TheTechGuide Forum
General Category => Tech Clinic => Topic started by: meelox on January 09, 2006, 02:36:23 AM
-
Guestolo,
I tried to reply in the last thread but it would not let me....
I could not post entire host file ... only about 1/8 of it.
my keyboard actsasthough i have a keystroke logger on it.
I have removed google tool bar... I thought that might be the problem. Still not acting right.
It wont space sometimes and delay in backspace deleting.
Here is my uninstall list
1st Page 2000 2.00 Free
ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Acrobat 5.0
Adobe Acrobat Reader 3.02
Adobe ActiveShare 1.3.1
Adobe PhotoDeluxe Home Edition 4.0
Adobe Type Manager
CleanUp!
Digital Photo Resizer
EasePhoto Image Resizer 2.6.2
ENSONIQ AudioPCI
EPSON Copy Utility
EPSON EIC CX5400
EPSON Photo Print
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON USB Printer Devices
HijackThis 1.99.1
HP Deskjet 3900 series
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Solution Center & Imaging Support Tools 5.0
Internet Explorer Q905915
Java 2 Runtime Environment, SE v1.4.2_06
Macromedia Shockwave Player
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Outlook Express 6
Microsoft Picture It! 2.0
Microsoft Publisher 98
Microsoft VGX Q833989
Microsoft Windows Critical Update Notification
Microsoft Works 4.5
Microsoft Works Calendar 1.0
Microsoft Works Setup Launcher
Mozilla Firefox (1.0)
Nero Express
Outlook Express Q837009
QuickTime
RealPlayer
ScanToWeb
Shockwave
Spybot - Search & Destroy 1.3
Web Album Generator 1.6.5
Windows 98 KB891711 Update
Windows 98 KB896358 Update
Windows 98 Q823559 Update
Windows 98 Q840315 Update
Windows 98 Q888113 Update
Windows 98 Q890175 Update
Windows Media Player system update (9 Series)
WinZip
XnView 1.68.1
ZoneAlarm
-
Not sure what's going on, I saw your other post
Can you do the following please
Open Spybot>>Click on MODE>>Advanced Mode>>Yes to the prompt
Select TOOLS on the bottom left
Then select Host file
On the right hand side select >>Remove Spybot s&d hosts list
Close Spybot
Access your Add/REmove programs via control panel
Uninstall Spybot 1.3
Reboot your computer
Back in Windows
Download Hoster.zip (http://\"http://www.funkytoad.com/download/hoster.zip\") and save it to your Desktop.
UNZIP the contents to your desktop or folder
Locate the Hoster folder , open it and double click on Hoster.exe
Click on Restore Original Hosts
In the confirmation window, click on OK.
Download and Install Spybot 1.4 from
HERE (http://\"http://www.download.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button\")
or HERE (http://\"http://www.safer-networking.org/en/download/index.html\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer to finish any cleaning process
Do the above after every update
I don't see any Anti-Virus on your computer
Use Internet Explorer and Run the online Panda ActiveScan (http://\"http://www.pandasoftware.com/products/activescan?NRMODE=Published&NRORIGINALURL=%2factivescan.htm&NRNODEGUID=%7b3B202047-35D4-4DA2-B310-B1DBEC2971F2%7d&NRCACHEHINT=Guest\")
* Once you are on the Panda site click the Scan your PC button.
* A new window will open...click the big Check Now button.
* Enter your Country.
* Enter your State/Province.
* Enter your e-mail address.
* Select either "Home User or Company."
* Click the big Scan Now button.
* Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
* Click on Local Disks to start the scan.
When the scan is complete
click See Report, then click Save Report and save it to your Desktop.
Post back the following please
1. Post back a fresh hijackthis log
2. Post the full report from Panda's
-
GUestolo thank you so much for helping! Here are thte things you asked for and I followed your directions!
