Posts by caperjack

You may get more help with you problem here .
http://notebookforums.com/forumdisplay.php?f=65

I know, you know what you are doing but will post this anyway .
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q255/8/67.asp&NoWebContent=1

I don't have time to finish reading you log right now ,but the system IDEL is suppost be high ,it means that you system is 80-90% idle!!that good

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please print a copy of these instructions because you will be working with all windows closed except HijackThis.

not much bad stuff inthe log just a couple of dialers .

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=

O16 - DPF: {B3AA2F6B-6BAF-11D3-BA05-00C0F0322972} - http://209.132.192.13/EMI404/downlo...ensored_Sex.exe

O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin.com/plugin/110539.exe

O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} (IEDial Class) - http://usa-download.nocreditcard.co...t/ieaccess2.cab

O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://directplugin.com/tl4000.dll

Reboot and post a fresh log ,thanks

Please go to your other thread and post a new hijackthis log ,for Crunchie to have a look and finish what was started there.

2 links for you ,first one leads to the other .

http://club.cdfreaks.com/lite/t-76173.html

http://www.pestpatrol.com/PestInfo/B/Backweb.asp

Gah...like all others-not even registery deleting will help...

Plz help me...

No guarentees, as it could be a couple things, but please do these:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'.HERE

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press …

Hijackthis creates backups ,so if fixing that item does anything you can restore it with hijach ,I don't think removing it will hurt anything .

No guarentees, as it could be a couple things, but please do these:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

reboot post new log

Your welcome.

Howdy yal, Ok I now this is a basic question but humor me. I am trying to use a factory system restore cd for xp pro. Other people use this computer nad the thing is a all funked up with adware, spyware yada yada...So I want to reinstall the operating system and give the old pc a clean slate:cheesy:

My trouble is that when I through in the restore cd and restart the computer the computer wont boot from the cd like my other computer.I now im probably
any help I would be moocho gratefull.

When booting the computer hit the DEL or maybe the F1 key to enter Setup/ BIOS, in there go to Advanced bios features.[ http://www.buildeasypc.com/sw/bios_setup_abf.htm ].hi-lite it and hit enter ,and in there you will be able to change the boot sequence ,change it to CDROM,A: and C:\
hit the ESC key and hit f10 and Y to exit and save changes .

there are different bios screens here is Phionex bios .if you have this one look for boot across the top .
http://www.computerhope.com/help/phoenix.htm

The othe biggies is Award bios ,my first instruction is for award ,I can't find a good picture of it ,opened .

Here's how to post a Hijack This log - the whole spiel, with (hopefully) every eventuality covered... :

Go to http://www.lurkhere.com/~nicefiles/ , and download 'Hijack This!'.
When downloading, choose "save to disk" and NOT open!

Now this download is a *.zipfile, which means you need to decompress it with a utility like WinZip

Many downloads come in the shape of a compressed file, so it's an indispensible tool, really.
It has an evaluation version which you can use for a month or so
Here's a tutorial. It's extremely easy to do.

Now create a new folder for it, C:\Hijackthis, for example.
After unzipping the file to C:\Hijack This, you'll end up with the file itself, which is Hijackthis.exe, and that's the one you'll need to doubleclick.'

When the program launches, hit the "Scan" button
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, and save the log anywhere you like.

Now if you doubleclick the log file, does it open in Notepad?

If so, go to Edit > Select all, then to Edit > copy.
Now you've copied the entire text to the Windows Clipboard (this happens behind your back.)

Next, go back to this forum thread, and click "Post Reply".
In an empty area click your RIGHT mouse button, and choose 'Paste' from the context menu.
And voila, there's your Hijack This …

Your welcome ,glad it worked for you !

It been a long time since this happened to me but this help me ,this will stop msn messenge from starting when you load Outlook express

http://www.dougknox.com/xp/scripts/xp_hide_messenger.vbs

.it maybe because msn messenger is starting when outlook in booting .use dougs file to stop msn from starting .dougs stuff is safe i have used a lot of his fixes .
http://www.dougknox.com/

My suggestion would be to install a good sound card in your computer and disable the unboard Sound ,if that is not possiable ,make sure you have the latest drivers for you intergrated sound chip .

Okay,

When I shut down the other night, I got a message that said "Other users are still connected to this computer.

Thanks.

Is you computer setup with just one user account or multiple accts ,I have 3 users and if one ,besides me is signrd on i will get this message when i go to shut down ,If you just have one user you may have had the admin acct opened ,that is why you got the message 1

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

Boot to safe mode and delete this file .

