are installed or launched on a test OS I built for this purpose. Once I'm convinced that the file is safe and meets my needs, then I'll move it to a good OS. I've also taken additional precautions on the OS containing the P2P software (Shareaza). When I going to use Shareaza, I load in a different registry containing severe system and software restrictions, along with an alternate SSM ruleset that prevents Shareaza from launching any other process and blocks all other executables in Shareaza's folders from running. Rick

I've had DSL for about 3 years now. I didn't ask for a static IP but mine hasn't changed since I got it. It was a radical change from the bargain dialup service I used to have. On dialup, my connection had an hour limit, after which I was automatically disconnected. Every hour or less, my IP changed. At the time, I had ID-Blaster tied into the dialup. Every time my IP changed, so did my ID numbers. Combined with a random proxy setup and a firewall that didn't respond to incoming connection attempts, I wasn't easy to track. How times have changed. For many years, I relied exclusively on a software firewall. The hardware firewall (Smoothwall 2.0) is a recent addition in comparison, added primarily as a gateway for my local network. It was also a great way to recycle an old PC (a P5-133) that wasn't powerful enough to run 98 decently, at a total cost of 3 networks cards. I consider a software firewall to be an essential component for applying the default-deny policy to internet access on a per-process level. Only those apps that require internet access to function can connect out, and only when and to where it's necessary. Software firewalls are not weak in themselves. Their primary weakness is the OS they run on. If that OS is well protected against compromise, the firewall will be reliable. I use Kerio 2.1.5, which is very much like Tiny with a few more features added, like being able to import and export rulesets. Kerio 2 can import the rulesets made by Tiny. I have yet to see it fail. Kerio 2 and Tiny 2 are ideal firewalls for 9X systems. They don't slow the system at all, even with old hardware. Properly configured, they can actually speed up internet apps slightly by preventing system executables (like Windows Explorer) from wasting bandwidth. On dialup, the improvement can be noticeable. A firewall like Kerio is also very good at controlling local or loopback traffic. I use Proxomitron to filter the web content to all browsers. The loopback rules in Kerio prevent the browsers from bypassing Proxomitron, protecting it from a lot of malicious code in the process. The advantages of controlling loopback connections can be demonstrated with the PCAudit2 firewall leaktest. Although it's generally regarded as a test of HIPS ability to intercept DLL injection, it can also be used to demonstrate how malicious code can gain internet access by using loopback connections to apps with internet access. With well designed loopback rules, this test (and malware that uses these methods) can be defeated with just a firewall. Combined with a process whitelist created by the policy editor, this gives 2 layers of defense against malware of this type. If one layer fails, the next still protects you. The addition of HIPS software effectively puts 4 layers in the way, the 2 already mentioned plus blocking of the global hook and preventing the adding of autostart entries for the malicious code. More on HIPS later. Some users don't like rule based firewalls like Kerio because they require the user to have a basic knowledge of the IP system and how it works. 9X users are already in the position of having to provide their own support. A basic understanding of the IP system and firewall rules is an extension of that. The ability to write good firewall rules is rapidly becoming a lost art, thanks largely to security suites with automatic rule creation and an emphasis on combined security packages and added features, most of which are not 9X compatible. True, but given the nature of present day malware and the huge quantities of it around, it's not entirely unexpected. Asking software that runs within windows to remove rootkits with no user assistance is a tall order. Malicious code has become quite good at concealing and defending itself, including directly attacking the security software. Some malicious code can't be removed without booting from a separate OS, so it's not reasonable to expect that the AV will be able to. Because of the quantities of malicious code and the very short time between its release and becoming widespread, the AV is no longer a reliable front line defense. AVs still have a place, scanning files and software from outside sources for known malicious code, but their default-permit design makes them too vulnerable to new, encrypted, packed, or otherwise concealed malware. Since their real time protection isn't as effective as it needs to be, there's no reason an AV has to be installed and running on the operating system. New files can be scanned with online scanners. Sites like VirusTotal can scan individual files. For large or multiple files, Trend Microsystem's Housecall works fine. Rick

