Tech Support Guy banner
Status
Not open for further replies.
1 - 20 of 21 Posts

·
Registered
Joined
·
525 Posts
Discussion Starter · #1 ·
In Windows temp folder I have a file zlt049c3.tmp, I cannot delete it. Access denied. In safe mode it does not show up. Ran norton anti virus, no problem. Google search comes up negitive.

Any ideas? Thanks.
 

·
Registered
Joined
·
525 Posts
Discussion Starter · #3 ·
cybertech, thanks for the reply. Can you give me some instructions on how to post a HJT log?
 

·
Retired Moderator
Joined
·
72,109 Posts
Click on the Hijackthis link above. Make a folder on your drive like c:\hjt and unzip the file there. Double click on hijackthis.exe, scan, save log. It will open in notepad. Press CTRL+A, CTRL+C, Post Reply here, CTRL+V
 

·
Registered
Joined
·
525 Posts
Discussion Starter · #5 ·
cybertech, I am too old to make this computer do what you are telling me. Here is what I did with print screen.
No paste is availible

Thanks for you help, I guess I am too dumb.

There was nothing in the list that was HJT
 

·
Registered
Joined
·
525 Posts
Discussion Starter · #6 ·
I tried to go bact to the scanreg /restore from 4 days ago.
now the file is named zlt02be2.tmp.
and I cannot delete it either.
 

·
Registered
Joined
·
525 Posts
Discussion Starter · #8 ·
c:\windows\temp\zlto2be2.tmp
 

·
Retired Moderator
Joined
·
72,109 Posts
Boot to safe mode by pressing the F8 key while the machine is booting up.
or read more about restarting in safe mode, Click here to see how

Now using Windows explorer go to c:\windows\temp\ and delete that file, for that matter delete all files that end in .tmp that you find there.
 

·
Registered
Joined
·
525 Posts
Discussion Starter · #10 ·
I did that at first and it didn't work. Just tried it again, both times in safe mode there is no files in the c:\windows\temp folder. Now in regular windows the file is named zlt04735.tmp.
 

·
Retired Moderator
Joined
·
72,109 Posts
Delete it in safe mode. Sure would like to see your log, forget the copy/paste thing. go to Post Reply, not the quick reply and look down below the reply box for Attach Files, click manage attachments and see if you can get your log in that way.
 

·
Registered
Joined
·
525 Posts
Discussion Starter · #12 ·
Was not there in safe mode to delete. when I tried to send the log as an attachment. It said it was an invalid file name. .log
 

·
Registered
Joined
·
525 Posts
Discussion Starter · #13 ·
Here it is, I got into word and copyed it and then I could paste it.

Logfile of HijackThis v1.97.7
Scan saved at 4:31:13 PM, on 4/12/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DLLHOST.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOWNLOAD 2\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/local/34785
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\SYSTEM\BHODSHOP.DLL
O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\ADSHIELD\ADSHIELD\ADSHIELD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\OFFICE\1033\PHDINTL.DLL/phdContext.htm
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\suppress.htm
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\maintain.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\ADSHIELD\ADSHIELD\settings.htm
O9 - Extra button: Deskshop (HKLM)
O9 - Extra button: AdShield (HKCU)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.walmartphotocenter.com/photo/upload/XUpload.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38032.1668287037
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
 

·
Registered
Joined
·
525 Posts
Discussion Starter · #16 ·
cybertech & WhitPhil, Thanks for the replys, I am sorry I have not responded. I have been out of town on a 5 day fishing and socializing (beer drinking) with old hunting buddies.
I have 2 files now different from the first, which still start with ZLT. Do I need to do something to try to get rid of them or will they just come and go. And they will cause no problem.

I have noticed sence this started that my Icons on the desk top keep moving around on me.

Thanks.
 

·
Registered
Joined
·
525 Posts
Discussion Starter · #18 ·
cybertech, I found that string you indicated to look for, it was there and I did the "fix checked". It gone now, see below. But I have a new .tmp file that won't delete. ZTL04dfb.tmp.

Logfile of HijackThis v1.97.7
Scan saved at 7:57:05 PM, on 4/18/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DLLHOST.EXE
C:\DOWNLOAD 2\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/local/34785
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\SYSTEM\BHODSHOP.DLL
O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\ADSHIELD\ADSHIELD\ADSHIELD.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\OFFICE\1033\PHDINTL.DLL/phdContext.htm
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\suppress.htm
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\ADSHIELD\ADSHIELD\maintain.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\ADSHIELD\ADSHIELD\settings.htm
O9 - Extra button: Deskshop (HKLM)
O9 - Extra button: AdShield (HKCU)
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.walmartphotocenter.com/photo/upload/XUpload.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38032.1668287037
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
 

·
Registered
Joined
·
16 Posts
pfoerste said:
In Windows temp folder I have a file zlt049c3.tmp, I cannot delete it. Access denied. In safe mode it does not show up. Ran norton anti virus, no problem. Google search comes up negitive.

Any ideas? Thanks.
-------------
Access denied means that an active program is
using the file somehow. Try CNTL-ALT-DEL and
shut down "explorer". Then goto Windows Explorer
and try to delete the file.
 
1 - 20 of 21 Posts
Status
Not open for further replies.
Top