Posts by caperjack

Whoa, caperjack... Just a second there... He's running ME, not 98. There'll undoubtedly be problems from that.

Sorry ,Yes there would ,but if it were my computer, I would see that,Pea brain Caperguy F--ked up and get the ME bootdisk instead .LOL :)

Sorry for the error Flyguy ,get the ME bootdisk from that site insted of 98.

Stimon.exe Application that provides one-touch scanning for a scanner=
,and it auto starts with windows .if you don't have a scanner install you could disable it in ,Start/run/msconfig/startup and uncheck the reference to Stimon.
not sure why it having a problem ,you could try system file checker to check for corrupt or missing system files .
To do so with the win98 cd in the cdrom ,go to Start/run /type in SFC and start the scan .

http://www.sysinfo.org/startuplist.php?filter=stimon.exe

http://www.liutilities.com/products/wintaskspro/processlibrary/stimon/

Download and run this fully working 30 day trial version Trojan Hunter.
http://www.misec.net/trojanhunter/?aff=12129
.........................................................................................................
Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run CWShredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you …

I haven't read your reply, I just noticed something and wanted to get it in here. I found in my System 32 folder a file named lsass.exe (,C:\WINDOWS\system32\lsass.exe) isn't that a sasser worm? Why isn't it showing up on the hjt scan? I'll go back and read your reply now.

Not the sasser ,thats a legit windows file ,the sasser one is spelt different like lssaass or something simular to the orignal.

Get a win98 bootdisk here ,http://www.bootdisk.com/bootdisk.htm

boot to the dos prompt .sys c: and hit enter .remove boot disk and Reboot computer

Download and run this fully working 30 day trial version Trojan Hunter.
http://www.misec.net/trojanhunter/?aff=12129
.........................................................................................................
Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run CWShredder

How to start computer in safe mode
.............................................................................................
Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure …

that is not pci not isa=what is it !!

The Monitor cable for one .and out the CPU and make sure it doesent have any bent pins .Then Smash it with a hammer for all the pain and suffering you had to put up with for the past year ,Ae there no computer repair shops where you live ,sometimes we have to bite the bullett and give in and get HELP!

You need to install drivers fo it ,either from a disk that you may have or fro mdrivers optained for the manufactors web site.
What is the full name of the card

Download and run this fully working 30 day trial version Trojan Hunter.
http://www.misec.net/trojanhunter/?aff=12129
.........................................................................................................
Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run CWShredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you …

I reall dont know if it will actuall find anythin usefull have a read here ,they are discusing the program .

http://www.lavasoftsupport.com/index.php?showtopic=24563
Edit; and here also .
http://spywarewarrior.com/viewtopic.php?t=1154

I read a little and still not sure if the full version actually works .

I would email them and tell them that you now know that they tricked you into buying it and you are not impressed with them !
to bad you couldn't stop the credit card payment.if thats how you payed for it .

So how do I go about removing XoftSpy and get rid of the trojan.bookmarker.gen? This thread is getting kind of long now, should I start a new one?

No don't start a new thread .

Download and run this fully working 30 day trial version Trojan Hunter.
http://www.misec.net/trojanhunter/?aff=12129
.................................................

Oh, one more thing, is it safe to remove all the references to incredimail in the Regisry Editor since the program has been removed?

Yes ,you can edit the registry and delete all incredimail stuff.
Don't forget to backup you registry first !:)

Also hijack this should be in afolder and not just on the c like this .
C:\HijackThis.exe
create a new folder call it HJK or something like that , and move it there .so it looks like this
C:\HJK\HijackThis.exe

To night when i have more time i will start from your first post and read this thread over again an see if i can see what I'm missing .

I purchased and ran XoftSpy. It found many things no other programs had

Thats because the program installed the things it said it found ,when you installed the program ,to Dupe you into buying it !!!!

There is a list of bogus spyware removal tool for sale on the net and your makes the list ,Check it here for the discription of the one you bought ,[
http://www.spywarewarrior.com/rogue_anti-spyware.htm
]Sorry to here you were duped into buying something that can be had for free and are better ..like Spy-bot ,ad-aware ,Spywareblaster ,spywareguard.IE-Spyad.to name a few .

