Posts by caperjack

Right on ,well done >)

Im not going to analize the log because it is full of stuff that these programs will fix first , online virus scan .

Important: Create a folder on the C: drive called HJT.
You can do this by going to My Computer (Windows key+e) then double

click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this

folder and have it "Fixed checked" it will create a backup file of

modifications to use if restore is necessary.

.................................................................................
Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here …

Ok , I don't usually recommend this but, you have been at it since June 22 ,and still no joy .
Format and reload windows ,takes about 3-4 hrs ,install all updated and Check my signature for some programs to help keep it clean .,and Enjoy yourself .

I have Winxp pro [SP1 and all the updates avaiable] . you know the one that came out before Bills.LOL

It works great havn't formatted since install new harddrive last Fall.
3 users,AMD 1.1 gig ,768 megs sdram ,Aopen Mommyboard ,Via chipset ,Nviada 32meg video ,Sound Blaster live ,burner and dvd player .running from about 5am till midnight ,7 days a week,and it works just fine thanks ,don't need no other Shell .

Make sure you set Ad-aware up like this .

After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

Check out the Security section of this fourm.Sounds virus/trojan releated

Ok ,send away.

you can also search in the Spywareblaster program if you have it install ,just open it and click on Internet explorer .in the list that shows, right click and hit search ,and copy /paste the #'s in .

Log ,looks clean to me

This site can help .
http://www.computercops.biz/HijackThis.html

The programs you are using are only Bata are they not ,windows sp2 isn't releast yet ,so you are bound to have problems .

Anyway right click on the desktop choose properties ,go to settings ,then advanced .for you graphics

They wouldn't auto install would they ,just because they are on the cd in a folder .!???

You don't name the foler c:\ hijack just hijack the c:\ is automatic ,c:\ is the folders path

Thank you ,glad we could help.:)

Pull the ram and see if you get the no ram error beeps on boot up.

Run over there place and open there email program and grab it !:)Too late gone

How about with the windows cd in the cdrom ,go to start/run and type in, SFC

You said

also starts microsoft windows xp professional installer with front page when using IE.

I said

Do you mean Microsoft Office Xp Installer with front page ??

Then you said .

no :"microsoft office xp professional installer with front page"

So waht everone it is do you have it ,to put in when it asks for it ,to see what it will do !!
:cheesy:

thats the same log !!

You are using a verry old version of hijackthis ,go for a newer version .
in my signature

I starting to think the best solution is here .!!like so many others have said .If I were having problems with IE i would use Firefox.
www.mozilla.com

You should just copied /paste it and not moved it

No ,just leave it get lost in cyber space .lol

Here's how to post a Hijack This log - the whole spiel, with (hopefully) every eventuality covered... :

Go to http://www.majorgeeks.com/downloadget.php?id=3155&file=9&evp=3304750663b552982a8baee6434cfc13 , and download 'Hijack This!'.
When downloading, choose "save to disk" and NOT open!

Now this download is a *.zipfile, which means you need to decompress it with a utility like WinZip

Many downloads come in the shape of a compressed file, so it's an indispensible tool, really.
It has an evaluation version which you can use for a month or so
Here's a tutorial. It's extremely easy to do.

Now create a new folder for it, C:\Hijackthis, for example.
After unzipping the file to C:\Hijack This, you'll end up with the file itself, which is Hijackthis.exe, and that's the one you'll need to doubleclick.'

When the program launches, hit the "Scan" button
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, and save the log anywhere you like.

Now if you doubleclick the log file, does it open in Notepad?

If so, go to Edit > Select all, then to Edit > copy.
Now you've copied the entire text to the Windows Clipboard (this happens behind your back.)

Next, go back to this forum thread, and click "Post Reply".
In an empty area click your RIGHT mouse button, and choose 'Paste' from the context menu.
And voila, there's your Hijack This …

no problem !:)

first check you Startup folder, in START/ Programs, and remove any icons releated to programs you may have reciently Dlelete/uninstalled improperly ,check this and reply back .

I gotta stop speed reading .that vserver.vxd didn't even register in my pea brain when i read the post ! :o

also starts microsoft windows xp professional installer with front page when using IE.

Do you mean Microsoft Office Xp Installer with front page ??

first check you Startup folder, in START/ Programs, and remove any icons releated to programs you may have reciently Dlelete/uninstalled improperly ,check this and reply back .

So, do you think my computer is clean now?

Sorry ,yes you log is clean now .
Also these are recomended program to keep the spyware away .I have all 3 install on my computer and have not had any problems in about 6 mnt's !
After you get it all fixed and things are working good ,Download and install these three programs to help stop Spyware .

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

IE-SPYAD

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

If this were my computer ,this is what i would do .Go to http://www.microsoft.com/downloads/search.aspx?displaylang=en and get SP1 and IE sp1 and critical updates for my version of windows ,burn to a cd and then Format hard drive ,reload windows ,stay disconnected from the internet and load all the windows patches and sp1s ,spyware blaster and spyguard ,IE-Spyad and trojanhunter and,connect to internet and get the rest of the windows updates and Enjoy my computer .

y doesnt mozilla work for you it is a lot better than IE?

www.geocities.com/willbill23045

Browsers are persional preference,I don't like the way Mozill does a lot of things and would not say its a lot better than IE.I really like IE because it what I'm use to ,the same way I felt about the earlier Netscapes like Gold and early 4.0 on up to 4.7. i hate the newer netscapes

OK,your welcme

Check out what these guys did to get rid of it 'Simular to what you are doing here with a added program i believe .
http://forums.spywareinfo.com/index.php?showtopic=9134

Go back to fdisk and delete partions and start over ,create one at 75% the the other at 100% of whats left ,esc and then set the first one active ,then reboot computer to the boot disk choosing boot with cdrom support and type Format c: ,then format the other partition .thne At the dos prompt type C:\ and when it changes to c: ,with the windows cd in the drive type - SETUP

first you log look good now ,
I think you should run this free online virus scan ,check auto fix before you run scan .do this on all computers in you loacal network
http://housecall.trendmicro.com/

HJT also presented an error #75 when he was starting to fix the checked files.

a search shows error #75 as some sort of nework error ,when running .EXE on a network or something like that !!