C:\WINDOWS\system32\fservice.exe ..delet this file .
How to start computer in safe mode

Here are some simple steps you can take to reduce the chance of infection in the future.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
a. Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

1. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

2. Download and install the following free programs]
a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
b. SpywareGuard: http://www.wilderssecurity.net/spywareguard.html
c. IE/Spyad: http://www.staff.uiuc.edu/~ehowes/resource.htm

1. Install Spyware Detection and Removal Programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms …

thanks, can you please explain how this will affect the pcs performance though? Also can you recommend a good battery. cheers

Actually rereading you post ,your clock shouldn't loose time when running because it no longer is running from the battery ,does it loose a whole lot of time when computer is shuttdown.
If it is the battery Radio Shack type is fine .

Edit : I just found this tidbit of info .
http://www.itc.virginia.edu/desktop/dci/timeloss.html

install and new battery on your motherboard .

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please, copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)

R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost34.exe

O4 - HKLM\..\Run: [gjlfmne] C:\WINDOWS\System32\qidawd.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

Now reboot into safe mode and delete the following files and folders if found .

C:\WINDOWS\System32\IEHost34.exe.........delete file

C:\WINDOWS\System32\qidawd.exe.......delete file

C:\Program Files\TV Media.......delete folder

C:\Program Files\Common Files\GMT...delete folder

C:\WINDOWS\System32\SearchBar.htm......delete file

to delete the above files and folder you will need to do the following
go to
…

Hijackthis creates backups of what its fixes ,it should have been in a folder of its own ,.like this .Do the following and you can then move the files in mydownloads to the folder also .

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Two things i found people are trying for the notepad problem .
Another thing worth checking.
I had a trojan last week that renamed my notepad.
Do a search on your system for notpad.exe or look in your systems folder.
If you do find it,you have a trojan.
The original notepad is now called notpad.exe and the trojan notepad.exe.
when it enters the system it renames itself as notepad.exe and renames the original microsoft file to notpad.exe thus rendering it useless.
You need to delete notepad.exe then rename notpad.exe back to notepad.exe.

and this one
Try this . download notepad .exe , and place it in both these locations:
C:\WINDOWS and C:\WINDOWS\System32

http://www.computing.net/windowsxp/wwwboard/forum/106060.html

Thanks!

Can some one tell me a manual removal or product to get rid of it please?
Still having in my system that pest...

Finding it is a bug in spybot ,so you should just set it to ignore it .

The download link in my first post has been fixed please download from here instead of the zip i added

=== Get File Info ===
Download Beta-Fix.exe from :
HERE
Link isn't working for some reason Right click and copy shortcut and past it into you address bar and hit enter to activate the download .

This is just a test i will be editing my message after i fininsh the test .thanks

edited .

Spywareblaster and Spyguard in my signature ,FREE and great programs .Also read how i got infected in mysignature and you will see a link to IE-Spyad .also recomended and free .I use all 3 and spyware is Rare on my machine ,the last i got was from a free screensaver program 6mnts ago and that was before i install the 3 programs

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

See if you can delete this file .
fileC:\Documents and Settings\owner\Local Settings\Temp\sp.html
Also try running the free online virus scan in my signature .

Any help at all please? Nothing I do seems to work.

Sorry for not getting back earlier I work allday at a real job .

Step 2==== Delete Hidden DLL ===
Open the Beta-Fix folder.
Open the keys1 folder.
RightClick on the "MOVEit.bat" file, select--> edit.
Copy and paste this line into the batch file, replacing the line there.

move %WinDir%\System32\WINNC.DLL %SystemDrive%\junkxxx\WINMIA.DLL

Save the file and close.

Get ready to restart!
Still in the keys1 folder, double click on FIX.bat.
You will get an alert of ~20 secs before reboot.
Allow it to reboot!

On restart, Open the Beta-Fix folder.
DoubleClick on RESTORE.bat.
When it is finished, open the Beta-Fix folder.
Post the contents of Log1.txt in this thread.

=== Batch Clean Up ===
Open the Beta-Fix folder.
Open the Files2 folder.
Double Click on the ZIPZAP.bat.

It will quickly clean the rest and will make a copy of the bad file(s) in the same folder (junkxxx.zip) and open your email client with instructions.

Simply drag and drop the junkxxx.zip file from the folder into the mail message and submit to the specified addresses.

Please be sure to include a link to your log file in the email.

When done, please delete the entire Beta-Fix folder.

=== Clean Remaining Infection ===
Please Download CoolWebShredder, from
http://www.merijn.org/files/cwshredder.zip
http://www.zerosrealm.com/downloads/CWShredder.zip

Extract …

Instrucitons follow:

=== Get File Info ===
Download Beta-Fix.exe from here:
Beta-Fix
Link isn't working for some reason Right click and copy shortcut and past it into you address bar and hit enter to activate the download .

Double Click on the Beta-Fix.exe and it will install the batch file in its own folder in the same location as the file you downloaded.

Open the Beta-Fix folder and double click on !LOG!.bat
IMPORTANT! Before you run this tool please close ALL running programs and ALL Windows except Find-All.

Relax, sit back and wait a few minutes while the program collects the necessary information.

