|
PC up and runnig no task bar but vivamex and zinblog still hanging around pls help
|
|
|
tino2003
Junior Member
|
5. May 2007 @ 16:09 |
Link to this message
|
|
You instructions......
Reboot your computer into Safe Mode (use the F8 method, it is easier). When you have started up in Safe Mode, double-click on FixReg to run the file.
Open Regedit via Start > Run or C:\Windows\regedit.exe. Double-click on HKEY_LOCAL_MACHINE. Then:
It is not there to click on.
|
|
Advertisement
|
|
|
|
Member
|
5. May 2007 @ 16:16 |
Link to this message
|
|
Regedit and HKEY_LOCAL_MACHINE are different things. HKEY_LOCAL_MACHINE is a folder in Regedit. Go to Start > Run and type Regedit. Press enter. If you cannot do this, open My Computer. Go to the C drive, and double click on the WINDOWS folder. Regedit should be there. If not, then report back to me.
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
tino2003
Junior Member
|
5. May 2007 @ 20:02 |
Link to this message
|
|
Yes, it is there.
|
Member
|
6. May 2007 @ 08:11 |
Link to this message
|
|
Then do the steps that I told you before :)
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
tino2003
Junior Member
|
6. May 2007 @ 11:03 |
Link to this message
|
|
Sept #4 Click on "Current Version
Step #5 Click on "Run" is not there.
Clicking on Current Version brought up "Ëxplorer".
clickiing on Explorer brought up "Browser".
|
Member
|
6. May 2007 @ 11:43 |
Link to this message
|
Do the other steps and post a fresh HijackThis log. Ignore that for now.
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
tino2003
Junior Member
|
6. May 2007 @ 13:45 |
Link to this message
|
|
Fredil, isn't that the reason we are at this point because the other steps did not have the links to go forward?
|
|
tino2003
Junior Member
|
9. May 2007 @ 06:10 |
Link to this message
|
|
Fredil I was getting paranoid from all this and had to take a break. I am refreshed now. Can you give me the dates of the steps you are referring to?
|
Member
|
10. May 2007 @ 13:45 |
Link to this message
|
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
scorpNZ
AfterDawn Addict
4 product reviews
|
10. May 2007 @ 14:38 |
Link to this message
|
All hp machines come with two partitions the small FAT32 partition contains your system recovery options,on boot up do you see at bottom of screen this wording F10-RECOVERY OPTIONS there is also this in the program files list "PC HELP & TOOLS" both are used to give 3 types of recovery
1-system restore
2-system recovery but leaves folders of 3rd party software intact but will still need to be re-installed
3-destructive system recovery=full reformat
look in your comps manual or the help section in the programs list for recovery options if pushing F10 on boot does'nt work,or go to HP's website for your comp and look up "how to" perform system recovery so it's back to factory shipped condition
my advice do a full destructive reformat you can also get a free cd of SP2 from microsoft to save downloading it thru auto updater,save anything you need to rom or external hdd,any emails that contain attachments should be deleted unless you can run them in sanboxie or in a virtual partition in case they are responsable for original infection,when reformatt is finished make sure you have firewall enabled go directly to microsoft update and DO NOT LEAVE untill the comp is completely updated after numerous restarts as per instruction from update site,then go get antivirus AVG is free,then go get "spyware terminator" ad-ware real time scanner it's free also.
PS: @ Fredil you've done your best but it seems tino is more a beginner in computer stuff as the instruction you've given should've fixed it in your first few posts it's now been x amount of days as well
regards
scorp
|
|
tino2003
Junior Member
|
10. May 2007 @ 15:37 |
Link to this message
|
|
Yes Scorp, you can cay that haha. I am a beginner because I am not involved in pc repair. It was ok when it was MS DOS but since Windows was created I got left behind hahaha. I execute my searches, respond to emails etc that's it. I know how to do a system restore but cannot risk losing any anything, I have too many importment website favorites to use any type of system restore. But thanks very much for your help.
|
|
tino2003
Junior Member
|
10. May 2007 @ 15:45 |
Link to this message
|
|
Gredil, I will retry everything you gave me over the weekend when I am not so busy. I think your last instruction gave me an inkling of what I am looking for.
Thanks
|
|
scorpNZ
AfterDawn Addict
4 product reviews
|
10. May 2007 @ 22:18 |
Link to this message
|
Anything you want to keep can be burnt to a cd or dvd,preferably a cd-rw or DVD-RW
System restore & system recovery are two different things and should not be confused,a system restore only reverts to a restore point to a previous time or day and nothing is lost (imo it's a waste of hdd space...lol..),a system recovery wipes the hdd clean i.e reformat
When you get the comp back in order go to tech republic and sign up, also sign up for the following emails from them, this will put you on the road to teaching yourself about xp and any other computers,you'll find numerous articles can be downloaded and saved,for small screenshots of tips use mwsnap it's a free screen capture software,there's heaps of other downloads at download.com or freewarefiles.com or major geeks
ok at tech republic sign up for these,don't argue or i'll come over and kick your ass :p
daily digest
IT News Digest
windows xp
below is a link to a stack of useful tips from pc mechanic,just search thru the links at left side of page and use the screen capture utility to make captures of any area with the mouse
http://www.pcdailytips.com:80/
Lastly invest in another hdd you can use norton system works professional 2004 or just get norton ghost or use acroins true image,these softwares are for copying your original hdd to a new one,which means you can have a complete backup of your system,simply switching hdd's can have you back up and running in seconds if the first hdd turns to custard as has happened,using this method to copy a hdd of 100GB's of data will take less than an hour ,ok below is a link to a site that specialises in ghosting or more correctly "drive imaging" http://radified.com/cgi-bin/yabb2/YaBB.pl
This message has been edited since posting. Last time this message was edited on 10. May 2007 @ 22:34
|
|
tino2003
Junior Member
|
10. May 2007 @ 23:29 |
Link to this message
|
|
I will work on that, thanks.
|
|
tino2003
Junior Member
|
12. May 2007 @ 12:14 |
Link to this message
|
|
ScorpNZ thanks. That is too technical to save to cd or dvd I would have to read up on instructions to refresh my memeory. When I first both the machine I was excited about writing to CD and DVD but I got involed in the mortgage industry and have been trying to be successful with that. Now I don't have time to read up on all that stuff. What I am getting from Fredil I can cope with. I gave you my excuse please don't come kick my ass? lol.
|
|
tino2003
Junior Member
|
12. May 2007 @ 17:42 |
Link to this message
|
Fredil, I don't know if this is important but after runnig HijackThis
the line RO-HKCU\software/Microsoft\Internet explorer\Main,Start Page = Http://zinblog.com? I highlight it and click "info" on the HijackThis page.......this is what I cam up with. Maybe you will find something in there
* HijackThis v1.99.1 *
Written by Merijn - merijn@spywareinfo.com
http://www.merijn.org/files/hijackthis.zip
http://www.merijn.org/index.html
See bottom for version history.
The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
Command-line parameters:
* /autolog - Automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* Version history *
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
* Added O23 (NT Services) in light of newer trojans
* Integrated ADS Spy into Misc Tools section
* Added 'Action taken' to info in 'More info on this item'
[v1.98]
* Definitive support for Japanese/Chinese/Korean systems
* Added O20 (AppInit_DLLs) in light of newer trojans
* Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
* Added O22 (SharedTaskScheduler) in light of newer trojans
* Backups of fixed items are now saved in separate folder
* HijackThis now checks if it was started from a temp folder
* Added a small process manager (Misc Tools section)
[v1.96]
* Lots of bugfixes and small enhancements! Among others:
* Fix for Japanese IE toolbars
* Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
* Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
* Added several files to the LSP whitelist
* Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
* All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
* Added a new regval to check for from Whazit hijack (Start Page_bak).
* Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
* New in logfile: Running processes at time of scan.
* Checkmarks for running StartupList with /full and /complete in HijackThis UI.
* New O19 method to check for Datanotary hijack of user stylesheet.
* Google.com IP added to whitelist for Hosts file check.
[v1.94]
* Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
* Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
* Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
* Fixed a bug where DPF could not be deleted.
* Fixed a stupid bug in enumeration of autostarting shortcuts.
* Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
* Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
* Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
* Added mclsp.dll (McAfee), WPS.DLL (Sygate firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
* Fixed a bug in LSP routine for Win95.
* Made taborder nicer.
* Fixed a bug in backup/restore of IE plugins.
* Added UltimateSearch hijack in O17 method (I think).
* Fixed a bug with detecting/removing BHO's disabled by BHODemon.
* Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
* Fixed two stupid bugs in backup restore function.
* Added DiamondCS file to LSP files safelist.
* Added a few more items to the protocol safelist.
* Log is now opened immediately after saving.
* Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
* Updated integrated StartupList to v1.52.
* In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
* Rudimentary proxy support for the Check for Updates function.
[v1.91]
* Added rd.yahoo.com to the Nonstandard But Safe Domains list.
* Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
* Added listing of programs/links in Startup folders (O4).
* Fixed 'Check for Update' not detecting new versions.
[v1.9]
* Added check for Lop.com 'Domain' hijack (O17).
* Bugfix in URLSearchHook (R3) fix.
* Improved O1 (Hosts file) check.
* Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
* Added AutoConfigURL and proxyserver checks (R1).
* IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
* Added check for extra protocols (O18).
[v1.81]
* Added 'ignore non-standard but safe domains' option.
* Improved Winsock LSP hijackers detection.
* Integrated StartupList updated to v1.4.
[v1.8]
* Fixed a few bugs.
* Adds detecting of free.aol.com in Trusted Zone.
* Adds checking of URLSearchHooks key, which should have only one value.
* Adds listing/deleting of Download Program Files.
* Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
* Improves detecting of O6.
* Some internal changes/improvements.
[v1.7]
* Adds backup function! Yay!
* Added check for default URL prefix
* Added check for changing of IERESET.INF
* Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
* Fixes Runtime Error when Hosts file is empty.
[v1.6]
* Added enumerating of MSIE plugins
* Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
* Adds 'Uninstall & Exit' and 'Check for update online' functions.
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
[v1.3]
* Adds detecting of extra MSIE context menu items
* Added detecting of extra 'Tools' menu items and extra buttons
* Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
* Adds 'Ignorelist' and 'Info' functions
[v1.1]
* Supports BHO's, some default URL changes
[v1.0]
* Original release
A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.
I proceeding.
|
Member
|
12. May 2007 @ 17:44 |
Link to this message
|
|
Bleh. All useless. I know all that :)
Continue, and may luck be with you :)
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
tino2003
Junior Member
|
12. May 2007 @ 21:40 |
Link to this message
|
|
Fredil, I do know know what you are referring to but I just completed all the previous steps and zinblog is still there. I found the "Run"icon is safe mode and after rebooting it it is not available for use.
Here is what i found after your last instruction to run i safe mode.
HKey_LOCAL_MACHINE
ACPI
DSDT
KM400
AWRDACPI
000010
That's is no RUN click on.
|
|
scorpNZ
AfterDawn Addict
4 product reviews
|
12. May 2007 @ 23:30 |
Link to this message
|
|
OK so what your saying is that in safe mode when you click on the start button the "RUN" command is listed but when rebooting it is no longer there ?? OK left click on start button,once the popup appears right clik on any open space,(a popup should appear called "properties" using left clik, clik on it,ok you should be looking at a window that has two tabs assuming your using the XP STYLE START MENU
Below the picture there are two options to change the style of windows,assuming you have not touched anything then clik on the button to the right that says CUSTOMISE (the one that's not greyed out),in the next window that appears clik the ADVANCED tab, this area comes in handy put a tick to all the boxes that say "DISPLAY AS MENU" while your at it look for RUN COMMAND and put a tick in it's box,clik OK on the window (it will disappear)then clik APPLY on the window that is still showing then clik OK,now RUN will show in the list when you clik on the start button.
