Posts by caperjack

Make sure all browser and all Windows Explorer windows are closed before fixing.and running hijackthis .

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50110

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://look-today.com/searchbar.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://prosearching.com/passthrough...irginnet.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://look-today.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explo
rer\Main,Search Page = http://look-today.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50110

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Virgin.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50110

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL

I cant find any info on these two, but think it needs to be fixed,un less you know the Browswe Helper Opject its refering to
O2 - BHO: (no name) - {7A90F330-CE27-5404-3BF3-B422778E3006} - C:\PROGRAM FILES\FASTDEFAULT\NAMEVGA.DLL

O3 - Toolbar: DownloadOne - {60F27C03-AD54-4E36-A0CD-0C6F9523ABED} - C:\PROGRAM FILES\FASTDEFAULT\NAMEVGA.DLL

O4 - HKLM\..\Run: [TB_setup] C:\WINDOWS\TEMP\TB_SETUP.EXE /dcheck

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

this one is ok,but is a resource hog and not needed in startup.
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE …

Norton reports a virus when i click on the reply /quote to XXplosive's post above ,Be careful .

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

Download 'Hijack This!'.HERE

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.

reboot computer and post a new hijackthis log

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

run cwshredder again but run it in safe maode and then post a new hijack log

I would check Netscape help and see if you can find any info on others haveing the same problems .

Its been so long since i use Adaptec ,but you need to set it before the burn to not close the cd so you can keep adding file ,you will not be able to read the cd in another cddrive,until your last burn and you choose to close the cd at the end of the burn .

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\APPLICATION DATA\MSQO\MSIESH.DLL

this is not spyware but is a resource hog and not needed in startup
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Startup: PowerReg SchedulerV2.exe

Now reboot into safe mode and delete the following files and folders if found .

C:\WINDOWS\APPLICATION DATA\MSQO\MSIESH.DLL....del file and maybe the MSQO folder

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

reboot computer and post a new log

I tried this and it worked as far as to bring up a different aspect of CWShreadder. I can see where to past the line but there is no button to execute the search.

It looks like this:
[IMG][IMG]C:\cwshreader.jpg[/img][/IMG]

There is no search button it will just say YES or NO.
when you are checking a CWS,you don't put in the HTTP//www.
just this part .[couldnotfind.com] and the NO will change to a Yes

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

Your welcome ,glad I could help!

just a couple of things I use or do ,google search for a lot of the bad DLL's
I use BHOList.exe to search this and its also searche for bad Toolbars#221E8D90-C439-4297-B84A-EA3291D7CB1A
you can get it here .http://www.sysinfo.org/bhoinfo.html

If you have CWShredder install on you computer ,create a shortcut to it on you sesktop ,right click it and go to properties.in the target line add this , /debug not there is a space between whats there and the /,
now when you click on the short cut you created you use shredder as a tool to search CWS ,like this .R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_...count_id=138308.From that line you copy and past this into the shredder tool.
couldnotfind.com ,and it will tell you if is or isn't CWS.

you can also search for the bad 016's ,in SpywareBlaster if you have it installed on you computer .that program can be found in my signature in How i Got Infected In the first place .just open Spywareblaster and click on /internet explorer along the top and then right click on one of the idems in the list and click search .

I use this site for Hijackthis tutoral.
http://www.spywareinfo.com/~merijn/htlogtutorial.html

and this one for good and bad LPS's=010's in the log
http://www.angeltowns.com/members/zupe/lsps.html

and this one to search 017's IP addresses.
http://www.arin.net/whois/

I use canned speaches for my posts with …

not familiar with that dll, and a search of it goes no where .
sorry to hear about the laptop
You latest log look good now.

Actually my security settings are to high to go to either link!

Thanks,Crunchie .I forgot there was one !!

Also a trip to windows updates is needed for critical updates and SP1's
WINDOWS UPDATES

Any reason why you didn't fix this as suggest in early post or did you fix and did it return'
O4 - HKCU\..\Run: [Ltho] C:\Documents and Settings\Owner\Application Data\ootr.exe

Yeah fix this '
O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsu.exe
Then reboot and delete this file '
C:\WINDOWS\System32\wnsintsu.exe

Quote from another source .
Task which is dropped onto your PC when you run the free “hidden pornography scanner from PuritySCAN.com. At the time of writing, 9‑May‑2004, PuritySCAN.com purports to scan your PC for hidden pornography and help you remove it. For a start, at the time of writing, 9‑May‑2004, the scan for pornographic content is a total scam and downright dangerous.

check to make sure you CPU is not overheating,open case and make sure that the CPU fan is running and free of dust !
Are you getting any error message !

well i guess its worth a try. The question is will the mp3 cd player know what to do with the playlist file? I'll have to find out.

