2004-06-21, 18:16 | Link #21 | |
Senior Member
|
Quote:
|
|
2004-06-21, 19:22 | Link #22 | |
鶏肉がとてもおいしい。
|
Quote:
1. Scan for Viruses (with up to date virus definitions). If you dont have one, you can get a free version of AVG at www.grisoft.com. My bets are that you have some viruses. 2. Download, install, and run Spybot Search and Destroy from www.download.com. 3. Download, install, and run Lavasoft AdAware from www.download.com. 4. Download HijackThis! by right clicking HERE and selecting "Save Target As". Run the program and select "Scan" and then "Save Log" as soon as it is saved it will open. Post the contents of the log file in this thread. |
|
2004-06-22, 23:37 | Link #23 |
Senior Member
|
Sorry it took so long...here's the results:
1. Yeah, the first thing I did after the crash was update Norton Anti Virus and scan. But there were no viruses found. 2 and 3. Thanks a ton for these programs. They got rid of a lot of junk that was on my cpu like ebate money maker, gain.gator, etc... 4. K, below is the log from HijackThis! Logfile of HijackThis v1.97.7 Scan saved at 8:36:29 PM, on 6/22/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\IDRIVE\FILO\IDRIVEPROXY.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMENU.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CG16EH.EXE C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE C:\PROGRAM FILES\WINAMP\WINAMP.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\7W0SECAT\HIJACKTHIS[1].EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [idriveServer] C:\WINDOWS\SYSTEM\idrive\Filo\idriveproxy.exe O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [iamapp] rundll32.exe O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: IomegaWare.lnk = C:\Program Files\Iomega\IomegaWare\Commander.exe O4 - Startup: Iomega QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QuikSync.exe O4 - Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe O4 - Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - User Startup: IomegaWare.lnk = C:\Program Files\Iomega\IomegaWare\Commander.exe O4 - User Startup: Iomega QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QuikSync.exe O4 - User Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\imgicon.exe O4 - User Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exe O4 - User Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O9 - Extra button: Real.com (HKLM) O9 - Extra button: Clip to i-drive (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra button: Dell Home (HKCU) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .WAV: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...sh/swflash.cab O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {D1D6534D-197A-11D3-8039-00500471A15D} (FunctionProxy Class) - https://www.idrive.com/site/download/WinFilo.cab O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/08bd1b5ce1cacd...tzip/RdxIE.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yaho...yiebio4025.cab O16 - DPF: Yahoo! Checkers - http://download.yahoo.com/games/clients/y/ks0_x.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...153.6851388889 |
2004-06-23, 01:16 | Link #24 |
Raid-the-mods
Join Date: Nov 2003
Location: Sol System
|
Wow. You have a lot of things running. First of all, you have two spywares.
O10 - Hijacked Internet access by New.Net --> spyware. Kaaza browser enhancer. - webshots. Major Spyware and uses up a lot of processes. Made by the makers of Gator.com (cant remember the new name - alixa or something) marketing company. Your system looks "OK" but it can be much better. I have seen a lot of systems like yours and my overall recommendation is to backup your system and do a clean install. Remove applications that you do not use if a total reinstall is not wanted. a few things you can remove, - Norton crashguard. It has been known to cause system crashes and slowdowns. - Yahoo checkers plug-in. If you do not use it, remove it. - Iomega QuickSync. a nice inventory tool but is system intensive. Not necessary. I would also recommend using regcleaner.exe from Microsoft. this may fix some registry problems after removing apps. or use Toniarts (http://www.toniarts.com) Easy Cleaner to help clean up your system. ________ Marijuana Last edited by AnimeOni; 2011-03-05 at 11:21. |
2004-06-23, 20:21 | Link #25 |
鶏肉がとてもおいしい。
|
In addition to the items listed above, the following line needs to be checked and fixed.
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/08bd1b5ce1cacd...tzip/RdxIE.cab In order to properly fix items, it is important you close all Internet Explorer and My Computer windows before pressing the Fix Button. In the event fixing the items failes (IE you run HijackThis! again and it still shows up), Restart the computer in safe mode (by mashing the F8 key at start up). After the computer has booted to the safe mode desktop, run HijackThis (ensure Internet Explorer has not been run since the computer has restarted) and fix the items again. |
2004-06-24, 18:23 | Link #26 |
Asuki-tan Kairin ↓
Join Date: Feb 2004
Location: Fürth (GER)
Age: 43
|
I still wonder about the backdatet system data. What would cause such an error in W98SE?
Well, you can do a registry backup yourself (just to avoid future problems). The two files system.dat and user.dat are the physical database files that build the registry. These files should be located in your windows directory. Copy and paste them somewhere (in a directory you can easily access from DOS-mode <=means foldername length should be not more than 8 characters and located on a drive you can directly access after boot up) to have a backup of these files. Maybe you will find such a backup usefull someday.
__________________
|
2004-06-24, 18:31 | Link #27 | |
Member of the Year 2004!
Join Date: Apr 2004
Location: "And if thou doest not well, _Sin_ lieth at the door."- Genesis 4:7
Age: 39
|
Quote:
Exporting the Registry: Start menu-->Run-->regedit. Click on Files-->Export. Make sure you export all of the registry not only a part of it. |
|
|
|