Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot-S&D Blocking Access to posts here


  • Please log in to reply
10 replies to this topic

#1 oldfella

oldfella

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 20 February 2005 - 09:01 PM

I am posting this item here at the suggestion of a person in your (BC) staff.

When I attempt to read any post here at BC, I get a message window (Spybot-S&D Resident) saying "Spybot-S&D has blocked the download of "Avenue A, Inc.!" I get that message from any site that may pose the possibility of downloading "Avenue A, Inc"! In all instances, except here at BC, I am able to continue after checking the OK box; here at BC, however, it is not the case. When I check my cookies after visiting BC, I get this one: "ebgames.com [SITESERVER]" ... I even accepted that cookie thinking that's what I needed, but it doesn't make any difference. I even forced http://www.bleepingcomputer.com/forums/ and disabled pop-ups on my system... the same. What do you think is my problem? Thank you for your assistance.

Pete (The Oldfella)

BC AdBot (Login to Remove)

 


m

#2 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:04:24 PM

Posted 20 February 2005 - 09:14 PM

It would seem that you need another application to determine what the culprit is. Click here ->HiJackThis Pinned topic for information on the HiJackThis Program. This link will also provide some useful information on the how to post it as a new topic.
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#3 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:02:24 PM

Posted 20 February 2005 - 09:34 PM

Welcome oldfella, Pete ...
One way or another we'll help ya' get
to the bottom of this, one of those perplexing
things that make bleepingcomputers what the heck they are. :thumbsup:

:flowers:
patiently patrolling, plenty of persisant pests n' problems ...

#4 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:05:24 PM

Posted 20 February 2005 - 10:10 PM

I have never had that problem with Spybot and BC, although I get warnings on MSN/Hotmail all the time. From what I know, AvenueA is not all that nefarious.
The problem might reside elsewhere, so follow the advice to post a HijackThis! log to the correct forum.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#5 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:02:24 PM

Posted 20 February 2005 - 10:19 PM

Since it is part of the issue here, I thought I'd mention:

Open Spybot, next to the FILE button top left ... MODE
Advanced mode -> Settings -> Ignore Products -> Avenue A, inc
could be checked if you like. All they do is install tracking cookies.

I usually checkmark the box next to DSO Exploits
so that one wsn't picked up each scan.
I think it's fixed now, in the latest update..

I don't know the exact details of
your problem, but you can
ignore any of the
thousands.

And they change your mind.
It takes a reboot to
set your decision.

Edited by phawgg, 20 February 2005 - 10:23 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#6 oldfella

oldfella
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 20 February 2005 - 10:27 PM

I lucked out, was able to read your replies (did not receive email notification replies)... I was not able to read HijackThis instructions.

I'm using WinXP, IE and have checked my system with Spybot - Registry Mechanic - Ad-Aware/Ad-Watch SE Plus - CW Shredder and Nortons Anti Virus programs. Here is my Hijack log:

Logfile of HijackThis v1.99.0
Scan saved at 9:22:22 PM, on 2/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Firetrust\Benign\B9.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pete Lara\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 127.98.9.1 mail.bellsouth.net.b9
O1 - Hosts: 127.98.9.2 mail.bellsouth.net(1).b9
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [hp imaging helper] C:\WINDOWS\system32\hpusbscr.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LVComs] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [b9] C:\Program Files\Firetrust\Benign\B9.exe /minimize
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#7 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:02:24 PM

Posted 21 February 2005 - 04:54 AM

Ok, I will check it over carefully.
I'm moving this thread of posts to the area we analyze logs in.
When replying to my next post, please do so here, "add reply".
It'll likely take a day to move it through the process.
patiently patrolling, plenty of persisant pests n' problems ...

