Multiple problems logs attached

[drneves7]

Well for starters I noticed the machine is running slower than usual. It is also not shutting down properly. Third but not last lol the wireless connection will only stay connected for a short while then I lose my connection. I have tried the connection on two different routers I have.

I also tried to uninstall my old java programs and it will not let me. I went into into services.(what ever it is) there was nothing for java in there. I also can not uninstall Zone Alarm completely.........

Thanks for any help you can offer.
Dominic

All logs attached now

 

[Kazi]

After all scans, is your comp doing any better?

Please download ATF cleaner OR ccleaner

ATF - http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25

ccleaner - http://www.ccleaner.com/download ( click on alternative download)

Run, if using ATF

Select all and remove

If you use firefox, click on firefox tab and then
remove all. If you want to keep your passwords, click no at the prompt

For CCleaner

Close all browsers.
Run the program and make sure all the boxes are ticked under the Windows and Applications tabs, including "Advanced" tabs(except for the Old prefetch Data option, this should be unticked)
Click the run cleaner button.
Do this at least twice.



Try these stuff with a different computer.

If you are afraid that it will get infected, pull the infected one out of the lan and then try

 

[mflynn]

Hello drneves7

You do not uninstall Java from services. Conrtol Panel Add/Remove programs. If there are any Java there uninstall all but the latest.

If as you say you can't uninstall then do the below. If you do have unknown issues the the below may not work either.

Clean and update Java
Cleanup old Java and update to newest version this program will do it all for you.

Download JavaRa http://prm753.bchea.org/JavaRa.html

Unzip it, run it, to update chose Jucheck (Suns updater) first, and if you do not have Jucheck then chose Update using Sun.

After update chose Cleanup old versions. Give it a minute and after it pops up the log file you will see what it removed.

Then click "Additional tasks" and check "remove Useless JRE files and Remove JavaRa log files.

After that run Search for Updates again to confirm you are up to date.
After that run remove older versions again. This time the Log file should be empty.

I will post in a separate post a cleanup for ZA that is likely your problem.

Mike

 

[mflynn]

You probably should print this!

----------------------------------------------------------------------------------------------------------------------------------
The order here is important so stay with the order presented

1. We must uninstall the entire suite to do this
2. so turn off disable every thing you can within ZA Firewall and Antivirus
3. Run Msconfig and uncheck all ZA items.

4. Download extract Autoruns http://live.sysinternals.com/autoruns.exe
run it click the Everything Tab.

Go slowly down the list watch for anything not microsoft.
Find any line pertaining to ZA Zone labs etc,rt click that line and delete it!

5. Reboot

6. If there is an entry in Add/remove programs for ZA continue here if not go to step 8.
Use the advanced features of Revo Uninstaller http://www.revouninstaller.com/revo_..._download.html

Run it rt click chose the entries for or related to ZA if any and click uninstall, after the ZA uninstall process click OK on the "Select and uninstall mode" chose Advanced then next.

The uninstall runs. When that completes click next. On the "Found leftover registry items" wait until Select all becomes Bold then click Select all, then delete.

When screen clears click next. If there are leftover files and folders on the HD do the same as for Registry items select all and delete all.

This should be an eye opener as to what would have been left and believe me that is not all.

7. Reboot once more.

8. Drag mouse and copy all in the box below, watch the sliders and go all the way to the bottom, then open a cmd prompt and paste to the black screen.

It should close when finished. You may see errors due to this process is cleaning for several versions of ZA.

----------------------------------------------------------------------------------------------------------------------------------

@echo off
:: Cleanup ZA after install

cd\

rd /s /q "C:\Program Files\Zone Labs"
rd /s /q "C:\WINDOWS\Start Menu\Programs\Zone Labs"

attrib -h -s -r ZAMailSa*.* /s
attrib -h -s -r "zonealarm pro"*.* /s
attrib -h -s -r Zonelabs*.* /s
attrib -h -s -r "zone labs*.*" /s
attrib -h -s -r "Internet logs"*.* /s
attrib -h -s -r vsconfig.xml /s
attrib -h -s -r vsdata.dll /s
attrib -h -s -r vsdata95.vxd /s
attrib -h -s -r vsdatant.sys /s
attrib -h -s -r vsmon.* /s
attrib -h -s -r vsmonapi.dll /s
attrib -h -s -r vsnetutils.dll /s
attrib -h -s -r vspubapi.dll /s
attrib -h -s -r zaplus.* /s
attrib -h -s -r zapro.* /s
attrib -h -s -r zllictbl.dat /s
attrib -h -s -r zlparser.dll /s
attrib -h -s -r zonealarm.exe /s
attrib -h -s -r zoneband.dll /s
attrib -h -s -r vsutil.dll /s
attrib -h -s -r zlclient.* /s
attrib -h -s -r Zonelabs*.* /s


