Posts by caperjack

http://www.pestpatrol.com/PestInfo/b/bpkhk_dll.asp

All this time (2 weeks) and you could of reformated in 30 minutes hmmmmm

Quitter !:) LOL

Quitter !:)

After that ,The latest CWshredder is in my signature ,download and run it in Safe mode !!

RUNME.BAT WITH OPTION 6 LOG (think it's too early for this one but whatever):

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"AppInit_DLLs"="c:\\windows\\system32\\logignh.dll"

Notice the appinit_Dll's"=" key has the filename. we need to clean that key. here is how:

Please double click the runme.bat again. please chose option 7. after that is done run it one more time and chose option 6 and post the new appinit log here.

Post a new Hijackthis log also when done.
__________________

www.mozilla.com

Thew need to be some way to locking the old threads once the problem is solved . to stop the piggiebacking

I think the next instructions would be to use kill box !!this is from the howto that the expert at the classroom has posted for us to learn from ,see if you can follow it

QUOTE
Please download TheKillbox from here: http://download.broadbandmedic.com/VbStuff/KillBox.zip

Unzip the files to a folder, then double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

(full path of file from above next to the 61440)c:\windows\system32\logignh.dll

Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The filenameand path should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.

When you're back in windows, please run the latest version of cwshredder. Post a new pv.zip explorer log along with a hijackthis log.

Then check over the users hijackthis log to be sure its clean.

Next have them run the runme.bat again like this:

QUOTE

Please double click the runme.bat again. This time chose option 6 for appinit contents.
Notepad will open with a log in it. Please copy and paste it into the results.

here is a sample:

QUOTE

Windows Registry Editor Version …

ok i will be back as soon as i can with the next step

You should read Merijn's HijackThis log tutorial: http://www.spywareinfo.com/~merijn/htlogtutorial.html

CoolWebSearch Variants ,
http://www.spywareinfo.com/~merijn/cwschronicles.html

TonyKleins BHO and Toolbar lists are essential references, frequently updated.
http://sysinfo.org/bhoinfo.php
and
It is very convenient to use Merijn's BHOList app. for searching them. http://www.spywareinfo.com/~merijn/files/bholist.zip
Use Ctrl-Z to toggle between the BHO and Toolbar lists. X means bad

Pacman's Startup List is where you can look up the O4 entries. http://www.sysinfo.org/startuplist.phpBUSY A LOT
Another good list is at http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

OFF LINE Programs ,download the Full -list .Zip
http://www.pacs-portal.co.uk/startup_content.php#THE_PROGRAMS

And Google is a wonderful help. I recommend the toolbar toolbar.google.com

And CWShredder has a debug option for looking for black listed sites .
Install CWShredder ,copy a shourtcut to your desktop,and right click /properties and in the target copy this ,C:\cwshredder\CWShredder.exe /debug
now click on the shourtcut and you search for black list sites .

these 2 programs will help stop the madness .

Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

Ok I got areply and they say the PV log looks clean and this is his suggestion !!

To manually check for hidden infection:

Start | Run (type) "regedit (no quotes)
Navigate to:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

Highlight the Windows key (left pane)

Right-click on "AppInit_Dlls" (right pane)
Right click and select: "Modify Binary Data"
Note: the default (hidden value = 0000 00 00)

If the above is not the default = hidden dll to reinstall the hijack.
You should be able to see the "path" to the infected dll.