#8 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:02:24 PM

Posted 21 February 2005 - 10:51 PM

I lucked out, was able to read your replies (did not receive email notification replies)

Did you click the "track this topic" above (right top) your post(s)?

oldfella, with the possible exception of one or two files,
your log looks good. Please enter each of these:

C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe

into the scanner here:
http://www.virustotal.com/flash/index_en.html
and let us know if they come up clean.

Another doublecheck would be to rightclick each and select "properties"
to determine that they are legitimate files by recording information found.

These indicate you have modified you host file,
located at C:\WINDOWS\system32\drivers\etc.
O1 - Hosts: 127.98.9.1 mail.bellsouth.net.b9
O1 - Hosts: 127.98.9.2 mail.bellsouth.net(1).b9
Please confirm you are aware of this change.

Also, are you familiar with this program --> C:\Program Files\ieSpell\iespell.dll ?

Edited by phawgg, 21 February 2005 - 10:57 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#9 oldfella

oldfella
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 22 February 2005 - 10:57 AM

Thanks for checking my log, phawgg - Did I tell you I know little to nothing about how to navigate the computer inners?:

C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe

into the scanner here:
http://www.virustotal.com/flash/index_en.html
and let us know if they come up clean.


First, I don't know what to do here - I went to the "virustotal.com" site and found no way to do what you asked.

About the B9 (Benign - Firetrust) entries - No I didn't know about any changes. I just now checked and found the my b9 mail checker has disappeared. I think I did get it back by going to "Find"; but I couldn't find a way to rightclick on those two entries.

Another doublecheck would be to rightclick each and select "properties"
to determine that they are legitimate files by recording information found.

These indicate you have modified you host file,
located at C:\WINDOWS\system32\drivers\etc.
O1 - Hosts: 127.98.9.1 mail.bellsouth.net.b9
O1 - Hosts: 127.98.9.2 mail.bellsouth.net(1).b9
Please confirm you are aware of this change.


Regarding "iespel" - it is my spell-checker : http://www.iespell.com/

Without knowing what to do next, I'm guessing I'm dead in the water, right?

Pete

By the way - It's taking me about 20 tries to get to reand/post here. becuase the Spybot thing.

Edited by oldfella, 22 February 2005 - 11:04 AM.


#10 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:02:24 PM

Posted 22 February 2005 - 01:10 PM

I'm sorry, it seems I have managed to thoroughly confuse you, Pete.
It will require some lessons in navigation first, and
I'll try to clear up the misconceptions.

My first misconception was thinking you had modified you host file yourself.
Having done so myself, I thought if you had, then you would know
several fundamentals involved in PC use.

I'll present those fundamentals to you now.

By default, the primary drive,
where windows operating system (OS) files of all kinds reside,
is hidden.
We typically instruct you to expose all files to view.
To do this:
From your desktop, use the Start button.
[note: Each (-->) represents a mouse click]
It should be mentioned that tray icons
and desktop shortcuts exist for convenience only.
You can operate your PC quite well with nothing on your desktop,
and a minimal amount of tray icons
(which indicate processes that start immediately & run constantly)
present.
Installed programs,
both those installed with the Windows OS
and any you have installed yourself,
will be accessible from the Start Menu.
Icons representing the executable files appear on two sides,
and all programs can be selected
to show a list of programs
on a flyout menu


Basic navigational skills require an understanding
of the context menu(s) also.
Rightclick the mouse, on any file or icon.
What you see is the context menu.
It allows you to perform additional functions.
Leftclick, or doubleclick with the left button
(unless you have reversed it by preference)
will enact a procedure,
whereas right click will give you options.

Written instructions should differentiate between the two.
"Click" is generally considered tomean
"use the left button to achieve the desired result(s)".

Without going into much further detail,
other than to mention that you can set preferences
such as making a single a click do the same thing
as the default setting for doubleclick
(which in turn makes the "hover over" function
as the first of the two clicks in "doubleclick")
or set the speed of a normal doubleclick,
we'll proceed toward understanding basic navigation
(or exploring the "innards" of the PC).