I'm not aware of any universally accepted definition of virus, worm, or any other particular class of malicious code. That classification system as such is as out of date as detection by definition is. Most modern malicious code can be classified in several categories, and fit correctly in each. If it's necessary to classify malicious code, I'd call most of it a hybrid of several categories. Much has changed since that term was applied to malicious code, most important of which is the source of that code. Viruses/malicious code used to be written by individuals primarily for bragging rights, showing off, etc. Now the motives are data and financial theft, and the control of others systems for malicious purposes. There is still plenty of malicious code that is effective against 9X systems that many vendors do classify as viral. In addition, this code is targeting applications, not just Windows and Internet Explorer. Until operating systems become read-only and completely unalterable, this problem will continue. I stopped using a resident AV in 2005, mainly for the same reasons you listed. Today, 9X users have another reason to add to that list, a dwindling number of choices that run on 9X systems. Most users have grown up with AVs on their systems. Thanks in large part to companies motivated by profit promoting a single method of protection that creates user dependence on a continuous stream of updates, the majority of users are not aware that there are other ways to protect/secure a PC that are equally or more effective. Windows has long had convenience and permissiveness as its core philosophy. The user can do anything, as can most of the installed software. Except for some specifically blocked items, any application can launch any other application, including ones that can alter critical settings in the OS. AVs are also based on this philosophy or policy, which can be accurately described as default-permit. In the beginning, this policy was reasonably effective. There wasn't that much malicious code. Internet access was primarily dialup, which helped keep down the rate that malicious code spread. The present day scenario is much different. Counting variants, there's over half a million examples of malicious code. Today, high speed and connected 24/7 is the norm. Static IPs are common. PCs are connected and targetable all the time, not just when a user is online. 9X users also have to deal with dwindling software support for user software. The security flaws aren't getting fixed in the versions we have to use for many apps. One of the most effective ways to secure a 9X system is to reverse the philosophy it's based on. On 9X systems, there's no separation of user and administrator functions. The first step in securing a 9X system is defining user and administrative functions. Installing or updating software, registering DLLs, registry modifying, changing system settings, etc should all be regarded as administrative tasks. The advice that's given to users of NT systems applies to 9X as well. The OS shouldn't be in an administrator mode during normal usage. The task then becomes effectively separating the user and administrator modes. For this, we have a couple of tools available. The first is on the Windows CD, the policy editor. It's located in \tools\reskit\netadmin\poledit\ and is not part of a default install. The file, poledit.exe can be run from a floppy and works by making specific changes to the registry. Before using the policy editor to make any changes to your system, make a full backup of the registry. On units with more than one user profile, make sure the backup includes the user.dat files for each profile. When the policy editor is used to open the registry, two choices are displayed: 1, Local Computer. 2, Local User. The settings most useful for the creation of separate user and administrator modes are found under Local_User\Windows 98 system. The options available here are: 1, Shell. 2, Control Panel. 3, Desktop Display. 4, Restrictions. The Shell and Control Panel sections are useful for restricting users access to sensitive parts of the system. The last section, Restrictions, has more powerful options. The screenshot below shows where an application whitelist can be created. This section will not restrict system executables but will restrict applications, installers, trojans, adware, etc from being launched by explorer or another user application. Whitelisted applications need to be entered as a filename with the extension, such as poledit.exe. Make certain that you include poledit.exe in your whitelist or you won't be able to get back into the policy editor. With a little planning, all the apps a user might need for normal user tasks can be added. Since the user can't accidentally launch a malicious process or install an unwanted program, this will greatly reduce the chances of the user compromising the system. On multiple user PCs, each users allowed list can be individually made. The policy editor performs some of the functions normally associated with HIPS (Host Intrusion Protection System) software but is not as reliable. On 98, the policy editor does not check the path used by the whitelisted executable or its integrity. It has no signature checking. If test.exe is in the allowed list, any file named test.exe will be allowed to execute. NT systems have more safeguards against this type of spoofing, so the practice isnot nearly as common as it used to be. On NT systems, HIPS software, whether free-standing or part of a firewall suite gives those systems the equivalent of a policy editor on steroids. Just about all of them are for NT systems only, but there is one exception that I know of. It's the free version of System Safety Monitor. It's no longer supported or being developed, but then neither is 98. It is the most effective option I've ever seen for controlling applications and their activities on a 9X system. I'll cover this along with controlling internet access, preventing compromise by limiting integration and interprocess activity, registry protection, and filtering undesired and malicious web content from the allowed traffic in later posts. It takes some time and planning to go through the details, but with a well thought out strategy, a 9X system can be made very close to bulletproof, and at no cost. Rick edited to fix image