del ZAMailSa*.* /f /q
del "zonealarm pro"*.* /f /q
del Zonelabs*.* /f /q
del "zone labs*.*" /f /q
del "Internet logs*.*" /f /q
del vsconfig.xml /f /q
del vsdata.dll /f /q
del vsdata95.vxd /f /q
del vsdatant.sys /f /q
del vsmon.* /f /q
del vsmonapi.dll /f /q
del vsnetutils.dll /f /q
del vspubapi.dll /f /q
del zaplus.* /f /q
del zapro.* /f /q
del zllictbl.dat /f /q
del zlparser.dll /f /q
del zonealarm.exe /f /q
del zoneband.dll /f /q
del vsutil.dll /f /q
del zlclient.* /f /q
del Zonelabs*.* /f /q
del Zonelabs*.* /f /q


del "C:\WINDOWS\All Users\Start Menu\Programs\StartUp\ZoneAlarm Pro.lnk" /f /q
del C:\WINDOWS\SYSTEM\vsdata.dll /f /q
del C:\WINDOWS\SYSTEM\Vsdata95.vxd /f /q
del C:\WINDOWS\SYSTEM\vsdatant.sys /f /q 
del C:\WINDOWS\SYSTEM\vsmonapi.dll /f /q 
del C:\WINDOWS\SYSTEM\vspubapi.dll /f /q 
del C:\WINDOWS\SYSTEM\vsutil.dll /f /q 
del C:\WINDOWS\SYSTEM\zllictbl.dat /f /q 
del C:\WINDOWS\SYSTEM\zlparser.dll /f /q 
del C:\WINDOWS\SYSTEM\ZoneLabs\Migrate.dll /f /q 
del C:\WINDOWS\SYSTEM\ZoneLabs\vsdb.dll /f /q 
del C:\WINDOWS\SYSTEM\ZoneLabs\vsmon.exe /f /q 
del C:\WINDOWS\SYSTEM\ZoneLabs\vsruledb.dll /f /q 
del C:\WINDOWS\SYSTEM\ZoneLabs\minilog.exe /f /q 
del C:\WINDOWS\Internet Logs\IAMDB.RDB /f /q 
del "C:\WINDOWS\Internet Logs\W98-DHIGHT.ldb" /f /q 
del C:\WINDOWS\SYSTEM\ZoneLabs\html.tdr /f /q

reg delete HKEY_CLASSES_ROOT\ZAMailSafe
reg delete HKEY_CURRENT_USER\Software\Zone Labs
reg delete HKEY_LOCAL_MACHINE\Software\Zone Labs
reg delete HKEY_USERS\.DEFAULT\Software\Zone Labs
reg delete HKLM\System\ControlSet001\enum\Root\LEGACY_VSMON
reg delete HKLM\System\ControlSet001\enum\Root\LEGACY_VSDATANT
reg delete HKLM\System\ControlSet002\enum\Root\LEGACY_VSMON
reg delete HKLM\System\ControlSet002\enum\Root\LEGACY_VSDATANT
reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VSDATA9

exit
exit

----------------------------------------------------------------------------------------------------------------------------------
9. Run CCleaner Temp and Registry cleaner repeatedly until clean.

10. Optional but highly recommended D/L Regseeker http://www.hoverdesk.net/freeware.htm

Then use its Find in registry for, zonelabs, zone labs, zonealarm, ZAMail and zlclient and delete all it finds.

You can the do a general Registry clean select all boxes and chose to back up. But only after a reboot.

Since you just ran CCleaners registry cleaner. Always boot between Registry cleans.

This should be a learning and eye opening experience as you see what a poor uninstall process leaves behind. And why sometimes it will not reinstall or install properly.

