MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Deleting "domains" in Registry Editor
December 09, 2019, 11:18:25 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 09, 2019, 11:18:25 AM

Login with username, password and session length
 Featured Sites:
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Deleting "domains" in Registry Editor  (Read 2984 times)
daisy15
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« on: October 20, 2004, 05:27:22 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:


Windows 98...................
I have been trying to find out why my resources are so low, even on a clean reboot! Well, I finally found the dirty little weaseals that are living in my machine! My problem is that I do not know what is supposed to be in there.Here's how I found them, despite having Spy Sweeper, Xoftspy, Spybot search and destroy, Ad-Aware 6.0, AVG antivirus and Zone Alarm:
H KEY_USERS\Default\Software\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains. Now, I can promise you that I have never visited any of those sites. I cannot name them as the names would make you blush!

My question is what is SUPPOSED to be in there?

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: October 21, 2004, 01:19:15 AM »

Hi Daisy,

If you navigate to the Key
HKEY_USERS\Default\Software\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains
anything listed under Domains on the left, would probably be safe to delete...But not Domains itself
But, if you highlight one of the entries on the left under Domains,
and on the right hand side you see something like
0x00000004(4)
That's not really a bad thing if it's a nasty Domain site
The 4 would include that site to Your Restricted Sites settings

Meaning that domain has to follow the Restricted sites settings that you would see if you opened up Internet Explorer
Clicked on Tools>>Internet Options>>>Securtiy Tab
You will see Internet==Local Intranet==Trusted Sites===Restricted Sites

Normally, on a custom level of Restricted Sites you will have mostly everything disabled or require to prompt you
Now, of course,
Looking back in the Registry, if the domain has set a value of 3
and it's a nasty site, that's not a good thing, and you would probably be best removing it
If I remember right==3 would be Trusted Sites

I have IE-Spyad installed that puts a whole bunch of entries in the
HKEY_USERS\Default\Software\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains key
But, I leave them there because all those sites are following the Restricted sites settings

If your ever unsure, when playing in the registry, make a folder on your harddrive somewhere and Export the registry key first
before deleting it..... If all seems well, get rid of the backups

If you could, would you post a hijackthis log
Important---Create a permanent folder hijackthis
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT
OR create a folder as C:\HJT---this is where you will want to save Hijackthis too, also, backups will be stored there.
download from
HERE or HERE


Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
here... Don't try and fix anything yet----It is all important

Let's see if we can find anything else hiding on your computer
Logged

 
daisy15
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« Reply #2 on: October 21, 2004, 06:37:14 AM »

Thanks for the info benditup.......<P>I cannot open the HiJack This Log as Acrobat Reader says the file does not begin with '%PDF-' so I posted the results to a website.  Please go here to see it:   http://members.aol.com/im22bz/hijackthis10-20-04.jpg ........... I'm feeling pretty stupid right about now as these little nasties were probably put there by IE-Spyad. ......... About 4 months ago I did a search on Google and the first link I clicked on had a Virus which AVG caught and put it into quarantine.  The AVG info said that it did not know the action of it. I think it is active as my resources drop like a rock.  Just now, before I rebooted they were at 38%.  -------- Why is the HYML off?.....Thanks
Logged

 
daisy15
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« Reply #3 on: October 21, 2004, 06:42:44 AM »

Now, after rebooting about 30 minutes ago, they are at 43%.  I am having to post here using Mozilla as IE has decided to say that you are not a safe site.  This, due to a visit to Microsoft re their new vulnerability that was announced today.  I followed their instructions but I must have the securities set wrong.
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #4 on: October 21, 2004, 02:08:49 PM »

Just on my way out daisy, could you do one more scan with Hijackthis,
AFTER the SCAN is finished click the SAVE LOG button

Save the log on your hard drive, copy and paste the saved log back here
You managed to show me a Scan from hijackthis and not the log Smiley

Does notepad open?
Go to START>>>RUN>>>type in notepad and hit Enter

Let me know if you have a problem accessing this site when you click here with IE, you can copy and paste that into the address bar
http://www.mytechsupport.ca/helpwithpcs/
Logged

 
daisy15
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« Reply #5 on: October 21, 2004, 07:10:46 PM »

benditup..................Wow!  Did not know that notepad could open the log file.  I know that I need to upgrade my browser but my only choice is IE6.0 and it is too powerful for win98.  There is no upgrade to IE5.5 anymore. ....................BTW, I really appreciate your help as my resources right now are 43% after 30 minutes....I cannot seem to get to the bottom of my resource hog.