Not likely !

East ,just boot computer with a windows bootdisk,and type scandisk at the DOS prompt .If you don't have a bootdisk create one in control panel ,add remove programs ,create boot disk ,you will need a clean floppy disk to do this !
Or download this one and extract it to the floppy !
http://www.24by7.ca/files/boot98se.exe

...........Diddo!!

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\SearchBar.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://preview.sweetcelebnudes.com/d4.phtml?ip=10734

This one looks suspisous ,I can't find anything on it ,that usually means fix it .do you know what it might be ,perhaps do a search for wineg32.dll ,and check its preferences to see who ownes it !If its Microsoft leave it alone .If you find it and think it is a bad file delete it !!
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Owner\Application Data\wineg\wineg32.dll

this one is a resource hog nad not needed in startup.
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe

Now reboot into safe mode and delete the following files and folders if found .

C:\Program Files\Common Files\updater... delete folder

C:\WINNT\System32\SearchBar.htm...delete file

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

I think either of these 2 could be making a warning sound !
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

spybot is waiting for a reboot to finish its scan '\,do that first then
!!
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

reboot computer and post a new log

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

Download 'Hijack This!'.HERE

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.

reboot computer and post a new hijackthis log

You need to contact you Internet service provider .There is nothing wrong with you log ,so it may be hardware/software ,Or maybe the Aliant stirke!!
Bad modem maybe or bad configuration somewhere .

I would go to control panel ,sound & audio/Sound and use no sounds .to see if its from a windows Sound scheme

first unzip hijackthis to a folder of its own like c:\HJT\hijackthis.exe
then fix this or look for it in add and remove programs, look for weather cast! and uninstall it .
I remove it from all computers people bring to me to be fixed .

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

Read this .
http://sarc.com/avcenter/venc/data/adware.weathercast.html

http://www.geekgirls.com/windowsxp_home_network.htm

http://www.wown.info/j_helmig/guide.htm

http://www.homenethelp.com/

I think it is possiable that the 2 OS were sharing some file ,and now that it only copied xp. it left the shared files behind ,
did you partition the new drive before you got the program to copy the OS's.
if yes ,then maybe all you need to do is run the program again an see if you can get it to copy win98 .
If you still have the old drive still intact, format and partition the new drive and try copying it again!

I think that DMR picked that up too. I think we need a fresh log to view.

you are right ,i need to stop speed reading.:)

Dtanis18,please start with these programs.and the first free online virus scan in my signature .

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

You Have A Variant of the CoolWebSearch Trojan.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

After a quick google search I came up with the following thread at another board:

http://computercops.biz/postt14722.html

Everyone log is a little different ,not really a good Idea to tell someone to delete things base on what someone else was told to remove .
Excample the person in the other post is running win98 ,the poster here is running XP.

and Spybot

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

Run the First ,free online viruse scan in my signature ,check auto fix .

Reboot and post fresh log ,thanks .

You are right you do havea lot going on lets start with these programs .

You Have A Variant of the CoolWebSearch Trojan.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

I don't see any bad 016's ,the good ones will come back when you visit the site again .so i would fix all of them !You never know .

This looks funny ,note the 2.exe's
O4 - HKLM\..\Run: [rundll32.exe] C:\WINDOWS\System32\rundll32.exe.exe

NIC ,why come into a fourm and start answering post that are 4 or 5 mnts old !!

I don't know ,did you try disabling you avti virus or zone alarm and surf ,or maybe try Mozillas firefox to see how fast it surfs .give it a try !
http://www.mozilla.org/products/firefox/

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

check the !!please read in Crunchies signature

http://www.computercops.biz/postlite7736-.html

post a hijack log

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

Don't know if this will help with you problem but fix these and reboot computer
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll (file missing)

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll (file missing)

O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://www.real-euros.com/EPlugin.cab

reboot computer and post a new log

Extreme360. Might i suggest you start a thread of you own instead of hijacking this one !!do the following but when you post back create a new topic of your own !

Might I suggest Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

Download 'Hijack This!'.HERE

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.

reboot computer and post a new hijackthis log

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: PowerReg SchedulerV2.exe

Fix this one for sure ,but with so many 016's I would fix all just to be sure ,the good ones will come back when you visit the site again .
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/2445366c65e79f...etzip/RdxIE.cab

reboot and check your speed ,post new log also !

Try both of these '
Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup Ad-Aware and Spy-Bot S&D
http://www.zerosrealm.com/scanning.php