*NOTE:If your AntiVirus is running a scriptblocker, when you run this tool, you will probably receive an alert warning you that the script is running. "Allow" the script to run.

When the program is finished:

Open the Beta-Fix folder.
1. Post the contents of Log.txt in this thread.
2. Attach file Win.txt to the same post. (Please attach, do not post)
(If this board does not provide the ability to attach documents to your post, then please post the Win.txt file in this thread)

ehh I just need fast help, but fine...

So if you just need fast help how come you didn't post your log in you own thread yet .

Instrucitons follow:

=== Get File Info ===
Download Beta-Fix.exe from here: Beta-Fix The isn't working for some reason so ,Right click on Beta-Fix and copy shortcut and past it
into you address bar and hit enter to activate the download .

Double Click on the Beta-Fix.exe and it will install the batch file in

its own folder in the same location as the file you downloaded.

Open the Beta-Fix folder and double click on !LOG!.bat
IMPORTANT! Before you run this tool please close ALL running programs

and ALL Windows except Find-All.

Relax, sit back and wait a few minutes while the program collects the

necessary information.

*NOTE:If your AntiVirus is running a scriptblocker, when you run this

tool, you will probably receive an alert warning you that the script is

running. "Allow" the script to run.

When the program is finished:

Open the Beta-Fix folder.
1. Post the contents of Log.txt in this thread.
2. Attach file Win.txt to the same post. (Please attach, do not post)
(If this board does not provide the ability to attach documents to your

post, then please post the Win.txt file in this thread)

set spybot to ignore them ,as long as you have all your windows updates it will be ok .In spybot go to mode /check advanced ,then go to settings ,click on ignore programs and scroll down to DSO expoits and check to ignore .

Strange one ,I've never see that happen before !

and wow your a real funny guy, i almost laughed then i realized it wasnt funny.

you are right it isn't funny, whats funny is loading a program like SETI on you computer and wasting you rescources !:)

Yes it would be a waste of money ,as these Fake programs are adding the Stuff it's finding on you computer ,its not reall bad stuff thats why spybot and adaware don't list it .,so you have to pay to get it cleaned,The one you mentioned is on the list of fake programs .
http://www.netrn.net/archives2/000550.html

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {17A54BFC-8214-4F5C-B1A7-A161BFA5FDCC} - C:\PROGRA~1\XSOFTW~1\XPCSPY~1\IESpy.dll

Reboot computer and post a fresh log .

http://www.kephyr.com/spywarescanner/library/xpcspypro/index.phtml

To use SFC in xp you type this in run .
SFC \SCANNOW
Having said that SFC isn't going to fix a Hijack!!

When I first read this post i didn't know what you were talking about ,it wasn't until i read you post, about this post being delete that i realised that the "THIS" was a link ! Good Day Ah!

What if You have no idea when you were infected .as not everyone uses there computer every day ,some don't turn them back on for weeks at a time !!

A few questions here, and please forgive my ignorance regarding AOL.

What purpose do you use the AOL browser for? I can't for the life of me imagine any task which Internet Explorer is unable to perform.

I agree ,I can't believe load that piece of crap on there computer .

Aol is not a chat program it America Online's Browser .

did you upgrade to xp over 2k ,or do a Fresh and clean install of XP

Download and run the TrojanHunter in my signature

It plays as a mp3 on you computer , it should play as a mp3 on a burnt disk !
Email me the file if you like and i will see what i can do with it .
jnburton2003@hotmail.com

or just ,delete it and download it again .

Okay Every Time I Turn On My Computer I Have To Click My Account To Go On...And Ive Never Had That Before...:

for this one go to control panel/Users,and clickon change the way you log on and off,and make the changes there .

And Every Time Im Not On The Computer Maby After 1 hour or 30 Min...My Computer Logs Off To The Account Screen..:evil

this should be where ALC is saying it is ,when you click on the screensaver tab you should see right next to where you change the time before the screen scaver comes on you should be able to uncheck ,ON RESUME GO TO Welcome Screen .This is most likely you problem .

You need to post the log from dllfix ,also

Ok This Happend After I Restored My Computer...After The Spy Ware Incident..

Oh Yea And Now...I DOnt Have the 256 bit color thing...when i go to propersties....now i only have 32 bit and 16 bit :S

Most don't have 256 anymore as the newer games don't run in 256 colrs .if you are looking to run a older game in or something in 356 colors ,right click on the programs .EXE icon and choose properties/compatiablity and click to use 256 colors

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

Unless you want a fist full of Spyware don't use this program .fix this .
O16 - DPF: {C7932801-AF0C-11D6-8137-0050DA5F0293} (RdxIE Class) - http://www.grokster.com/rdx/RdxIE.cab

Reboot and post a fresh log .

also might be a good idea to get SPY-BOT in my signature also che the how to use it .

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.