Posts by caperjack

almost ,fix this one .follow the same instructions as before
O19 - User stylesheet: C:\WINDOWS\win32.bmp

Then delete this file ,you may need to do it in safe mode .
C:\WINDOWS\win32.bmp...delete file

Go for it ,Keep us posted !:)

clean install of windows 2003 over windows ME=== thats a play on words ,clean install over Me !you do mean format the partition that me is on and install win2003 right !
I have never tried this but computers are suppost be challengeing aren't they !go for it and have fun ,nothing a clean install won't fix.:)

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

IE-SPYAD

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

Important: Create a folder on the C: drive called HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Fix the following if left after running cwshredder ans ad-aware .....................................................................

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://martfinder.com/index.htm?aff=4444

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.wholeworldmarket.com/search/

O4 - HKLM\..\Run: [vwhahij] C:\WINDOWS\vwhahij.exe

O4 - HKLM\..\Run: [jsrajqt] C:\WINDOWS\jsrajqt.exe

O4 - HKLM\..\Run: [win32.exe] C:\WINDOWS\win32.exe

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O4 - HKCU\..\Run: [ChkMail] ¸@9

this one is Not malware but suggested fix because its a rescource hog and not needed at atartup.
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O19 - User stylesheet: C:\WINDOWS\win32.bmp

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run CWShredder

How to start computer in safe mode

Make sure you had Ad-Aware setup like this when you last ran it .
Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

And after that, please do the following:

reboot computer and post a new …

\ W I N D O W S \ S y s t e m 3 2 \ h l p m i d b . d l l

Is the offending dll you need to rid the computer of it .

Same problem here,just different differnt dll..this is the one i was watching .
http://forums.techguy.org/t249763.html

We,ve been through this in the security fourm with,Geoss ,and hijackthis shows nothing ,and he/she ran spybot and ad-aware ,already

I dont see that errror message # in the link ,are you saying that they are all the same ,just different #

CatWeazle ,you don't need to be red faced ! it took me awhile too!

i loaded Windows Update Version 5 Preview from microsoft. now have windows xp home sp2 v. 2149 and it is running ok.
Conrad

Well its running OK ,that all that can be expected giving that its Microsoft!LOL

Sorry never heard of the program maybe someone else here has, but in the mean time .
Usuall at the top of most program there is a link to a program called HELP.open SpamPal, and click on it .

i loaded Windows Update Version 5 Preview from microsoft. now have windows xp home sp2 v. 2149 and it is running ok.
Conrad

Could you please post a link here to the microsoft site, where you got it from ,thanks.
Its still Beta i believe isn't it !

Upgraded to ME === not really considered a update any more .:) in my humble opinion never was a good update .:)!!

It could be spyware/malware releated ,check out the Security section and get some of the recomended programs to check your computer .

Put the file in a folder ,right click on the folder and choose ,sharing and security and follow the directions ,if the check box is greyed out ,check out learn more about sharing and security at the bottom of the window that opens .

I have no answers for it ,I see the same thing in all the fourms I go to .my suggestion to u is to start using Mozilla browser.www.mozilla.org

Sounds like a drive issue .did you uninstall the other hp ,If not
Go to Start/Settings/printers ,uninstall and make sure the other HP is installed correctly ,maybe just reload the drivers for it !

Study this tutorial,and google search ones you think look bad.or out of place next time you scan with hijackthis .
http://www.spywareinfo.com/~merijn/htlogtutorial.html

Search ,CLSID [the 016's]- BHO [the 02's]Herr to see if they show up ad good or bad .
http://computercops.biz/CLSID.html

search startups /run/runonce [the 04's]here!Just copt and paste the .exe's [like this one -MSMSGS- or its exe ,msmsgs.exe ]into the search field
http://www.sysinfo.org/startuplist.php

Your welcome ,Any problems ,we'll be here !

do an online virus scan
Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the exact file name and file location so you can delete it yourself.

http://housecall.trendmicro.com/

I get left with this DOS prompt and when I hit any key the computer immediately turns off.

Cannot find SYSTEM.INI.
You need to run Windows Setup again to install this file.
Press any key to continue..._

Sorry ,Don't recall ever coming across one that did that!
Try a different keyboard maybe

I would uninstall video driver in device manager and reinstall .
Go to Video card manufactors web site and get the latest drivers first .

I have tried booting with the startup floppy in and the 98SE cd in.

Do this again ,when you get to the dos prompt ,type in SETUP and hit enter and reinstall win98 over itself .