Make a note of the filename and location (folder)

post it here. It will look funny like this if you are infected:

Value name:
AppInit_DLLs
Value Data:
0000 00 00 3A 00 77 00 ..:.\w.
0008 69 00 6E 00 6F 00 i.n.d.o.
0010 77 00 73 00 73 00 w.s.\.s.
0018 79 00 73 00 65 00 y.s.t.e.
0020 6D 00 33 00 5C 00 m.3.2.\.
0028 63 00 6F 00 2E 00 c.o.m...
0030 64 00 6C 00 00 00 d.l.l...
0038

OFF topic Crunchie ,view file its the hjthelper in action .

will get conformation on you log and post back when i get it .

if you mean post a log look at how to setup hijackthis in my signature

go to tools /internet options/advanced / browsing and uncheck reuse window for launching shortcuts

nothing bad in the log

Quick Launch - Missing or you receive an error message, to correct:

This behavior can occur if the Quick Launch folder has been deleted. To resolve this issue, recreate the Quick Launch folder. Create a folder named Quick Launch at the following location:

C:\Documents and Settings\Application Data\Microsoft\Internet Explorer

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:)

I been doing some reading in the SWI fourm Bootcamp and you appear to have the latest CWS ,and it need to be handled in a different manner please bear with me as its new to me ,but i will try my best and get help from the experts at SWI for you ,so do the following ,first step of 5 steps .")

Download this zip.

http://http://tools.zerosrealm.com/downloads/pv.zip
Please unzip it to the desktop. It will not work if you run it from inside the zip.

After unzipped go to the desktop. Open the pv folder. Double click on the runme.bat

A dos window will open. Please select option 1 for explorer dll's by typing 1 and then pressing enter.

Notepad will open with a log in it. Please copy and paste the log into this post.

if you got rid of the malware problems and they returned ,when you format and continue using IE and the internet you will get infected again and again ,so no real advantage to formating .I haven't formated my computer in about 10 mnts .I use xp firewall and spywareblaster and spywareguard and Norton antivirus ,ad-aware,spybot ,3 users all admins ,downloading from P2P ,haven't had spyware problem since i install a free screensave program !

http://www.webtree.ca/windowsxp/repair_xp.htm#How%20to%20Repair%20Windows%20XP%20by%20Installing%20Over%20top%20of%20Existing%20Setup:

the systray look ok to me .how are you determining it to be the bad one crunchie .

http://www.answersthatwork.com/Tasklist_pages/tasklist_s.htm === right down the bottom the difference i see is the upercase T in SysTray.exe ,lower case in the bad one .I do a search at SWI and noone is fixing it when its in a log .

hi iv been reading this post, whats the workaround for loading xp if you have upgraded your machine, someone mentiond it in this forum earlier on ? i think it was tatooie

u can do a fullinstall of xp with the xp upgrade disk all you need is to have the win98 cd to put in when asked for proof of ownership .

http://michaelstevenstech.com/index.html

No guarentees, as it could be a couple things, but please do these:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own. Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for …

No guarentees, as it could be a couple things, but please do these:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own. Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for …

Thanks for the help Crunchie,
on this one I can't find anyone fixing it ,or anywhere that says what you are saying ===O4 - HKLM\..\Run: [SystemTray] SysTray.Exe,

lastoria ,don't fix this one as suggested ,leave alone it is OK
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

Definition =
This program runs the Windows System Tray, which is that part of the Task Bar where the Time is displayed. The System Tray is often used by other installed programs for their icons to be displayed in it.

Recommendation :
Leave untouched.

does it boot in safe mode

How to start computer in safe mode

I have never had a stop error ,but have this link in my favorites just in case ,
http://aumha.org/win5/kbestop.php

No guarentees, as it could be a couple things, but please do these:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own. Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for …

Sorry for the delay, was cruising the Carribean ahhhhh.

Now is that anyway to talk to someone living in Snowey Eastern Canada .:) good luck with you hijack .