I'd be interested to check them out when you have the time. IMO, trying to identify and defend all the potential autostart locations individually is futile. Instead if identifying all the registry keys that can be used, I overwrite the entire registry at boot, along with the startup files; autoexec.bat, config.sys, win.ini, the startup folders, and others. To the best of my knowledge, I've covered them save for the boot records. That won't be added to this batch file. I don't think it's necessary to go that far on each restart. Another startup location I didn't see mentioned is the system scheduler. On mine, the built in scheduler is disabled and blocked by SSM rules. Attempts to start it are logged. Those 9X rootkits led me to make an additional change in my setup. I've long used SSM as the prime enforcement of the default-deny policy. On 9X systems, SSM is loaded via HKLM....Run. If a rootkit of that type used an autostart location that SSM didn't cover, the code would execute before SSM loaded and escape detection. I moved SSM's autostart to the RunServices key. With the earlier loading, it catches the rootkits activity before it can hide. The only problems I've encountered by doing this is that it's no longer possible to have separate rules for each user. It can also interfere with the startup process if you don't have the rules finished for the involved processes. Most likely, the startup batch file would defeat most all such malware by removing their autostart entries, but given a choice I'll have 2 or more layers of defense for all possibilities when I can do it. AFAIC, if malicious code has managed to execute, the damage is already done. If malicious/unknown code can't execute, there's nothing to write those startup entries. I got burnt once by some type of (official?) malware that escaped being detected by 3 AVs, granted itself internet access through the firewall, initiated the dialup connection, and deleted itself afterwards. The firewall logged the event completely but did nothing to prevent it. I had the help of an expert and we went through my system with every tool available, and found nothing. This, combined with the events and circumstances of that time tells me who did it, but I can't actually prove it. Fortunately, the data I believe they were after was encrypted by Scramdisk. The amount of outbound traffic last logged by the firewall matched the size of the encrypted archive, 28+MB. IMO, it's well beyond coincidence. I wish I had known about SSM at that time. I would have had my proof. Needless to say, after that incident, I wiped my drives with DBan, switched to the default-deny policy enforced by single purpose software from overseas sources, and treat all software as vulnerable or worse. Rick

Glad to hear you like it. IMO, SSM can mitigate most of the design weaknesses in 9X systems such as the lack of separation between administrator and user functions. I haven't tested its registry module to any great degree, but I believe it can be set to protect that ShellServiceObjectDelayLoad key from unwanted change as well. I'm on my 2K system at the moment so I can't check it right now. SSM's ability to control processes, especially parent-child permissions will offset most of the potential security issues caused by the lack of updates for 9X compatible software. Being Russian/Ukranian in origin, it's not likely to be affected by policies resulting from 9/11. The subject of 9/11 and its potential effect on operating systems and software is a touchy can of worms that's difficult to discuss without the thread becoming political, emotionally charged, and probably closed/deleted. I have no proof of it, just suspicions backed up by a lot of coincidence, circumstantial evidence, and a couple of personal experiences that are very hard to explain any other way. OT. If anyone is interested, I am authorized by Vitali, owner of SSM, to distribute a lifetime key for the paid version of SSM to anyone whose trial key has expired. The paid version is more powerful (and complicated) than the free one and has vastly expanded registry and service protection. It's only for NT systems unfortunately. Rick