Scan saved at 1:48:52 PM, on 10/21/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\WAOL.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (ShockwaveFlash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (ShockwaveFlash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (ShockwaveFlash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (ShockwaveFlash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
Logged

 
daisy15
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« Reply #6 on: October 21, 2004, 07:22:41 PM »

Whoa!..................Please forgive my last post and let me try again.......................

Logfile of HijackThis v1.97.7
Scan saved at 2:19:48 PM, on 10/21/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\WAOL.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (ShockwaveFlash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #7 on: October 22, 2004, 02:24:37 AM »

Not sure what you mean by IE6 being to Powerful for Windows 98SE
The updates keep your system more secure.....
I have 98SE on my other machine and it runs just fine

Can you do me a favor
This entry in your processes tells me you may have a game of Solataire
running
That seem right to you, just want to make sure
C:\WINDOWS\SOL.EXE

If your right click the MyComputer Icon and left click properties, how much installed RAM do you have on your machine

Next step,
This will have no influence on your resources but when was the last time you did a Disk Defrag on your system and cleaned out All your Temp folders and Scanned Disk for errors?

Another thing to try
Disconnect from the Internet
Go to START>>>RUN>>type in msconfig
Under the Startup tab disable everything except for
Systray---scanregw---LoadPowerProfile(2 of) entries
This is just for troubleshooting purposes
You may want to leave this one enabled too-->>devldr16
RESTART your computer
What are your resources at?

Zone Alarm may of not been totally disabled, but go back to msconfig
and enable entries to Zone Alarm
RESTART your computer, What are your resources at?

Try this with AVG and your other programs too, this may help too determine what is using the most, there may be alternatives
Could you let me know if

I know I have 320mb ram on my SE machine and with AVAST and Sygate starting up, at first boot I'm at about 87 or 88%
AVG and AVAST use about the same, AVAST could use more if you have all scanners enabled on startup

Side note: If you still have Xoftspy installed you may consider uninstalling it...
READ THIS
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Ad-Aware has been updated, could you uninstall your version
Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or later
After installation-CHECK FOR UPDATES
Do a Full system scan----Remove All Critical objects
RESTART your computer to finish the cleaning process

You should install this application,  adds extra security while
silently protecting you, without running in the background, won't use no resources

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad, you will want to keep up to date too
So, I assume that those reg entries have a value of 4
Here's a link to see when updates are available
https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD
If you need a hand on how to update it just mention it when posting back
Again, this app. uses no resources

Could you try the above and then repost back to me after you have everthing enabled on startup again
Post back with a new hijackthis log too. The latest version of hijackthis is 1.98.2, let's make sure we're seeing everything
You can redownload from HERE or HERE
Logged

 
daisy15
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« Reply #8 on: October 22, 2004, 09:16:55 AM »

256 RAM

Defrag every 2 weeks.  Perhaps I am doing a defrag wrong.  I End Task on everything but Explorer then defrag.  This is fast, about 45 minutes.

I Use Privacy Guardian on boot up to clear out gunk!  After Privacy Guardian deletes all, I reboot then right click on Start, left click on explore, go to Temporary Internet files and delete the one remaining orphan cookie "Doubleclick" that seems impervious to the above.

Deleted XoftSpy and asked them for a refund since I just purchased it for $39.99.  So far, they will not respond.

Uninstalled and reinstalledAd-Aware.

Did a reboot with systray, scanreg, loadPowerProfile and devldr16..............checked resources and they were at 95%-----YEAH!