Hi ,its a nasty one that im still trying to figure out how they remove it ,This is from another fourm ,same problem ,this is what they are telling the person to do if you want we can try there fix .may take some time as they are just starting the post .
do the following .for starters.

.Quote from other site
..............................................................................................
Your not going to get rid of this one with CWShredder. You have a hijack which can be removed using CWShredder but will be reinstalled by a hidden file. So first we have to find the hidden file and remove it.

Copy the contents of the quote box to Notepad.
Name the file Appinit.bat
Save as type All Files
Save on the Desktop.

Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv
ren windows1.hiv windows.txt

Double click on Appinit.bat
This will create a file on the desktop named windows.txt
Attach the windows.txt file here to your next post please.

I am very confused. Why would I want to do this

1. Internet Options - General tab - Home page section
2. Change Address to «about:blank»
3. Click Apply then OK
4. Restart IE
5. Reset your home page.?

I think #5. should say!! Reset your home page, to what every you want to use as a home page .

Remove any addin cards if any like sound and modem nic cards ect ect ,just leaving video and ram and try install over again ,then add cards back in one ata time after full install is done

What i would do in this case is remove all PCI/ISA cards except Video ,like sound ,modem ,Capture,network ect ect, so that all you have added to the board is video and ram! and start over .anf put the cards back in after you hopefully get ME loaded.

Your welcome !

Does this happen with all video or just the crap thats out there to download via the P2P programs like Kazaa and all the rest !

I just installed spybot and it found 4 things, so i had get rid of them. but does spybot run in the background all the time, so if i end up going to a site that has about:blank it will get rid of it automatically?

No ,spybot doesn't run in the backgroung ,try these 3 programs , spywareguard rund in the background
............................

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

IE-SPYAD

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

Yeah ! and the first thing it says on that relly good site is to not use MSCONFIG yo end Processes ,Remember that Processes are not the same as Programs that start at Startup!!!Therse is a difference !!!

If you don't want msn messenger to run at startup just open it and go to tools/options and General and uncheck run when windows starts .

So does it happen if you use the Kazaa lite program to view the video

Have a look here ,happy reading .
http://www.blackviper.com/

You have the peper trojan back again !
You will need to turn of system restore ,this will loose all previsious restore points .Then run the Peper removal again .

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Run the peper removal again and post a new log .

Don't know the answer to the miss connect .
But about those programs ,they are spyware blocking programs ,not spyware removal programs .I have all 3 install and updated regulary and haven't had a spyware problem since install ing last year

Also a trip to windows updates is always good for critical updates and SP1's
WINDOWS UPDATES

Lok is Clean now!

Prevention programs below .

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

IE-SPYAD

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

Just download it from the source it's self.

http://www.microsoft.com/downloads/details.aspx?FamilyID=1e1550cb-5e5d-48f5-b02b-20b602228de6&DisplayLang=en

I think they are looking for a full download,complete file ,not the setup Download /install .

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q255867
From God !:)

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll (file missing)

reboot and post new log

Swshreder is a typo ,sorry ,i will fix in my canned speech,also do this before we use hijackthis ti fix anything ,.

Important: Create a folder on the C: drive called HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Follow the same Technique as before and fix this .
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Try a burn in program .
http://www.passmark.com/

After removing the Trojan ,Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

Download SPYBOT

After …

This one indicates you have the Peper trojan.
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\HotEkc.exe
Follow this .please

Download the removal tool :
http://computercops.us/downloads-file-330.html or
http://downloads.subratam.org/PeperFix.exe

IMPORTANT: YOU MUST BE ONLINE WHEN RUNNING IT and let is have access to pass the firewall.

!!! Please run this twice with a reboot in between.
`

Your welcome .

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

IE-SPYAD

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

Lets start with this ,

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

Download SPYBOT

No internet callmanager is ok its the program that lets you know when someone is calling you ,I useto have when i was on dialup ,we can get it from our local phone/ISP provider .
ICM.
http://www.internetcallmanager.com/

Hi Crunchie...

Nice site, but I have a problem downloading from it.. Is there anything else I can do to remove the tracking cookie.. and what about DSO Exploit? Know what that is?

JaY2

I just went to that site and clicked on the download link and in a bout 8 seconds i had that program ,what problems were you having !

Make sure all browser windows are close and fix these .
O4 - Global Startup: Microsoft Hurtigsøk.lnk = C:\Programfiler\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Oppstart.lnk = C:\Programfiler\Microsoft Office\Office\OSA.EXE

Also if it were my computer i would uninstall the Incredimail program pronto.

If you know what site you are geting the cookie from you can block it in your security settings .

And if you haven't all ready install these programs .

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

IE-SPYAD

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html