Well 9/11 is a dark date, and I think we'll mourn those dead in that day forever. That said, I fail to see the cause-effect relation between 9/11 and software. Maybe I'm being too naive. Could you please elaborate? Call it a distrust of the powers that be and their policy of domestic surveillance implemented after that date and its potential effects on software and operating systems. This was discussed in this thread starting at post 149. Rick

I'd strongly suggest a full system backup before attempting any major modifications. As for protecting the registry, I highly recommend TestRun for those who aren't proficient in DOS. TestRun is a collection of batch files that makes copies of the registry and core configuration files and allows you to experiment on the copies while your originals stay safe. Anyone who is still learning DOS should study those batch files. They're good examples of just how powerful a few lines of text can be. Rick

I removed the WebCheck entries on all my 9X and 2K systems with no resulting problems. On my 98FE box, Tihiy's network monitor is the only entry in that key. On this 98SE, that key was removed with Internet Explorer. When I first started building the startup batch file, I was covering the different autostart locations individually. After a while, I decided to replace the entire registry instead of individual keys. This way, the same batch file worked on all the single user 98 systems and addressed several other problems as well. On my FE box, the batch file takes a bit over 1 minute to complete at startup, partly due to the number of files and folders it overwrites and partly because of the 366mhz processor. Even so, I consider it a small price to pay for malware protection and for starting every session with a clean, optimized registry. The only time it causes a problem is when I install something and forget to make new backups before rebooting.

stobject.dll does show up in Process Explorer in the lower pane when it's set to display DLLs. The regsitry key used to load it, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad has been used by some malicious code. From Bleeping computers: The objects loaded by this key are DLLs loaded by explorer and will not show up on a process monitor as a separate process. The objects in this key are loaded only when explorer starts or restarts. Not all real time autostart monitors watch this key. If you're concerned about the potential malicious use of this key, a DOS batch file called from autoexec.bat can be your best ally. The batch file can either cover the entire registry or just specific keys with command line entries for regedit. Rick

It's worse than that: It's admiting that w98 is not superior to XP. You're right. That's awful. IMO, the 98 start menu is fine as is. If anything, I'd like to replace a few of the entries with some of my own, but there's nothing wrong with how it looks, simple and straight forward, what an OS should be.

With my Installed Files Checker, I started developing a full system backup/restore application, but I dropped development because for w98 it's simply overkill.I've had one for 98 that's called from autoexec.bat and overwrites the existing registry files and autostart folder with cleaned and optimized copies. An independent DOS image lets me do the same with both 98s and 2K. The only other ones that are/will be for 98 are ones for switching which OS version will be loaded and for OS backup and restoring purposes plus one more for general maintenance. I've pretty much stopped using Acronis for this in favor of 7zip. Smaller archives, easily divided up for different purposes, editable from Windows and DOS, and can run in the background of one OS when restoring another, while I do something else. The same commercial source that tries to infect your computer with unwanted stuffs, to remind to buy their products or semi-legal datas miners.This is quiet possible. With newer version of windows it became harder and harder to make manual changes in your system. But viruses still d as they please. That's a big part of who I'd expect to be behind it. Add in any company or organization involved in copyright protection and anti-piracy, example: Sony's anti-piracy rootkit. Being able to access the entire file system with DOS enables the user to defeat most of this unwanted material. Even when "new" really does mean "better", it's often just when it's used on new systems and doesn't improve anything for those with older systems and/or hardware. I've worked hard to keep my operating systems as light and fast as possible. Every OS I run takes up less than 1.5GB, save for one, the 98FE system with way too much installed in it. Rick

I wouldn't want my 98 system to look one bit like XP or Vista. IMO, making 98 look like a newer OS is like trying to hide the fact that you're using 98.

