AnimeSuki Forums

Register Forum Rules FAQ Members List Social Groups Search Today's Posts Mark Forums Read

Go Back   AnimeSuki Forum > AnimeSuki & Technology > Tech Support

Notices

Reply
 
Thread Tools
Old 2004-06-21, 18:16   Link #21
phoenixfire92983
Senior Member
 
 
Join Date: Jan 2004
Location: California
Age: 31
Send a message via ICQ to phoenixfire92983 Send a message via AIM to phoenixfire92983 Send a message via MSN to phoenixfire92983
Quote:
Originally Posted by KeinikuSuki
You can't use system restore unless you have Windows XP or ME which would be a good reason that attempting to run system restore wouldn't work. Which operating system are you using?
I am using Windows 98 sec. edition. Is there any chance that spyware had something to do with all of this. Because before, I was having a lot of trouble getting rid of ebatesmoemoneymaker, savenow, wtools, and wsup. Now, they never pop up.
phoenixfire92983 is offline   Reply With Quote
Old 2004-06-21, 19:22   Link #22
KeinikuSuki
鶏肉がとてもおいしい。
 
Join Date: May 2004
Send a message via ICQ to KeinikuSuki
Quote:
Originally Posted by phoenixfire92983
I am using Windows 98 sec. edition. Is there any chance that spyware had something to do with all of this. Because before, I was having a lot of trouble getting rid of ebatesmoemoneymaker, savenow, wtools, and wsup. Now, they never pop up.
Your quickest and easiest option is probably what was suggested before, reformat your hard drive. However, if you have a lot of files you dont want to back up, or want to go the hard way:

1. Scan for Viruses (with up to date virus definitions). If you dont have one, you can get a free version of AVG at www.grisoft.com.

My bets are that you have some viruses.

2. Download, install, and run Spybot Search and Destroy from www.download.com.

3. Download, install, and run Lavasoft AdAware from www.download.com.

4. Download HijackThis! by right clicking HERE and selecting "Save Target As". Run the program and select "Scan" and then "Save Log" as soon as it is saved it will open. Post the contents of the log file in this thread.
KeinikuSuki is offline   Reply With Quote
Old 2004-06-22, 23:37   Link #23
phoenixfire92983
Senior Member
 
 
Join Date: Jan 2004
Location: California
Age: 31
Send a message via ICQ to phoenixfire92983 Send a message via AIM to phoenixfire92983 Send a message via MSN to phoenixfire92983
Sorry it took so long...here's the results:

1. Yeah, the first thing I did after the crash was update Norton Anti Virus and scan. But there were no viruses found.

2 and 3. Thanks a ton for these programs. They got rid of a lot of junk that was on my cpu like ebate money maker, gain.gator, etc...

4. K, below is the log from HijackThis!

Logfile of HijackThis v1.97.7
Scan saved at 8:36:29 PM, on 6/22/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\IDRIVE\FILO\IDRIVEPROXY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMENU.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CG16EH.EXE
C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\7W0SECAT\HIJACKTHIS[1].EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [idriveServer] C:\WINDOWS\SYSTEM\idrive\Filo\idriveproxy.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [iamapp] rundll32.exe
O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: IomegaWare.lnk = C:\Program Files\Iomega\IomegaWare\Commander.exe
O4 - Startup: Iomega QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QuikSync.exe
O4 - Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: IomegaWare.lnk = C:\Program Files\Iomega\IomegaWare\Commander.exe
O4 - User Startup: Iomega QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QuikSync.exe
O4 - User Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe
O4 - User Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exe
O4 - User Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Clip to i-drive (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Dell Home (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .WAV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...sh/swflash.cab
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {D1D6534D-197A-11D3-8039-00500471A15D} (FunctionProxy Class) - https://www.idrive.com/site/download/WinFilo.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/08bd1b5ce1cacd...tzip/RdxIE.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yaho...yiebio4025.cab
O16 - DPF: Yahoo! Checkers - http://download.yahoo.com/games/clients/y/ks0_x.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...153.6851388889
phoenixfire92983 is offline   Reply With Quote
Old 2004-06-23, 01:16   Link #24
AnimeOni
Raid-the-mods
 
 
Join Date: Nov 2003
Location: Sol System
Wow. You have a lot of things running. First of all, you have two spywares.