Start--> Control Panel (icon) --> will (in winXP) give you
a new window display.
On the left panel (or pane) the words 'control panel" appear,
with a button to the right.
If the button shows two downward pointing arrows,
it means a dropdown menu is available.
Once exposed,
that menu will allow you to switch to an (the) alternate view.
Two views are available.
  • Category View
  • Classic View
For the purpose of instructions,
I use the category view.
Exact navigation depends on exact words.
The two views allow for problems when describing easily
how to get somewhere,
so please understand the need for consistancy.
We are in category view now.
Close the control panel.

See how I am?
We need to go to My Computer to view system files.
Basic navigation will more often require the use of the
Start Menu and Control Panel, and so I chose to point it out first.

Start --> My Computer. Here the window displays:
  • Files Stored on This Computer
  • Hard Disk Drives
  • Devices with Removable Storage
  • Scanners & Cameras
It is important to note that any underlined word in this list is a link
A LINK will allow for:
  • Highlighting the word (selection either by hovering or a single click)
  • Enacting (opening a new windows explorer window with one more click)
  • Providing an opportunity for context menu choices (using the rightclick)
UNDERLINED WORDS IN POSTS AND AROUND THE SITE are also links,
and it should be noted that:
  • They operate in the same way
  • left click(s) enacting what is also called a hyperlink.
  • rightclick offering a context menu
  • we try to make sure all links are working & safe to use.

Did I tell you I know little to nothing about how to navigate the computer inners?

Now you know more.
To provide for a relatively simple request like:

Please enter each of these:

C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe

into the scanner here:
http://www.virustotal.com/flash/index_en.html
and let us know if they come up clean.

you need to know even more ... :thumbsup:

We typically include this line
(or a variation therof)
as an initial step in any given HJT log fix recommendation:

Set your PC to: show hidden files.
Additional information here.

To be able to see the small window illustrated
in the first link above you would:

Start--> My Computer --> Tools ---> Folder Options -->View.
translated as "navigate to my computer,
select folder options in tools from the toolbar, and in the view tab..."

One more obstactle remains.

Start --> My Computer --> Disk 1 Vol 1 (C:) local disk
which implies open (doubleclick) it.
translated as "open your primary drive".

You might get a blue screen telling you these files are hidden,
even after you have set the preferences to show hidden files
(illustrated above)

No problem,
On the left panel (or pane) the words "system tasks" appear,
with a button to the right.
If the button shows two downward pointing arrows,
it means a dropdown menu is available.
Once exposed, that menu will allow you to
  • Show contents of this drive which is what we want, and this command is only available at this location, to the best of my knowledge

  • Add or remove Programs - just a shortcut

  • Search for files or folders - just a shortcut
Although not underlined, these words are links. enact "show contents..."

WindowsXP,
and probably most if not all windows versions,
loads three folders
(folders are also called directories)
when you install it for the first time.
  • Documents and Settings

  • Program Files

  • WINDOWS
Any folders or files appearing on your C drive
(the primary or boot drive)
other than these three
have been installed
after your basic OS,
if hidden & system files are NOT set to be visible.
With the setting to show all files that was chosen
when you changed the folder options above,
you will see "transparent files" outside of
those basic, fundamental folders.
Thats normal.

These indicate you have modified you host file,
located at C:\WINDOWS\system32\drivers\etc.
O1 - Hosts: 127.98.9.1 mail.bellsouth.net.b9
O1 - Hosts: 127.98.9.2 mail.bellsouth.net(1).b9
Please confirm you are aware of this change.


You now have the key to navigation needed to locate any file.

Windows --> System32 --> Drivers --> etc. and you'll see your host file(s)

Another doublecheck would be to rightclick each and select "properties"
to determine that they are legitimate files by recording information found.


Anywhere on your PC you can choose the context menu.
The dialog box that results gives you adional information.
Often the date or author of any file gives a clue to it's legitimacy.
Use the "properties" choice.

are you familiar with this program --> C:\Program Files\ieSpell\iespell.dll ?

