Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

adware issues?[RESOLVED]


  • This topic is locked This topic is locked

#16
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Justiceforall,

I am glad you have control of the desktop now. There are still some other things we need to fix. You can check if there are more than one user on the computer by going to start, shutdown and then logoff or logout. If only one user is listed then you are safe. You can right click on shortcuts to delete them on your desktop, maybe that option will come back as we finish cleaning up your system. Certain things like the Recycle Bin cannot be deleted. Try creating a shortcut to a game or a document on your desktop, and see if you get the option to delete it.

Actually after looking at the log, it is fairly clean.

Please download "Del Domain" from here:

http://www.geekstogo...=download&id=40

Download it to your desktop or somewhere you will find it. Extract the .inf file from the .zip file you just downloaded.

Reboot your computer into safe mode. To do this restart your computer and press F8 while the computer is starting up. This will give you a menu with the option to boot into safemode.

Now right click "Deldomains.inf" and click "Install". It will not appear to have done anything, thats ok. Next step.

Reboot your computer normally. You may run any antispyware programs that you want to run. Fix anything that pops up, and let me know if there is something you cant fix.

Once this log is totally clean, I will post a list of programs and instructions that you can use to keep your computer clean in the future.

Once you do the above, please post a new HiJackThis log for me to look at.

And, congratulations on passing the Bar Exam, thats a true accomplishment! :tazz:
  • 0

Advertisements


#17
justiceforall

justiceforall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Justin... i found no other "users" using the method you told me about... however, when i reboot into safe mode it gave me the option of "administrator" or "owner". is that two different users or just the way the computer is set up? anyway, i clicked on owner.

i am having the same issue as before. first, i saved the deldomain zip file to my desktop. when i went to extract the deldomain.inf file it only had the option to extract "all files" which i did. i only got one file titled "deldomain"... which i saved to my desktop. i think that is the .inf file because when i open it (it appears as a "note pad" doc.) it is titled deldomain.inf.

please note though that when i rebooted into safe mode per your intructions i could not right click on the newly created shortcut on my desktop to "install". (or in regular mode). i tried to get to it via "my computer", "desktop", and then to delmonain file... but still no option to intall... just open. and again, it opens up into what looks like a "note pad" doc. is that what you meant by "it will not appear to have done anything"?

please advise... thanks

j


PS ... i'm signing off for tonight... i'll check on the log tomorrow... thanks

Edited by justiceforall, 30 May 2005 - 09:54 PM.

  • 0

#18
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Justice,

When you open deldomain, does it open and the close quickly?
  • 0

#19
justiceforall

justiceforall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
no... it just opens up into what looks like that notepad doc?
  • 0

#20
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Justice,

Post a new hijackthis log for me to look at nd ill see if it fixed what it was supposed to. If it didnt, ill get you a new link to the file.
  • 0

#21
justiceforall

justiceforall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
hi Justin... here is a fresh hijackthis log... good luck...

Logfile of HijackThis v1.99.1
Scan saved at 2:23:30 PM, on 5/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Desktop\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.knology.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - Startup: file[1].exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {1B16AE9F-9084-4B4C-A4BF-D85179035C63} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1B16AE9F-9084-4B4C-A4BF-D85179035C63} - (no file) (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 64.62.171.156
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115075527562
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#22
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
justiceforall,

First, make sure that you are right clicking on deldomains.inf on your desktop. If you are right clicking on it, and you still do not see the install option, follow the instructions below. But if you right click on it and see the install option, click that and skip the rest.

Right click anywhere on your desktop, and tell me if you see "properties"

If you do see properties, stop here and let me know.

If you no NOT see the properties menu, go on.

Go to start, control panel. Then click on display properties.

Click on the desktop tab, and then customize my desktop.

Click on the web tab, and make sure nothing is checked under the web tab.

In order for deldomains to work, we need to make it so your desktop is not an active webpage.

Once you do this, try running deldomains again, and let me know what happens.

Edited by Jfcap, 31 May 2005 - 01:01 PM.

  • 0

#23
justiceforall

justiceforall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Justin,

no change... i followed your intructions and nothing. same result... when i right click nothing... but when i double left click it opens up into that "notepad" doc.

J
  • 0

#24
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Justice,

If your not in a hurry, join our live chat and we can work this issue out now and get it finished.

Live Chat

if that link doesnt work, you can find the live chat link at the top of the page on the right.
  • 0

#25
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Justice,

Noticed that your not online now, so ill tell you what I was going to say.

I asked around, and if your not getting the install option, you either did not extract the file o your desktop, or you are right clicking on the zipped version of the file.

Make sure you are clicking on what you unzipped and not the zip file itself.
  • 0

Advertisements


#26
justiceforall

justiceforall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
hello Justin... sorry... i was away spending time with my nephew...

let me explain in detail what i've done...

first, i clicked the link you provided and it immediately asked if i wanted to run or save the program. i chose save... and saved it to my desktop. the file was a zip file.

second, i double click on the zip file (from the desktop) and it takes me to the option to extract "all files". no option to extract any specific file.

third, the microsoft program to unzip begins and i have to click through various questions like where i want to save it and what i want to name the new file.

fourth, i save the unzipped file independantly named "deldomain" to my desktop. at this point i can not right click on the newly created icon. (the only exception is if i drag it a bit and that gives me various "shortcut" options) there is no option to install. at this point i tried two things... one, simply left double click the icon which opens up what i have been calling the one page "notepad" type doc. at that point, it is my fist indication that the file is called "deldomain.inf" as it is titled in the "notepad" type doc; OR two, i go through "my computer", to "desktop" and try the right click on the "deldomain" file. nothing happens. no option to "install". so if I double left click... the same thing happens that i described above when i double left click directly from the desktop.

:tazz:

hope that helps...

thanks,

JusticeForAll

Edited by justiceforall, 31 May 2005 - 07:22 PM.

  • 0

#27
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Justiceforall,

first, i clicked the link you provided and it immediately asked if i wanted to run or save the program. i chose save... and saved it to my desktop. the file was a zip file.


Not sure if this will make a difference, but when it asks you, tell it to run the program. Then unzip it. Maybe that will work.

If that works and you get the install option, go ahead and click install then post a new hijackthis log for me.

If it does not work, let me know and ill ask around some more.
  • 0

#28
justiceforall

justiceforall

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Justin,

actually the options were open or save... so i tried to just open it. the result was the same except that the zip file did not save.... only the unzipped file saved when i went through the process of unzipping. same result... not able to right click. that goes for all the icons on my desktop... not just the deldomain file.
  • 0

#29
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Justice,

Arg, that confuses me, give me a bit and ill ask around.
  • 0

#30
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Justice,

Some other helpers came up with an idea.

Reboot into safe mode, and log in under admin, not owner.

Then try to right click on deldomains.inf and select install.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP