11 replies to this topic

[suzannaski]

Howdy Thanks for your help with my spyware, and now I need help with hardware and software. Problem 1: I have a wirless network w/ a laptop & two desktops. I use a belkin wireless hub, and a cable modem from charter. I bought a belkin gateway router (w/ 4 non-wireless ports) and hooked it up. However, I keep losing my internet connection after about 5 min. this is true from each computer. FYI I also have kaspersky virus software, zonealarm firewall, spybot & ad-aware. I do not have the internet connection firewall button checked in network connections, and the settings for the internet are to find an IP address automatically. Problem 2: (this has existed since I bought the laptop) I can't see gifs or jpegs with IE, nor can I get active x to work, no matter what settings I have in internet options. I have downloaded all of the updates from windows. Another problem is with a login screen for a website; I can login fine using net passport, but it doesn't login, just stays at the login screen. I tried from my other computer and the passport works fine. So there's some stupid setting on my laptop IE that prevents me from actually logging in. I changed the cookie settings to allow all cookies but that didn't work.

[Crow]

geesh.. Might not be a bad idea to post a hijack this log on each computer, therefore eliminating the possibility of spyware/malware..etc. You said you cannot use ActiveX..? could you please elaborate a little more on that one? What I would do is turn all comp's off aside from one and run hijack this on it. Post it. (Fix if need be) ..turn that one off and go to the next.. and so on till you know for sure that all 3 are not infected. It could be possible for a virus or worm to spread to each computer.. hence.. turn them off and do one at time.

[suzannaski]

Hi
For the active X problem:
When I go to housecall.trendmicro.com and then click on "Scan now", after selecting a country, it tells me that my "current security settings prohibit running activex controls on this page. as a result, the page mey not display correctly" even though all the settings are set to enable. This problem probably was always there, because no matter waht my settings were to view web imamges, I couldn't view them, and still can't, most of the time.

For the router:
third computer (desktop) is shut off. problem goes away when router is disconnected and modem feeds into the hub.

HJT log for laptop with active x problem:
Logfile of HijackThis v1.98.0
Scan saved at 4:24:34 PM, on 6/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjtbeta\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\kav.exe /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab

[Crow]

Ok.. first lets download and scan with hjt version 1.97.. I am not sure as to when the beta will be final and better not to take a chance. Download the Current version here and rescan and post again.
Also you have dumped your DNS cache I assume..? That might be the reason it aint letting you view the page but I dont think 8its going to do anything for your activeX gates.. might try it though and see.. in the mean time would you mind posting another log please

[suzannaski]

I don't really want to go back to the old HJT because ChrisRLG told me to start using the version I have now. But, if it makes you feel better....
Logfile of HijackThis v1.97.7
Scan saved at 8:58:41 AM, on 6/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\kav.exe /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...B?38143.8940625
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab


I am not using Outpost firewall, and there is no direct way to clear the DNS history that I can find at this time with ZAP, but I have cleared my history, temp files and cookies (again) from IE internet options. If I forgot to mention it before, I've always had this problem on the laptop, so I don't think its a virus or spyware. I DO think it has to do with IE's settings not working properly.

[suzannaski]

Here's an update on IE: I double checked my security settings for activeX (again), and found that even though I uninstalled microsoft's jav VM, it still shows up in custom security levels. I cannot click on customize java settings, nor are there any of the registry entries for microsoft java. so why is it still showing up? I reinstalled sun java. IE is acting up (not downloading pages completely until I hit stop button) Has anyone else had this problem?

[suzannaski]

Me again- I found the soultion to part of the problem for activex: even though trendmicro.com was put into the trusted sites, aparently the actual scan gets downloaded from akamai.net. Hence, the security settings I had applied to trendmicro were not applied to the page with the scan. I still can't get rid of MS VM settings, tho'.

[Crow]

Well using the beta version of hjt isnt a bad thing... its just.. its beta, meaning it aint finished yet and Chris knows that. (I am surprised that Chris would say that though) is there any particular reason your trying remove to Microsoft VM..? Also just a suggestion, but if your going to remove anything it should be IE. Try Mozilla, Firefox..its compact, faster and more secure. Your log on that one is clean although this looks a little odd---> C:\Program Files\Common Files\Adobe\Web\AOM.exe Did you mean to put that there..?