Yeah ,uninstall Norton ,and go here for really good free versiond og AVG
The software link in my signature for a few different ones ,click on the antivirus link . ,or click here .
http://free.grisoft.com/freeweb.php/doc/2/

Thanks everyone !! Time to take machine to town I guess , wish i had more input and guidence , but i will say this site seem`s cool if your an advanced pc operator . Ever need a master electricians advice or troubleshooting guidence lets talk !!!!!!!! ZAPPPPPPP im outa here :lol:

I just read through all you previsious and you were giving a lot of advice and guidence and links to sites for Drivers for you computer ,the install of the drivers is up to you ,as we can't reach out and touch your keyboard ,and yes you do need some computer knowledge to Browse websites and download the drivers ,and install them .
Also you started 3 different threads and were not the last responder in any of them,meaning we don't know if the advice given helped or not .
Maybe time to go to town and Pay someone 50or60 dollars to fix it for you !
Have a nice trip to town :) Or tells us what is wrong and why you can't seem to get the video drivers installed .

Good to Go,You got the nicesssssssssss looking log in Town!!:)

removing them from hijack run list doesn't remove files ,just that program from Run ,( HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe)that means ot not going to startup when computer bootsup
It would only interfer with musicmatch if you deleted any files .You would need to click on a icon to start musicmatch

Follow these instructions and you can download the full IE ,and burn it to cd .
http://www.petri.co.il/download_the_full_ie_package.htm

nothing out of place expept these ,and i dought if they are causing you problems ,

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please print a copy of these instructions because you will be working with all windows closed except HijackThis.

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

This one is optional ,but suggested because it a rescource hog .
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Reboot computer and try IE again .also post a new log but get the updated hijackthis in removal tools ,in my signature.

Sure, post away .

Reinstall your video card drivers !

looks good !

After you get it all fixed and things are working good ,Download and install these three programs to help stop Spyware .

Spywareblaster

SpywareGuard

IE-SPYAD

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

As i surf right now ,navapsvc.exe is using 1120k of mem .
I have to admit that every now and then i get a update that serews a little ,but t he next ones always fixed it .I have had the best luck with nortons over the years .
I got that windows update cd last week ,was going to uninstall nortons just to try EZtrust but decided not to

So!uninstall MSN 6.2 and then reinstall it maybe !

.............bill???:(

My question has to be why! ,you normally cant start using any of them untill they are all finished loading !mine anyway

Norton Antivirus has had this effect on every XP computer that I've installed it on. I jsut gave up trying to fix it. If you hold down the power button on the front of the case for a few seconds the computer should switch off. Beats reaching round the back!

I have been using Norton Antivirus 2002/2003 ,no problems on XPPRO for almost 2 yrs ,same install of xP now going on 9 mts,narie a problem
I install it on all the computers I format for others , and load XPPRO on .Again no problems .Lucky I guess .:)

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

IE-SPYAD

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

Not much in you log really ,nothing new in the newer version .

...........................................
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

These are optional ,but fixing will help speed up startup and performance as all these programs are running in the background .

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

IE-SPYAD

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

StarJoe please do the following !

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKCU\..\Run: [AutoUpdate] C:\WINDOWS\scvhost.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

Now reboot into safe mode and delete the following files and folders if found ."Fix Checked"...Reboot to SAFE mode to delete files ,How to start computer in safe mode

C:\WINDOWS\scvhost.exe delete file ,note the different spelling this one is spelt SCVhost and not like the good file SVChost

C:\WINDOWS\System32\bridge.dll.....dlete file

to delete the above files and folder you will need to do the following
go to Show hidden files & folders
"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode
reboot computer and post a new log

There is a simple solution for this. this is for most windows programs that allow access to msconfig.

to get rid of the bridge.dll popup,,,, you need to left click on start(bottem left corner of screen),, and then left click on run.

in the box that comes up,,, type in msconfig and then click on ok.

In the new window that comes up,, go to the top right and click on the tab labeled "Startup".

you will see a list of items that have a box that can be checked to the left of each one with green checks in them.

find the one with bridge in the text line and uncheck that box.

click apply towards the bottem of the window

click restart when prompted.

when computer restarts a box will popup saying you have used the system config utility,blah,blah,blah click the box that says dont show this again,,, and then click ok. Problem gone :twisted:

You are right that will do it ,Fininf the idems with Bridge in it with hijackthis will also .but there are other isuses with this log also ,other files left by trojans ..
Also msconfig is a diagonstic tool and not reall meant to be altered and left that way ,it is best to remove these entrys from the registery and that is what hijackthis does.!:)