----------------------------------------------------------------------
Ran HijackThis:

Logfile of HijackThis v1.97.7
Scan saved at 4:33:55 PM, on 10/21/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0A\WAOL.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKCU\..\Run: [TClockEx] C:\PROGRAM FILES\TCLOCKEX\TCLOCKEX.EXE
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (ShockwaveFlash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

----------------------------------------------------------------------


Opened AVG=3%, ZoneAlarm=10%, T-Clock=2%, Pop-Up Stopper=2% Loaded AOL=17% ........   resources were at 65% with all running.  I felt that AOL was taking up an exorbitant amount of resources and maybe that virus was still in there so I uninstalled and reinstalled it, losing all of my files along the way then got "Charlie," in India, on the phone to  try to help me find them.  After about 30 minutes of trying to talk with"Charlie," in India my brain turned to mush so I will have to continue with your instructions later on today as it is 4:30am and I need sleep.
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #9 on: October 22, 2004, 11:20:57 PM »

So I assume this means you have another game of Solataire running?
C:\WINDOWS\SOL.EXE
Just curious, there is an old infection that overwrites that file....
I want to be sure

Not sure if your on dialup, but see if this link is much help
http://help.channels.aol.com/article.adp?catId=3&sCId=301&sSCId=3011&articleId=73024

Zone Alarm isn't taking up that much, but I do believe that Sygate takes up a bit less resources

I usually defrag in safe mode on my 98SE machine, Not sure how big your hard drive is, or how much of the room your using on it,
I like using Diskkeeper lite(free version)  to defrag my 98 machine...
I defrag it about every few weeks, takes about 20 minutes
Mind you I've only got 2 harddrives installed on it totalling 28GB
Split into 4 partitions
C drive having 8gb
I don't use that machine as often as I use to....
I usually am typing away on my laptop lately, XP's defragger is more or less based off of Diskkeeper technology
Logged

 
daisy15
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« Reply #10 on: October 23, 2004, 12:05:39 AM »

Benditup..............Yes, my pages load so slowly that I have to keep a game of solitare going to maintain my sanity.Grin  Sometimes I can finish a whole game before a page loads.  

Thank you for all of your help although system resources are still dropping inordinately fast.  Coulld this have anything to do with my using the IE5.0 browser?  After you telling me that you do not have a problem with it on your machine, I would like to upgrade but after reading all of the negative loopholes in it, I am paranoid.  .....................

Did you see anything in the Hijack This report that I could eleminate or disengage?(Besides my solitare).   ipix?(don't know what this is)----- aoldsl?(I am still on dial-up),-----PitStop?, -----Housecall?-----ShockWave Flash object?  

Does the Hijack Log report mean that those are the programs that load on start up and run in the background?  Is there a topic that would tell me what the Hijack This Reports tell you?
Logged

 
daisy15
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« Reply #11 on: October 23, 2004, 12:07:33 AM »

P.S......................All of the values in my registry Editor were set at 4.
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #12 on: October 23, 2004, 01:39:12 AM »

Personally, this is what I would do Daisy, I think I would take the chance and head over to Windows Updates and get ALL latest CRITICAL UPDATES AND SERVICE PACKS
Don't get the Recommended unless you want them

Don't try and install them all at once, Get the bigger downloads by themselves and Restart when prompted
Keep revisiting until you get them ALL
Ensure you shut down your AV when visiting Windows update, just to make sure there is no conflict with the updates and your Anti-Virus

This will definitely help to keep you more secure

I like using Mozilla Firefox on my systems as my browser
You may even want to give it a try--If you need a link and a hand with it, if you decide to install it, post back

I've never used AOL, so I'm not sure how many of their options you can disable on startup, I thought maybe that link I supplied you might help you out

I notice that you have taskmon.exe on startup
Here's what SysInfo has to say about it

Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)


I don't like using msconfig for disabling programs, on My 98 machine I use a small app. called Mike lin's startup Control Panel

You could disable it, and you could also use Diskkeeper lite
I may be able to find a link to it, if it's still around

Then there's Zone Alarm--if it's the free version, you could follow the directions for Uninstalling Zone Alarm from your system completely and installing the free version of Sygate Personal Firewall
From what I remember when I had ZoneAlarm installed and replaced it with Sygate my resources went up a bit
Not a big noticeable difference, but some
Logged

 
daisy15
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 22


Bookmark and Share

View Profile
« Reply #13 on: October 24, 2004, 04:01:09 AM »

benditup.....................I Don't know what we did right but my resources are holding at around 72% with my antivirus, T-Clock and firewall running. I haven't upgraded my browser yet but will do that now.

I sincerely appreciate all of your help!  I made a nice donation as this is the best source for computer knowlege that I have found anywhere.  I like the present format as it is easy to read and to navigate.  I only wish there were a search button so you could go right to your specific problem without having to guess and read.

Thanks again,
Daisy
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 05, 2019, 04:49:29 PM