Logfile of HijackThis v1.99.1
Scan saved at 10:45:02 PM, on 1/10/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
Incident Status Location
Possible Virus. Not disinfected C:\WINDOWS\SYSTEM\ZONELABS\SRESCAN.DLL
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/adurl Not disinfected C:\WINDOWS\icont.exe
Adware:adware/downloadware Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND
Adware:adware/wintools Not disinfected Windows Registry
Dialer:dialer.b Not disinfected HKEY_CLASSES_ROOT\Interface\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB}
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Tucows Not disinfected C:\WINDOWS\Cookies\harris@tucows[2].txt
Spyware:Cookie/Yadro Not disinfected C:\WINDOWS\Cookies\harris@yadro[1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\harris@com[2].txt
Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Cookies\harris@xiti[1].txt
Spyware:Cookie/go Not disinfected C:\WINDOWS\Cookies\harris@go[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\harris@belnk[1].txt
Spyware:Cookie/360i Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\harris@cliks[1].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Cookies\harris@xiti[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Target Not disinfected C:\WINDOWS\Cookies\harris@target[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\harris@burstnet[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Ccbill Not disinfected C:\WINDOWS\Cookies\harris@ccbill[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\WINDOWS\Cookies\harris@kinghost[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\Cookies\harris@rn11[2].txt
Spyware:Cookie/Btgrab Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\Cookies\harris@offeroptimizer[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Apmebf Not disinfected C:\WINDOWS\Cookies\harris@apmebf[2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\harris@com[3].txt
Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\zo0xnotp.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\zo0xnotp.default\cookies.txt[.com.com/]
Spyware:Cookie/HotLog Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\zo0xnotp.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\zo0xnotp.default\cookies.txt[.tribalfusion.com/]
Possible Virus. Not disinfected C:\WINDOWS\SYSTEM\ZoneLabs\srescan.dll
Possible Virus. Not disinfected C:\WINDOWS\SYSTEM\ZoneLabs\zlsreupd.zip[srescan.dll]
Spyware:Cookie/2o7.net Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\zo0xnotp.default\cookies.txt[]
Possible Virus. Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1015.dll
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.16\HDPlugin1015.dll
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Tucows Not disinfected C:\WINDOWS\Cookies\harris@tucows[2].txt
Spyware:Cookie/Yadro Not disinfected C:\WINDOWS\Cookies\harris@yadro[1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\harris@com[2].txt
Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Cookies\harris@xiti[1].txt
Spyware:Cookie/go Not disinfected C:\WINDOWS\Cookies\harris@go[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\harris@belnk[1].txt
Spyware:Cookie/360i Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\WINDOWS\Cookies\harris@cliks[1].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Cookies\harris@xiti[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Target Not disinfected C:\WINDOWS\Cookies\harris@target[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\harris@burstnet[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/Ccbill Not disinfected C:\WINDOWS\Cookies\harris@ccbill[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\WINDOWS\Cookies\harris@kinghost[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\Cookies\harris@rn11[2].txt
Spyware:Cookie/Btgrab Not disinfected C:\WINDOWS\Cookies\[email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\WINDOWS\Cookies\harris@offeroptimizer[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Cookies\[email protected][1].txt
Spyware:Cookie/Apmebf Not disinfected C:\WINDOWS\Cookies\harris@apmebf[2].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\harris@com[3].txt
Spyware:Spyware/CouponAge Not disinfected C:\WINDOWS\InstallEx.exe
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Uninstall Need2Find Bar.dll
-
Find any of these file and delete them please
Then run Windows CleanUp!
Reboot the computer
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\icont.exe
C:\WINDOWS\InstallEx.exe
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll
C:\Program Files\Uninstall Need2Find Bar.dll
Let me know what you couldn't delete later
-
I deleted all of them ... Now what?
Meelox
-
I need you to disable Spybot's TeaTimer until after we are done here
It may, and probably will interfere with any fixes we try
Open Spybot>>Click MODE>>Advanced mode
Ok the prompt
Click on TOOLS in the bottom left>>Then click Resident
Uncheck only "Resident TeaTimer" on the right hand side
Allow the change and then close Spybot
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg
Save this file on the desktop
Ensure to save from REGEDIT4 and down in code box
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\NEED2FIND]
[-HKEY_CLASSES_ROOT\Interface\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB}]
Double click on fix.reg and allow to add/merge to the registry
Open Hijackthis>>Open Misc tools section>>Open Delete File on Reboot
In the file name, copy and paste the following full path to the file name below in bold and click OPEN
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1015.dll
Hijack this should prompt you the file will be delete on Reboot, don't reboot yet
Instead, do the same thing for this entry
C:\WINDOWS\Downloaded Program Files\CONFLICT.16\HDPlugin1015.dll
This time allow the computer to reboot
Back in Windows
Download and Install Avast Home Edition by ALWIL (http://\"http://www.avast.com/eng/down_home.html\")
Once installed, ensure it is updated and allow it to run a full system scan
Let it clean what it finds
When it's done, reboot the computer again
Come back here and post another hijackthis log and let me know how things are running
-
I could not get the AVAST to work correctly, until I disabled ZONE ALARM...