There's something called svchost bodering the spy sweeper. What is it?

Svchost is a generic name /for a process there could be 4 or 5 in the process list at the top of the hijackthis log ,all legit .Threre are trojans/viruses named simular to svchost.like ssvhoste,svcchst and so on and so on.
Im not familur with SpySweeper so i not sure what happening .I don't consider it a needed program as Spy-Bot and Ad-Aware are all you need to run .and they are free ,a lot of the ones that want you to buy them.will fake problems trying to get you to buy!:)

Only thing i can think of is to right click on them and check properties and make sure that something like this is in the target ! and same for mynetwork
C:\Documents and Settings\users name\My Documents

Firs I am going to suggest you uninstall MY WEB SEARCH via the add/remove program in control panel ,you might really lke this program but it is spyware and really not the best thing to have on your computer

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHelper.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll

O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4c\NHelper.dll

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot

O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab
nt

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.6.cab

O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...0006_cracks.cab

Now reboot into safe mode and delete the following files and folders if found ."Fix Checked"...Reboot to SAFE …

fix these !
F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)

This is the only one I can see left.

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

Uninstall Mywebsearch from add/remove. Probably will not solve your problem, but it needs to go.

Strange sort of that wasn't even on the first log!!

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R3 - Default URLSearchHook is missing

F1 - win.ini: run=hpfsched

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_2_3_0.DLL

O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE028.DLL

O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL

O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_30.dll

O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_30.dll

O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll

O4 - HKLM\..\Run: [FontFix] c:\windows\options\systools\fntfix.exe

ok fix these 2 i searched them last time and forgot to add them to be fixed .
R3 - URLSearchHook: FiltURL Class - {5038FED1-CEFE-11D2-9E74-00A0C945A948} - C:\PROGRA~1\netex\URLSEA~1.DLL

O4 - Startup: netex.LNK = C:\Program Files\NetEx\netex.exe

Reboot nadelete this folder .
C:\Program Files\NetEx

post new log
i,m leaving now for work and won't be back all day .good luck

You have 2 or 3 threads going on the same problem !!stick to one thread and stop creating a new one ,We get lost !!!
You get the email everytime we reply to your thread or when you reply to it !!
Just click on you Nicname in ths thread and go to view other post and you will find the one that Crunchie was working on with you ,and he will continue helping you .

The apropiate box is a little box in hijackthis right in front of the line that someone is telling you to fix.
The box would be right here in front of this line for example .O4 - HKCU\..\Run: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1

You really should post the log in the other thread following along ,easier for Crunchie to keep track of you and you problem .

Some items may be gone after running CWShredder .

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html

O1 - Hosts: 64.237.45.18 pagead2.googlesyndication.com

O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll

O2 - BHO: Elitum EliteBar - {FA6548E9-78F5-4025-9D7B-FC1367789C38} - C:\WINDOWS\EliteBar\EliteBar.dll

O4 - HKLM\..\Run: [WinTime] C:\WINDOWS\system32\wintime.exe

This one bother's me but if you know what it is and its something you use leave it ,if not fix it !
O4 - HKLM\..\Run: [NOUN BITS] C:\PROGRA~1\Store locks\Rdrtrans.exe

O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://209.8.161.52/1/deaGB16.exe

Now reboot into safe mode and delete the following files and folders if found ."Fix Checked"...Reboot to SAFE mode to delete files ,How to start computer in safe mode

C:\WINDOWS\system32\wintime.exe......deleted file

C:\PROGRA~1\Store locks\Rdrtrans.exe...........deleted folder ,following advice from above

to delete the above files and folder you will need to do the following
go to Show hidden files & folders
"Fix Checked"...Reboot to SAFE mode to delete files

Run one more program then post back a new log !

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

You really need to stick to one thread ,and keep responding in it and stop bouncing around ,createing new threads ,It would be nice to see a new hijackthis log ,from after you ran the programs i asked you to run.Help will come to those who follow along .It is usually easier to work the log after ,Spy-bot and ad-aware and Cwshredder are run,so post a fresh hijackthis log here !!!thanks

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\he-il\msntb.dll (file missing)

This one is rescource hogg and duggested fix
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

I don't find anything bad on the one could you tell me what it is .
O4 - HKLM\..\Run: [%FP%Barak013 fts.exe] "C:\Program Files\Barak013\fts.exe"

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab

I don't see anything else in you log that could be causing your problems ,they may be hardware releated !

I don't find anything bad on the one could you tell me what it is .
O4 - HKLM\..\Run: [%FP%Barak013 fts.exe] "C:\Program Files\Barak013\fts.exe"

Reboot and post new log .

Good to see you got it fixed .

Log looks good now ,and yes you would still benifit from yhose 2 programs ,install and keep them updated .They are GREATTTTTTT