O10 - Hijacked Internet access by New.Net --> spyware. Kaaza browser enhancer.
- webshots. Major Spyware and uses up a lot of processes. Made by the makers of Gator.com (cant remember the new name - alixa or something) marketing company.
Your system looks "OK" but it can be much better.

I have seen a lot of systems like yours and my overall recommendation is to backup your system and do a clean install. Remove applications that you do not use if a total reinstall is not wanted.

a few things you can remove,
- Norton crashguard. It has been known to cause system crashes and slowdowns.
- Yahoo checkers plug-in. If you do not use it, remove it.
- Iomega QuickSync. a nice inventory tool but is system intensive. Not necessary.

I would also recommend using regcleaner.exe from Microsoft. this may fix some registry problems after removing apps. or use Toniarts (http://www.toniarts.com) Easy Cleaner to help clean up your system.
________
Marijuana

Last edited by AnimeOni; 2011-03-05 at 11:21.
AnimeOni is offline   Reply With Quote
Old 2004-06-23, 20:21   Link #25
KeinikuSuki
鶏肉がとてもおいしい。
 
Join Date: May 2004
Send a message via ICQ to KeinikuSuki
In addition to the items listed above, the following line needs to be checked and fixed.

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/08bd1b5ce1cacd...tzip/RdxIE.cab

In order to properly fix items, it is important you close all Internet Explorer and My Computer windows before pressing the Fix Button.

In the event fixing the items failes (IE you run HijackThis! again and it still shows up), Restart the computer in safe mode (by mashing the F8 key at start up). After the computer has booted to the safe mode desktop, run HijackThis (ensure Internet Explorer has not been run since the computer has restarted) and fix the items again.
KeinikuSuki is offline   Reply With Quote
Old 2004-06-24, 18:23   Link #26
Jinto
Asuki-tan Kairin ↓
 
 
Join Date: Feb 2004
Location: Fürth (GER)
Age: 33
I still wonder about the backdatet system data. What would cause such an error in W98SE?
Well, you can do a registry backup yourself (just to avoid future problems). The two files system.dat and user.dat are the physical database files that build the registry. These files should be located in your windows directory. Copy and paste them somewhere (in a directory you can easily access from DOS-mode <=means foldername length should be not more than 8 characters and located on a drive you can directly access after boot up) to have a backup of these files. Maybe you will find such a backup usefull someday.
Jinto is offline   Reply With Quote
Old 2004-06-24, 18:31   Link #27
_Sin_
Member of the Year 2004!
 
Join Date: Apr 2004
Location: "And if thou doest not well, _Sin_ lieth at the door."- Genesis 4:7
Age: 30
Quote:
Originally Posted by Jinto Lin
I still wonder about the backdatet system data. What would cause such an error in W98SE?
Well, you can do a registry backup yourself (just to avoid future problems). The two files system.dat and user.dat are the physical database files that build the registry. These files should be located in your windows directory. Copy and paste them somewhere (in a directory you can easily access from DOS-mode <=means foldername length should be not more than 8 characters and located on a drive you can directly access after boot up) to have a backup of these files. Maybe you will find such a backup usefull someday.
You can also export your registry to a .reg file and reconstruct the registry with the regedit.exe under DOS. I'm not sure what the command parameter was because I did this long time ago and I can't check since I'm using Win XP but I faintly recall it being: Regedit.exe /c <name>.reg.

Exporting the Registry:

Start menu-->Run-->regedit. Click on Files-->Export. Make sure you export all of the registry not only a part of it.
__________________
There is a little known provision in the Forum Rules that explicitly allows a moderator to remove any signature image that they believe to be inappropriate for any reason. That did not happen in this case because _Sin_ is so boring that he never even had a signature to remove anyway. So why is this text here? To attract attention of course - isn't that what a signature is for?
You can still find my Azureus Download Guide here

By all means, make sure to read this.
_Sin_ is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 22:19.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
We use Silk.