Zone Alarm warned me that Distrubitor.com is trying to act as a server...(I think that had something to do with Avast' registration)
I disable ZA and avast let me register I am running the scan now.
I may have to post to you tomorrow as to how things are running it early am here and I need to get rest.
But I need to know tonight if I Should I get rid of ZONEalarm
now that I am running AVAST?
By the way AVAST told me "OUT-LOUD" (scared me to death..) that I have a virus from ACTIVESCAN. I tried to get rid of it but it would not do it ... so i chose repair and I don't really know what it did with it but it took it.
Thank you .... you are smart man.
-
I amnot sure if this avast program is running properly, it's very slow..and it said I have two virus files but when with errors(?) It does not give me any actions to take when I clicked on the box anywhere the box dissappears and I can't get back to it. I don't see anywhere to set it to scan my email. Will try it out for the rest of the day and let you know.
Meelox
-
I have a virus from ACTIVESCAN
Don't worry about that message, it's a false positive
You can go into add/remove programs and uninstall if found
Panda's
Avast comes with about 6 different scanners, it's an Anti-Virus software
You may not need all scanners running
Do you use any chat clients and exchange files with anyone?
Do you use file sharing programs, such as Limewire?
Do you use Outlook<--Don't confuse this with Outlook Express
ZoneAlarm is different than avast, zonealarm is a firewall
What version of zonealarm do you have, what tools came with it besides a firewall?
-
I did the about in ZA... this is what it said:
ZoneAlarm version:6.1.737.000
TrueVector version:6.1.737.000
Driver version:6.1.737.000
On my main Page of ZA I Have:
Firewall
Program control
Anti-virus monitoring
E-mail Protection
Alert & Logs
I don't use Chat programs.
I use FTP program ACEftp to upload to my web pages.
I have started up my e-bay auctions again, and last year when I had all of this nonsense happen. It was after spending time on e-bay. I get that double-click thing going on in e-bay.
I just want to make sure my computer is secure enough that I can use paypal and not worry that someone can hack into my account.
Am I just being over "high tech" nervous here?
When you helped me last year we place SYGATE and AVG on my machine... but one of the two kept hanging up explorer, I dealt with that for a while and I stopped them both and got the ZA firewall, and reinstalled AVG. Explorer still hung up... so I stopped the AVG ... Last week I installed AVG again and once again explorer hung up.
Although I have not spent much time on the computer today, so far it seems to be working good with Avast and ZA together. My typing problem has gone and Programs and web pages load much faster.
I have also removed the google tool bar, and deleted the BHO file in my registery. I hope that is okay to do.
-
did you get my last post?
-
Avast is a good scanner, I would hold onto it
As mentioned, you may not need all the scanners running
Definitely leave Standard shield and Internet Email scanners running
Even though you don't see it running, it should be protecting your email
You can right click the Avast icon by the clock and left click On Access protections
Click on Details
You don't appear to need the Instant messenger scanner running, you can Terminate it
P2P scanner>>If you don't need it Terminate it
Network shield>>Terminate, You have Zone Alarm which is a complete Firewall, and will do the same as this shield
Remember, Avast is NOT a Firewall
Outlook/Exchange scanner>>If you only use Outlook Express and don't use Outlook, you can Terminate
I would leave Autoupdates set in preferences, it will run after a specified time, usually on boot up
That should help on some resources
You look good to go
Here's some more info
http://www.avast.com/eng/avast_4_home.html (http://\"http://www.avast.com/eng/avast_4_home.html\")
-
Thank you so much for your help!
My computer would not shut down last night, I don't know if that is going to be an ongoing problem but if it does. I will be back.
Thank you... I want to donate but have nothing to donate at this time ...give me a month and let me get my ebay going and I will donate to you then.
I owe you so much, you are such a great help!!!!!
Meelox
-
Can you try the following please, let's make sure this isn't applicable
Go to start>>run>>type in
msconfig
Hit OK
Under the General tab>>Click on the ADVANCED button
Put a tick in "Disable Fast Shutdown" if it is present
OK out of there, you may get a prompt to restart the computer
See if that helps