OK i did this ,this morning from you first log so remove any thing thats left in your latest log ,i don't have time to edit my response sorry.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearching.com/passth...p://about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R3 - Default URLSearchHook is missing

O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-AA8E-8E1CA787AD2D} - C:\PROGRA~1\POWERS~1\TOOLBAR\PWRS0108.DLL

O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINDOWS\ADROAR.DLL

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\TOOLBAR\TOOLBAR.DL

O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe

O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe

O4 - HKLM\..\Run: [PGStub.exe] C:\DP-B23011805.EXE

O4 - HKLM\..\Run: [WAST] C:\WINDOWS\WAST

O4 - HKCU\..\Run: [atiupdate] C:\ATIUPDATE2.EXE

this one i can't find any thing about it, i think the fact that its running from the temp folder tells me its most likely bad
O4 - HKLM\..\Run: [Ax5dou.exe] C:\WINDOWS\TEMP\AX5DOU.EXE

O16 - DPF: {1167BEEB-1CB0-47C0-A491-1E40B8EF1285} - http://www.cursorzone.com/cursors/C...setup_td035.cab

This one is strange looking do you know what it is .
O4 - HKLM\..\Run: [Platform regs] C:\PROGRA~1\FLAWFO~1\Default Axis Five.exe

Now reboot into safe mode and delete the following files and folders .

c:\Program Files\AutoUpdate --Del folder

Sorry Caperjack, was doing it whilst you posted.

no problem .I'm over 50 so its necessary for me that people post in there own thread .The Memory is gone !!:)I gets all UCKED UP

C++ is computer language ,for creating windows programs

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:)

Good luck buddy they do it to get credit in pissing you off. So we talk about it like we are now. No reward I would love to do something and have everybody every where on radio on TV and on fourms talk about my spyware/virus. That's just me buddy since you seem to be very techy why not a reformat like I always recommand. Unless this is a business we can get into some work arounds. I tend to help people better over voice not text sorry buddy good luck to you keep us informed.

Its more fun to try and fix ,formatting is easy :)

hey and when and if some1 does decide to help me.. can u put my screenname at the top of the post.. so i knwo that that is my fix

Imagin and all we asked in the thread over and over was for people with this problem to create a new thread of ther own, so we could keep track of who we are helping ,thanks .now post your log in a new thread of your own !!:)

Also put hijack in a folder of its own ,like c:\HJT\hijackthis.exe , not just sitting on the desktop

I don't see anything in you log to do this ,next time run and post hijack log before you delete the files

you can delete this file .

C:\WINDOWS\SYSTEM\blank.htm

Sure ,Was sitting here waiting for you response back from last mnt's post ,boy My ass is sore !!:)

Next, download LSPfix here: http://www.cexx.org/lspfix.htm
Launch the application, and click the "I know what I'm doing" checkbox.
Check all instances of inetadpt.dll (and nothing else), and move them to the "Remove" pane.
Then click Finish.

I have a response all ready to post as soon as i see a new log and that you have unzipped hijack to a folder of its own ,thanks

you still don't have hijackthis in its own filder and i can't recommend any fixes until you do .And yes please just copy/paste the log into the post .

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Then run adaware and SpyBot in my signature ,check the how to setup and thne run both programs.then post a new hijackthis log .

You have a lot of problems the first to deal with is the peper trojan .

http://www.memorywatcher.com/uninst.exe

When you run the uninstaller, you MUST have an internet connection active for it to work.

Please run this twice with a reboot in between.

http://www.ameriwebs.net/groupworks/bob/doswin.htm

http://www.ameriwebs.net/groupworks/bob/dos3com.htm#Del

Hi
i got the same prob with bridge.dll looks like its a common prob but what u all do to get rid looks complacated is there an uncomplacated way of getting rid of the startup message i am a novice at all this

Yeah get a big hammer and give it a wack!:p)

it could be virus has all you EXE's corrupt ,did you try running you antivirus program in safe mode !

http://msdn.microsoft.com/visualc/ :p
I don't know

No guarentees, as it could be a couple things, but please do these:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own. Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for …

for your reading pleasure.
http://www.generation.net/~hleboeuf/erundl32.htm

a little reading here might help ,not sure didn't read it all .

http://support.microsoft.com/default.aspx?scid=kb;EN-US;279765

well i went i looked i signed up no problems .is it new to you or have you been a member fo a while and the login just stoped working ,it maybe logging in you just need to click on myblog for it to change .
Is this the site you are refering to.
http://www.modblog.com/core.mod