Now you can navigate to it's location and read about it.
Communicate what you find,
or seek addional information about it.

C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe


One or both of these is no doubt a legitimate file.
You can determine (by checking them out) that it is so.

One more BASIC understanding about websites
and how your PC interacts with them.
  • without getting too technical about the or "particulars" ...

  • Most websites with accessible databases (like this one) have SEARCH features.

  • I call them "search boxes"

  • you can type into them OR

  • using your context menu selections of "copy" & "paste" enter text (words).

  • Once entered into the box, usually you will "hit" ENTER on your keyboard.

  • Some, like the virus scans, require more than words.

  • They require access to files and/or folders.

  • Rather than text being entered, actual contents are uploaded.

  • In the case of a virus scan ...

into the scanner here:
http://www.virustotal.com/flash/index_en.html
and let us know if they come up clean.

BROWSE is included.
This means you can locate any of the files
within any of the folders (directories)
that you can now see on your personal computer
by using what amounts to a dialog box
that is very similar to
the ORGANIZATIONAL TREE of directories
found in (or on) your own computer
relative to any particular location.
File organizational trees are all the same.
Hard drive (HD) location > Main Folder > Sub-folder(s) > File(s)

Selecting BROWSE
you navigate to the appropriate location
until you find the exact file in question.
In this case:

My Computer > C: drive > WINDOWS > system32 > devldr.exe and a few minutes later the results would be displayed as text in the Virus Total window.

Without having that particular file on my own PC,
I can not determine if it is legitimate.
Without searching databases,
which I did,
to no avail.
I also used google search engine to locate
any reference to it at other forums.
No conclusive results were obtained.
The alternatives are two:
  • You could zip a copy of the file ...
  • (a context menu option called SendTo: -->compressed (zipped) folder)
  • into a folder, attach it to an email and send it
  • to me (or us) to upload in the same manner as was described
  • You do it yourself and post the results.
  • Easiest way to do that is to place your mouse cursor at the upper left hand corner
  • of any text, then ...
  • click to see an I-bar ...
  • Hold the mouse button and drag downward ...
  • The result being the text is highlighted.
  • Release the mouse button.
  • rightclick, select "copy"
  • and the next time you use the rightclick,
  • to "paste" it into a post message box.
  • (This is known as using the Clipboard feature of windows)
with the use of TOOLBAR OPTIONS & CONTEXT MENUS
the versatility of PC functions that you can use daily is increased.
Don't forget HELP MENUS, too. :flowers:

Edited by phawgg, 22 February 2005 - 05:14 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#11 oldfella

oldfella
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 23 February 2005 - 06:07 PM

:thumbsup: ...embarrassed, yes - ashamed, not if you give it your best :flowers:

I went into places I've never been before, but couldn't find the right spot.

In the case of the "B9" files... I had to work backward, from the outside in. This program (Benign) quit working when SP2 came into the picture - them MS came up with a fix: File KB884020...but, I un-installed SP2 in an effort to correct a problem with MSN Messenger - that got me into a lot of trouble. Any way, I re-installed SP2 but B9 disappeared. I just now got it back by reinstalling the hot fix file KB884020. I don't know if that makes an sense to those reading this, but it could have cause the "bastardizing" of the two B9 items shown on the HijackThis log.

I simply could not find the reason for the many "extra buttons" related to "Ispell" program..it is working OK, however.

As for the SpyBot thing not letting me in the board/website, is strange indeed, as this is the the only website which is preventing me access after I click OK on the pop-up warning notice.... I really don't know what can be done - the only thing I can think of is that "Avenue A, Inc" - now "Quantine Digital Marketing Optimization Company" has taken root in this website.

I want to especially thank phawgg for his time and effort and his courtesies to this oldfella. Regards and best wishes.

Pete




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users