Mike

 

[Cybelex]

It is unwise to run any registry cleaner, even that from Ccleaner. They do absolutely no good, do not remove malware, don't speed up your machine, and almost always remove needed components from the registry. The problems may not even show up immediately, but only when you try to install new hardware or reinstall your system. You won't find any qualified service people ever recommending them.

 

[kimsland]

Not to use Registry boosters recently discussed here: https://www.techspot.com/vb/showthread.php?p=686047

 

[Cybelex]

Registry "compacters", "defragmenters", or "compressers" are a different tool altogether and safe to use. They remove the empty space from the registry by rebuilding it, making it smaller so it loads faster, and giving sometimes noticeable increases to system speed.

And "fixers" are also another tool. They are the worst of the bunch since they actually try to repair the registry. They look for a file that has the same name as the missing one, so many help files, setup files, and so on are then misrepresented in the registry. My estimate is that over 90% of the "repairs" they make are errors, but they are then seen by the programs themselves as "correct".

To sum up, there is no safe registry tool except a compacter run according to directions.

Free registry defragmenters (compressors):

Auslogics Registry Defrag - http://www.auslogics.com/registry-defrag/
NTREGOPT - http://www.larshederer.homepage.t-online.de/erunt/
RegCompact.NET - http://www.aplusfreeware.com/categories/LFWV/RegCompact.html
WinASO RegDefrag - http://www.winaso.com/

 

[drneves7]

New problem can't uninstall any thing. If I click on the program in the programs and features it does nothing. I tried a bunch of different programs so it is just flat messed up. I have not done any of the above other than the recommended 8 steps.

Thanks Dominic

 

[mflynn]

Good morning Dominic

Go here and try to get the attachment the malware may prevent it!

On this board Executable (.EXE ) can not be attached so download the Fixit.zip Rt Click it get Properties and in the name box change from Fixit.zip to Fixit.exe.

Then execute it
Read this and do it!

https://www.techspot.com/vb/post684649-3.html

Mike

Edit: Dominic you do not need to run the scans again jut check and see if it fixed the installer issue.

 

[drneves7]

Good morning Dominic

Go here and try to get the attachment the malware may prevent it!

On this board Executable (.EXE ) can not be attached so download the Fixit.zip Rt Click it get Properties and in the name box change from Fixit.zip to Fixit.exe.

Then execute it
Read this and do it!

https://www.techspot.com/vb/post684649-3.html

Mike

Edit: Dominic you do not need to run the scans again jut check and see if it fixed the installer issue.

Okay I used this little tool still cannot remove or repair programs in windows programs and features. Well I checked I can remove HJT and Mozilla.

Just to let everybody know I have ran the 8 steps and this tool above and that is it. I am holding off from running any registry cleaning tools as the norm on this website has been for a guru to let me know what files to remove with HJT. That has always seemed to work great so that is what I will continue to do. No disrespect just my comfort level

Thanks Dominic

 

[mflynn]

OK Dominic

I don't know what your definition of a guru is but consider this:
I do this professionally have been doing it for 30 years I have ran Registry cleaning tools 500 times if I have ran them once.

In my business I administer 55 networks in 5 states 60 plus Servers and 740 work stations.

But say in your comfort level for now but if I ask again later I will expect you to do it!

This person has misconstrued the recommendation that the average person not do, with being guided by an expert. I know when, which specific scanner and why to run a Registry! The wrong Registry cleaner in the wrong hands at the wrong time is a bad thing.
----------------------------------------------------------------------------------------------------------------------------------
Do the below:

Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

Have XP CD available in case DAF needs a file.

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here 1 at a time do the below

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking
Watch for any File not found or other errors and make note as this may lead to the fix!

Reboot retest!

Get back!

Mike

 

[drneves7]

Alright here goes nothing lol.

Thanks for all the replies Mike. Like I said I didn't mean any disrespect. Here is where I lie. I am able to uninstall programs again. And I am running Vista just to let you know.

I did a system restore yes I know I am starting over but I think it was something that I did last night that caused this so I am starting fresh. I am going to run the 8 steps. Then I will run through your steps fully this time disregarding the steps to resolve my uninstall problems. This may have been also effecting the java tool you suggested. So after I have all of this done I will post my new logs and symptoms or lack there of.