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

O1 - Hosts: 69.20.16.183 search.netscape.com

next ones are optional but suggested because they are not neede in startup or rescorce hogs

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

This is Spyware and you should uninstall the program. via add/remove programs in control panel i think

O4 - HKCU\..\Run: [NETZIP SMARTDOWNLOADER] C:\WINDOWS\SYSTEM\npnzdad.exe /t

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

Now reboot into safe mode and delete the following files and folders if found ."Fix Checked"...Reboot to SAFE mode to delete files ,How to start computer in safe mode

C:\WINDOWS\SYSTEM\npnzdad.exe.........delete file if found

to delete the above files and folder you will need to do the following
go to

Your hijackthis is outdated ,197 doesn't detect all the new baddies ,
please download the latest and post a new log .
click the Removal Tools link in my signature

Please reboot and run hijackthis again, post the new hijackthis log ,thanks.
Edit : Root ,perfect timing !:)

You can change the behaviour of windows so it doesn't reboot on errors, somewhere in the control panel.

Actually its right click
on mycomputer /properties/advanced /Startup and recovery /settings .
Check it to make sure it set to write a events to system log .check the log to see the error.
......................................
Info on reading logs
http://support.microsoft.com/default.aspx?scid=kb;en-us;308427&Product=winxp#4

pretty gay

I guess those two words go together!

Windows reboots when load MSN Messenger

Do you when you are starting msn or when you are installing the program

Make sure you Bios is Set to CDROM first boot ,put the windows cd in the drive ,boot computer,go lie as if you were going to install windows again ,and format the partition with the latest install .maybe!:)

Go to the Security Section of this fourm create a new thread and post a hiojackthis log .Please dont post it here ,Download hijack .

Download 'Hijack This!'.HERE
Download link is on the left

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.
Please close all Open windows programs and Browser windows before you run hijackthis .

OK. No need to delve into it too deeply as long as you got it working- I was just curious...

Thanks for your help ,It was you suggestions about Pinging that got us on the right track!!

not sure .i really don't know that much about networking .
Just know it now working since i configured the Wireless card to refelect what I seen in the main computers settings ,and disabled the unboard nic card just to make sure there ws no conflicts,and it working now .!:)

thank you again, I have downloaded and started using both pieces of spyware :o

Great,don't forget like any good Prevention program they are only good, if you keep them updated !!Good Luck

With out getting to techinal ,because I can't !:)
These Were the biggest problems and they are Trojans or Files left by a Trojan!
O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\Run: [DPA] c:\windows\erxs.exe
O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe

Got it ,the The wireles card wasn't setup right ,well it was, but the second time he loggin on to his computer he thought he would change the Domain name i think ,from default to his name ,and they need to be the same ,right !!

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

IE-SPYAD

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [DPA] c:\windows\erxs.exe

This one is something called easy internet ,Did you install this or do you use it ,if no maybe try and uninstall it in Add/remove program in the control panel
O4 - HKCU\..\Run: [EZNXP] C:\PROGRA~1\EZN\EASYIN~1\eznorun.exe

This one is optional ,but is not needed in startup and is a rescource hog .

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Now reboot into safe mode and delete the following files and folders if found ."Fix Checked"...Reboot to SAFE mode to delete files ,How to start computer in safe mode

c:\windows\erxs.exe....delete file

to delete the above files and folder you will need to do the following
go to Show hidden files & folders
"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode
reboot …

this happens to me from time to time ,usually fixed the next time i get updates

The virus is usuall disguised as ,but usually spelt different like SVXCHOST.EXE ,SXOCHOST.EXE or the like

We really don't want to do hijackthis logs here ,thats why i asked you to move over to the security fourn section,here .
http://64.4.10.250/cgi-bin/linkrd?_lang=EN&lah=218868863cb4ff1ea36ebb29c0db5aab&lat=1090800064&hm___action=http%3a%2f%2fwww%2edaniweb%2ecom%2ftechtalkforums%2fshowthread%2ephp%3ft%3d8367%26goto%3dnewpost

You have trojans/viruses showeing in that log .
Please run this free online virus scan ,reboot run hijackthis again and post a log over in the sercuity fourm
http://housecall.trendmicro.com/housecall/start_corp.asp

svchost ,is a generic process name use by different programs ,I have 4 or 5 in mine .

http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/
and here is more info .
http://support.microsoft.com/?kbid=314056