I can't agree with that conclusion. When the next release of an application won't run on 98, there's no reason the user can't keep running the last version that does. When I have time, I try to work with KernelEX and SeaMonkey 2.0 on a 98SE testbox. If I choose not to add KernelEX to my primary unit, 98FE, there's no reason I can't keep using one of the 1.1 releases of SeaMonkey. DirectX is not a necessity for web browsing. Neither is Internet Explorer. Definitely. I've long used DOS and batch files to protect Win98. As long as the user installs the NT system on FAT32, it will work just as well there. I recently copied the DOS boot image I made for a service CD to the boot partition and added entries to Grub4DOS to load it. It gives me full access to all the drives and operating systems with LFN support. I'm presently setting up batch files that will automate maintenance work, do file system and registry backups and restoring, and more.

I've been running Proxo for about 4 years too. When Proxo is controlling the the user agent string, the browser displays as "not your concern" and the OS is a WinMacNix. When an actual user agent is sent, it's usually IE6 and XP. I haven't found many sites that discriminate against 9X, but out of the ones I've encountered, sending a newer user agent string is sufficient to satisfy/deceive the majority of them. If malicious code was limited to attacking just the OS itself, that statement could be true. Unfortunately, nowadays more code is targeting applications, and not just Internet Explorer. Code that attacks PDF software is becoming common. Flash is another common one. As long as internet software works on both 9X and NT systems, there will be malicious code that affects 9X systems, making some form of protection necessary. I haven't been infected via the browser either. When I was beta testing SSM, I collected a good number of malware samples from sites that tried. P2P is an excellent source of material for anyone who tests/works with malware. I get a few more samples every time I download something other than audio files. With P2P, there's always a risk of downloading malicious code. IMO, as long as the user is aware of that and treats the downloads accordingly, there's very little risk. If I remember correctly, didn't several of the better known AVs drop 9X support during the 2nd half of 2008? I'd suspect that may have been the reason for the decline of 9X systems online. Most users have been conditioned to connect PC security with AV software and security suites and don't realize that they have other options available to them. I still suspect that the real hatred for 9X comes from commercial sources who don't like the unlimited system access that 9X and DOS gives its users. It wouldn't surprise me if some of those "fanboys" represent those commercial interests. As far as the rest of them and all the noise they make is concerned, they just prove that some things in this world are totally without value. "It's all just an echo of what they've been told."

I question the accuracy of the percentages for each type of OS. If that info is obtained from checking the user agent, they could be way off. Most 9X users I know aren't browsing with IE6. They're using an alternate such as SeaMonkey, K-Meleon, etc. Several of these enable the user to spoof the user agent, either directly or by using an extension or free-standing app like Proxomitron as an aid for dealing with sites that don't work properly with 9X systems. I would guess that most 9X users have run into such sites and know how to spoof the user agent.

Thanks. I'll check it out.

ATM, I'm listening to many little things: The gurgling of the coffee maker as it brews another pot. Water trickling from the filter into the aquarium. The irregular whirring of a CPU cooling fan that needs lube or replacing. A light rain on the roof. Birds in the tree over the house. No TV playing, no radio, etc. Times this quiet are too rare and don't last long here.

My ISP is i2k, which if I understand correctly is actually Verison DSL separated from their phone service. I believe they referred to it as a "dry loop" setup. They were cheaper than Version for the same service. Shop around. My primary PC is multi-boot, with 98FE, 98SE, Win2000, and 2 Linux versions. Speed tests at various sites show that I average of 90% of the rated speed most of the time with all of them. I'm using the low end DSL service, 864/160 which is under $20/month. They offer faster service but this is fast enough for my needs and I'm too cheap to pay more for speed I don't need. There's several threads in the 98 section of the forum about this where other users are running much faster. The only requirement for DSL on 98 is a good network card, which should come with its own drivers. You don't need drivers for the DSL modem unless you try to connect to it via USB. Even if you have USB drivers, ethernet will give you better performance. Rick

My internet service is ADSL. I also have VOIP from the same service provider. The VOIP uses a Linksys router/phone adapter supplied by my ISP. My PC runs Win2000 and 98FE. I'd like my PC to function as an additional telephone, answering machine, and call recorder. Can someone recommend software that will fill these roles? More than one application is fine if one program won't do it all. Thanks Rick