And I am all ears here I just started college for IT/Networking so am really interested in all of this obviously

Thanks again Mike for you help and hope to continue to get your support


Dominic


Oh and I will only follow your steps on here and not fiddle around with things on my own. Yes it is fun but I turned to you guys because I just don't have the time to mess around and figure it out the very very long way lol. Well time to do some school work and let the scans run.

 

[mflynn]

OH yes I will be here I don't quit or give up!

Yeah I forgot it was Vista so no DAF for Vista yet tho it is being worked on!

You have the right idea bring it forward from the eight steps post the logs each run and now you know to rerun the scans until clean.

I suggest this order: mbam, SAS, combofix and SDFix.

Mike

 

[drneves7]

Hey Mike I am back at it again on her pc sorry took a short break do to the holiday and such. I have got some stuff cleaned up on here finally was able to uninstall all the old Java stuff I ran all the 8 steps again and I am about to go through the steps you outlined for me to follow for making sure Zone Alarm was fully uninstalled. I will post an update Soon I hope.

Thanks again Dominic

 

[mflynn]

Great I will keep an eye out!

Did the Attachment break it loose?

Mike

 

[drneves7]

I am not sure what it was that released it all. I got to the point that I could add and remove programs and called it quits that day. I had done so many things it is a blur lol. Wish I had an answer though I know you would like to know. So far everything looks good. I am running mbam right now and going to bed shortly I hope to run the others in the am then I will post them. Her pc is already doing better though so that is a good thing.

Thanks a bunch
Dominic

p.s. you were right to it is unbelievable all the stuff that was left behind from uninstalls

 

[mflynn]

I guess my question is. Did you do the Attachment/Fixit download?

If so that is what did it as it has for everyone who has ran it.

So did you run it?

Mike

 

[drneves7]

Yes it was ran I ran everything you suggested.

Dominic

 

[mflynn]

I thought that was what broke it loose.

Great.

So get me those logs.

Mike

 

[drneves7]

Hey Mike here are my girlfriends logs. Her pc seems to be doing better. The on last problem that even had me looking into this is still there though. The problem we are having is she can connect to our home network just find with her ethernet port. When we connect with her wireless connection she loses the connection maybe 10 minutes after connecting and I have tried connecting straight to our wireless modem and to my router.

Let me know the next step

Dominic

 

[mflynn]

Hi Dominic

I am sure it is better but we have just a little more work to do.

Download RSIT
http://images.malwareremoval.com/random/RSIT.exe

Run it, when finished it will open a log Maximized on the screen, attach the contents of this log back here then close that log.

Then the 2nd log is Minimized so Max it and attach it also.
The logs will contain a HighJackThis log also.

then..

Download SD Fix to Desktop among other things Catchme to look for RootKits.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.

Mike

 

[drneves7]

Hey Mike,

Sorry about the long delay in running these programs and replying. Been busy as heck and when I have had time the girlfriend has been on here lol.

I ran RSIT but could only see one log which I will attach. If I just couldn't see it and there is some way for me to find the other log let me know I will run it again.

I installed SD Fix but when I booted into safe mode and tried to running it the window that opens just closed immediately. Any suggestions on that.

We haven't tried her wireless connection lately but I am trying it right now and will let you know if it is still losing its internet connection or not.

Thanks Dominic

 

[mflynn]

Hi

Run HJT Scan only and select and remove the below
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O13 - Gopher Prefix:

I am sorry but the MBAM and SAS logs are too old, so coupled with the fact that the computer is being used you need to run MBAM and SAS again.

So UPDATE both run and attach logs.

Mike

 

[drneves7]

Hey Mike,

I had a feeling you would say that about running the scans and is why I started running a virus scan (just ditched avg for avast yesterday). I will run the other two after.

Second I had just jumped over to my pc and peered over at my Girlfriends and noticed it had lost its internet connection I am assuming when I closed mozilla. Here is the weird part once I opened Mozilla the connection was working again. And I am speaking of the wireless connection.

I will remove those files you spoke of two after the virus scan. After all the logs are ready I will reattach them.

Thanks
Dominic

 

[mflynn]

Try to attach the logs 1 at a time as they are run. That gives me more time to review them.

Run MBAM, look at logs, if any cleaning/deletions/removals were done then it needs be run again till clean, but not until after the SAS is run. Try not to run back to back unless the other is already clean.

Same for SAS!

Mike