[suzannaski]

Well, he did. you can check my thread at http://forums.tomcoy...=30
I am trying to remove MSVM because either spybot or tomcoyote recommended switching to sun. okay?
do you or anyone else know why the settings still show MS VM even though I have removed it correctly?
please, I am trying to run a business here, and kvetching isnt helpful. I Hope that doesn't sound mean, but I really need USEFUL replies.

[Crow]

As per..

Problem 1: I have a wirless network w/ a laptop & two desktops. I use a belkin wireless hub, and a cable modem from charter. I bought a belkin gateway router (w/ 4 non-wireless ports) and hooked it up. However, I keep losing my internet connection after about 5 min. this is true from each computer.

You could use a hub or switch to connect PCs to a cable or DSL MODEM if you want to pay your service provider a monthly fee for an IP address for each PC on the Local Area Network (LAN).

As per..

Problem 2: (this has existed since I bought the laptop) I can't see gifs or jpegs with IE, nor can I get active x to work, no matter what settings I have in internet options.

Do you see a carraige holder..? (that shows were the picture goes.. its a box with a red x in it).. I hate take up to much more of your time but this could be a number of things.. get rid of IE.. simple and as to the point as I can get.

As per..

Another problem is with a login screen for a website; I can login fine using net passport, but it doesn't login, just stays at the login screen. I tried from my other computer and the passport works fine. So there's some stupid setting on my laptop IE that prevents me from actually logging in. I changed the cookie settings to allow all cookies but that didn't work.

Again.. dump dns cache...if that doesnt work (and your sure you have entered the information correctly) I suggest you look to the "problems logging in?" option that most sites provide.

As per..

nor can I get active x to work, no matter what settings I have in internet options.

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab

ActiveX seems to work just fine


Now your VM problems.. Your VM didnt cause you not to be able to view certain extensions (mpeg's.. gif's) but removing it most certainly did not help anything. In doing so you may have removed the plug-in that IE uses in order for you to be able to view them. I suggest you go to SunJava and follow thier instructions on installing that platform. As far the usefulness of my answer to this part, I suggest reading this http://www.microsoft...n/news/jre.mspx

I understand it can be frustrating ok? I am simply trying to understand what it is exactly your wanting help with first. There are several different things that can cause each of your problems and the correct way to solve the problem is to start at the beginning...(i.e.troubleshooting) If none of this helps you then I aplogize for taking up your time. Also I did not imply that Chris DID NOT tell you that , just thats it odd that he would recommend a "beta" vesrion of HJT.
to anyuser..

[suzannaski]

Hi Yes, I had solved the activex problem earlier (see post 6/17/04 2:30pm) RE: login problem: I will try going back to the login page and look for a "problems logging in" link, but the tech support for that web page couldn't help when I called them. Maybe I'll try the MS .net passport website for help. I think I mentioned earlier that there is no clear way to "dump DNS cache" on this computer unless you mean to delete the cookies and temp internet files and then restart the computer, which I did. "dump DNS cache" when I researched it on google appears to be a term for Outpost firewall. So do you know what it would be for ZAP 5.0? RE: static IP: Higher monthly payments are not an option for me right now. RE: removing IE: why should I remove it when it works perfectly on the other machines? and yes, I do see a red x. On further research, I found that increasing the temp file folder size allowance helped. RE: VM The sun java VM is working fine, I just wanted to know why the settings won't go away in internet options for MS VM since I've removed it completely, reg entries included.

[Crow]

To flush DNS, click on start, run, type command and at the prompt type ipconfig /flushdns

IE is bulky, slow, and a security threat. Mozilla Firefox 0.9 (which by the way has just been released...I currently use ver.0.8) is faster and again... more secure. It enables you to use tabbed browsing (which is the greatest thing since sliced bread), it will load links in the background and, if you will check around some, you'll see that mozilla is the preferred browser of most users here, SWI (spywareinfo), NI (Net Integration). If increasing your temp file folder size is something you have done or need to do then I highly suggest you try mozilla..

As fas as the settings of M$'s VM still being there, I dont know why that would be. You might read this here, maybe will have some reasoning. http://www.microsoft...n/news/jre.mspx