Is this the modem/sound card combo that came with the PC? If it is, what is the make and model of this PC? I have the original setup CDs for a couple of 98 units that used these types of units. Might get lucky and have the right one. Rick

Has this problem always been there or is it fairly recent? If the problem isn't a version conflict or resource related, I'd also suspect an interaction with something else that's running. Avast would be the first item I'd check. With the few that still work, 9X support is pretty much an afterthought. It's entirely possible that an AV update could be part of the problem. It's been years since I've run an AV and only tried Avast once, many years back. It didn't work well on my system. Where were these iexplore copies at? Were they renamed or the file extensions changed? It's also possible that IE might have been compromised by something. The best way to check if a file has been altered is to compare the checksums of the files. On mine, the MD5 for IExplore.exe is eb9eaf627f705525d01de5fa07ea1818. Rick

I haven't had any problems like that, but I rarely use Internet Explorer. Do these crashes happen after IE6 has been in use for a long time? IE6 has a way of depleting resources when it's used for a long period of time. When IE6 is running, what does the Resource Meter (C:\WINDOWS\Start Menu\Programs\Accessories\System Tools) show is available? Are the index.dat files getting large? Are there any sites, combinations of software in use, or other circumstances that seem to trigger the crashes? Try leaving the resource meter running while you use IE6 and see if the problem is resource related. OT. Internet Explorer is the biggest security risk and the cause of many of the stability problems people have with Win98. It's very out of date and inferior to most other browsers. SeaMonkey and K-Meleon are both good browsers for 98 systems, especially if you're using the original hardware. There's a few differences but most of the IE file versions on my system are the same. advapi32.dll 4.80.0.1675 64 KB 5/11/98 8:01:00 PM C:\WINDOWS\SYSTEM advpack.dll 6.0.2800.1106 89 KB 8/29/02 7:14:40 AM C:\WINDOWS\SYSTEM browselc.dll 6.0.2800.1106 62 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM browseui.dll 6.0.2800.1692 994 KB 6/17/05 11:16:18 PM C:\WINDOWS\SYSTEM ckcnv.exe 6.0.2800.1106 8 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM comctl32.dll 5.81.4916.400 536 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM crypt32.dll 5.131.1878.12 364 KB 9/12/02 3:10:16 PM C:\WINDOWS\SYSTEM enhsig.dll 5.0.1877.8 4 KB 8/13/05 1:45:46 AM C:\WINDOWS\SYSTEM iemigrat.dll 6.0.2436.1 12 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM iesetup.dll 6.0.2800.1106 57 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM iexplore.exe 6.0.2800.1106 89 KB 8/29/02 12:00:00 AM C:\Program Files\Internet Explorer imagehlp.dll 4.0.1381.4 112 KB 5/11/98 8:01:00 PM C:\WINDOWS\SYSTEM inseng.dll 6.0.2800.1469 68 KB 8/26/04 9:53:48 AM C:\WINDOWS\SYSTEM jobexec.dll 5.0.0.1 47 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM jscript.dll 5.7.0.16535 480 KB 7/31/07 8:45:24 PM C:\WINDOWS\SYSTEM jsproxy.dll 6.0.2800.1106 12 KB 8/13/05 1:46:36 AM C:\WINDOWS\SYSTEM mshtml.dll 6.0.2800.1528 2637 KB 11/22/05 4:49:10 PM C:\WINDOWS\SYSTEM msjava.dll 5.0.3810.0 925 KB 2/28/03 6:26:26 PM C:\WINDOWS\SYSTEM msoss.dll 5.131.1877.3 136 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM msxml.dll 8.0.6730.0 484 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM occache.dll 6.0.2800.1106 86 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM ole32.dll 4.71.1719.0 768 KB 5/11/98 8:01:00 PM C:\WINDOWS\SYSTEM oleaut32.dll 2.40.4518.0 908 KB 8/13/05 1:47:18 AM C:\WINDOWS\SYSTEM olepro32.dll 5.0.4518.0 224 KB 8/13/05 1:47:18 AM C:\WINDOWS\SYSTEM rsabase.dll 5.0.1877.7 99 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM rsaenh.dll 5.0.1877.8 98 KB 8/13/05 1:45:46 AM C:\WINDOWS\SYSTEM rasapi32.dll 4.10.0.2002 196 KB 7/7/99 10:14:54 AM C:\WINDOWS\SYSTEM rsasig.dll 5.0.1877.7 4 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM schannel.dll 4.87.1964.1878 110 KB 9/26/02 12:38:44 PM C:\WINDOWS\SYSTEM shdoc401.dll 5.50.4914.1400 481 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM shdocvw.dll 6.0.2800.1762 1308 KB 10/21/05 3:17:22 PM C:\WINDOWS\SYSTEM shell32.dll 4.72.3812.634 1364 KB 1/8/07 6:34:00 AM C:\WINDOWS\SYSTEM shlwapi.dll 6.0.2800.1740 400 KB 8/31/05 5:49:30 PM C:\WINDOWS\SYSTEM url.dll 6.0.2800.1106 104 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM urlmon.dll 6.0.2800.1525 449 KB 10/21/05 12:51:26 PM C:\WINDOWS\SYSTEM vbscript.dll 5.7.0.16535 404 KB 7/31/07 8:45:24 PM C:\WINDOWS\SYSTEM webcheck.dll 6.0.2800.1106 252 KB 8/13/05 1:46:32 AM C:\WINDOWS\SYSTEM win.com Not Available 24 KB 5/11/98 8:01:00 PM C:\WINDOWS Not Available wininet.dll 6.0.2800.1525 562 KB 10/21/05 12:51:36 PM C:\WINDOWS\SYSTEM winsock.dll 4.10.0.1998 21 KB 9/2/98 1:10:52 PM C:\WINDOWS wintrust.dll 5.131.1877.5 46 KB 8/29/02 12:00:00 AM C:\WINDOWS\SYSTEM wsock.vxd 4.10.0.1998 15 KB 5/11/98 8:01:00 PM C:\WINDOWS\SYSTEM wsock32.dll 4.10.0.1998 40 KB 9/2/98 1:10:52 PM C:\WINDOWS\SYSTEM wsock32n.dll 5.2.0.2 26 KB 5/11/98 8:01:00 PM C:\WINDOWS\SYSTEM