IF you followed above instructions in regards to "DISPLAY AS MENU" it made a small change, to see it's effects drag your mouse and hover over MY DOCS,MY COMPUTER,CONTROL PANEL,MY PICTURES,MY MUSIC ,it's a bit weird at first but once you get used to it you'll find it handy
This message has been edited since posting. Last time this message was edited on 13. May 2007 @ 00:09
|
Member
|
13. May 2007 @ 07:30 |
Link to this message
|
|
No, it's not that, Zinblog and Viva TermeX both disable the Run and Regedit functions.
However, try that anyways. I will see what I can find.
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
tino2003
Junior Member
|
13. May 2007 @ 10:54 |
Link to this message
|
|
Completed everything using the tick in each DISPLY AS MENU. RUN was not anywhere. However I was doing some exploring on my own and found a command prompt in as C:\ the MS DOS command script. I located it by clicking the START and under ACCESSORIES. Can that be it?
|
|
scorpNZ
AfterDawn Addict
4 product reviews
|
13. May 2007 @ 11:27 |
Link to this message
|
|
Yes using command prompt will do the same thing & brings up the regedit,just type regedit then hit the enter button on the keyboard,you should now be looking at the registry editor window
|
|
tino2003
Junior Member
|
13. May 2007 @ 12:10 |
Link to this message
|
|
Fredil, after I posted the previous message and came back here I had to use the START button. The MS DOS C:\ command prompt is there exactly as is written here> "C:\ command prompt".
|
|
tino2003
Junior Member
|
13. May 2007 @ 12:12 |
Link to this message
|
|
Fredil, after I posted the previous message and came back here I had to use the START button. The MS DOS C:\ command prompt is there exactly as is written here> "C:\ command prompt".
The registry is available but no "zinblog" can be found or "RUN" command.
|
|
Advertisement
|
|
|
|
scorpNZ
AfterDawn Addict
4 product reviews
|
13. May 2007 @ 15:36 |
Link to this message
|
Originally posted by tino2003:
Fredil, after I posted the previous message and came back here I had to use the START button. The MS DOS C:\ command prompt is there exactly as is written here> "C:\ command prompt".
The registry is available but no "zinblog" can be found or "RUN" command.
RUN is nothing more than a way to get to REGEDIT,the other way to get to the REGEDIT is thru the COMMAND PROMPT ,if you are using the command prompt you do not look for RUN nor do you need it,just do as i said earlier,open the COMMAND PROMPT,you should be looking at a window that is DOS,assuming your logged in as administrator,you should see a flashing _ ,all you need do now is type REGEDIT (lower case is ok) ,another window will open with two columns the left column is the folder tree and should be listed like this
MY COMPUTER
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
OK if you see the above in an open window,you have achieved what fred was trying to get you to do with RUN so at this point RUN is not needed as you bypassed it,you now need to go back to freds earlier post (number 19) & follow those instructions and any others that say you need to go into HKEY,basicly cliking on the boxes to the left of the wording HKEY,will expand the tree,
So clik on the boxes HKEY_CURRENT_USER & HKEY_LOCAL_MACHINE,both should now be expanded and show more folders in alphabetical order,you need to scroll down to the SOFTWARE folder & expand that and follow freds instructions.
REMEMBER YOU DO NOT NEED TO LOOK FOR RUN AS YOU ARE USING THE COMMAND PROMPT
This message has been edited since posting. Last time this message was edited on 13. May 2007 @ 15:58
|