Several years ago, I had software installed on my 98FE box that would process voice commands. It opened apps, typed as you spoke, saved, navigated, etc. It was really quite cool, but not of any real use to me. Such software requires either a quiet environment or a very directional microphone, neither of which I have. In order for it to work well, it had to be "trained" to the users voice, meaning I had to read and talk to this thing. IMO, computers do enough weird stuff to make you talk to yourself. The last thing I need is software that requires it. I'd have to look but I might still have this software. I just don't remember what it was called.

I'm not sure how the newer versions compare, but with version 7 you could make a Linux based rescue CD. I used to have Acronis 7 installed but found that the CD was sufficient for creating and restoring archives. On mine, the Acronis CD recognizes the external USB hard drive by itself. It works with both the built in USB 1 and the USB 2 PCI card. There was no need for any other drivers. Booting from the Acronis CD makes no changes to your system. Before you go through all that work, give the rescue CD a try. You might be pleasantly surprised. Rick

After some checking, I find that I didn't use IEradicator on this particular OS. This one was built with 98lite with the "chubby" shell. Internet Explorer was never installed at all. IEradicator does leave some IE components behind that 98lite does not. I remember having to add a file or 2 to get VirtualPC to work, a problem I didn't have when I used IEradicator. If RP9 depends on any Internet Explorer components, that would be the problem. Uninstalling RP9 doesn't repair the toolbars but restoring the registry to a pre-install state does. I haven't determined which entry causes this yet.