Posts by caperjack

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

fix these two ,01's if you didn't put them in your host file
O1 - Hosts: comments (such as these) may be inserted on individual

O1 - Hosts: 62.216.18.38 servserv.westwood.com

O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)

O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe

O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe

O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe

O4 - HKLM\..\Run: [] c:\WINDOWS\System32\

O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.accessoveloce.com/univ/scd/x/scdtattoo1x.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.6.exe

O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab

O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.aimphuck.com/Imbum_bw.cab

now reboot computer in safe mode again and delete the following folders

C:\Program Files\Orbit\----Delete orbit folder

C:\Program Files\Open Site\--delete open site folder

to delete the above folder you will need to do the following
go to

"Fix Checked"...Reboot to SAFE mode to delete files

How to start computer in safe mode

Show hidden files & folders

reboot computer and post a new log.

it still showes that you are running hijack from a temp folder .
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

please do the above while i work on your log .

Also in my signature get and update and scan with adaware and spybot ,also check the how to setup both also in my signature.Then this .

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

and then post a new hijack this log thanks

could be a virus/trojan, try the online virus scan in my signature

Yeah it sounds like a memory problem .

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prmd_stp_fvlq.asp

for your Hpcmpmgr problem .

http://forums1.itrc.hp.com/service/forums/questionanswer.do?admit=716493758+1082231146493+28353475&threadId=529949

this [O17 - HKLM\System\CCS\Services\Tcpip\..\{CAA9D0AD-CF25-4770-A47D-0EF5878340CC}: NameServer = 205.152.144.235,205.152.132.235
]should be all right it ip address for BellSouth.

also for backup reasons hijackthis.exe should be in its own folder .not just in mydocuments folder

And do this before you run hijackthis again and then post a new ,full log .

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Download 'Hijack This!'.http://www.computercops.biz/downloads-file-328.html
Unzip to a permanent folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
then post the log. here.
and I will help you remove what is causing the system32 folder to open at startup

this can and should be uninstall via add/remove programs .
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

this 016 should also be fixed .
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab

im trying to delete a file on my computer and it says that it cannot delete it because it is in use by another program. So far i cannot find what program is using it. I've tried restarting my computer and then trying to delete and that wont work. Is there anyway i can get around this and delete it. btw, running xp.

What file ,were did it come from !

And on and on and on we go !

boy this is one crazy fourm ,drives me nuts that people can't start a thread of there own !!I can't keep track of whos who!!

Cool!!! where do you get these stuff??? google?

Yes !An Amazing tool that Google :)

Spyware/adware the biggest problem with computers connected to the internet today.

Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

so did it help with you orginal problem

A couple of things to fix .
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O13 - WWW. Prefix: http://

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03200ae...ip/RdxIE601.cab

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sol.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - {E9147A0A-A866-4214-B47C-DA821891240F} - c:\windows\system32\ngsw31.dll

Reboot and delete this file .
c:\windows\system32\ngsw31.dll --- delete file only

Reboot and post a new hijack log

http://www.computerhope.com/issues/ch000368.htm

sorry if there has alreadu been a thread on this
I am operating Windows 98SE
I am having trouble w/ popups and embeded exe files in my startup.
Each time I open my browser, i get pop ups.
I run search and destroy, but they all seem to come back, even after I immunize.
As my PC boots, I go through about 20 rouge .exe files as my ssytems "searches for them. I cancel the search and the PC boots up.
I realize I have a few problems going one and I am wondering if there is an easy fix.
Any help will be apprieciated.
Thanks in advance.

No guarentees, as it could be a couple things, but please do these:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:

Reboot to SAFE mode to try and delete files

How to start computer in safe mode

I don't see anything in the log to cause you problems, sorry !

Right click the mydocuments icons /properties is the target correct.
If you create a new shortcut icon does it work

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Please delete the old copy so it can't be used.

What problems are you having ?????

format and use the upgrade to do a cleane install of xp,you will just need to but ME in when asked for proof of ownership .

No, originally it had 98 or 2000nt.....I dont have the external a drive, and I cant seem to make a bootable cd,,I tried ISO Magic, with no success..............

Do you have Nero ,if so use it to create win98 bootdisk and use fdisk to delete non dos partition and create and format a new partition .and start over.
get win98 bootdisk here to copy to cdrom
http://www.bootdisk.com/bootdisk.htm

control panel,add/remove programs .!

Looks good ,try these 2 programs .

Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\AddCLS.exe

Reboot delete following file

C:\WINDOWS\AddCLS.exe --- delete file only

to delete the above files and folder you will need to do the following
go to

Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files

How to start computer in safe mode

You should also do the following after you delete and reboot .
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Show us a fresh log now please.

Obfuscated=Make obscure or unclear

Also you didn't need to delete the other users as hijackthis fixes are good for all useres .!

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intellicast.com/Local/US...v=none&pid=none

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\openicjm.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/12797d06d99484...tzip/RdxIE2.cab

Reboot and delete following files .

C:\WINDOWS\image.dll---delete file only

C:\WINDOWS\realtime.exe---delete file only .

to delete the above files and folder you will need to do the following
go to

Show hidden files &

folders

"Fix Checked"...Reboot to SAFE mode to delete files

How to start computer in safe mode

reboot computer and post a new log

reboot and post new log

Download and install these two FREE programs to help stop Spyware .

Spywareblaster

SpywareGuard

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

Please Download CWShredder from HERE and run the Program. Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Please delete the old copy so it can't be used.

After that do this !!!!!!!!!!!!!!1

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=%tb_id

- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9884&s=

- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr...rch/search.html

- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9884&s=

- R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id

- R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr...//www.yahoo.com

- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id

O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - …

its older ,i think a pen 200 / 40 megs ram .

At least some bad pins,

just what do you mean by pins and are they fixable ,.Im not use to laptops ,I pulled apart a few big monitors and lots of computers but not laptops .

IBM thinkpad ,vertial lines on the top half of the screen ,they show as yellow,blue and pink on a light background ,1 solid blackline on the blue desktop about 1/4 in apart. hooked to my monitor via a KVM switch they are not there so its in the laptops screen ,is it fixiable !!

Do not take tension... Right now the goal is to resolve the issue...Do you know the answer to my posting?

I did not take tension ,it was a joke !:)hahahahaha.
Anyway ,I did a search and found you a FAQ page that might shed some light on you problem .
http://www3.ca.com/Solutions/CollateralList.asp?CCT=19503&ID=271

Run the online virus scan in my signature then follw this .And i only charge $25.00.lol

Download the latest version of Ad-Aware at http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

After installing AAW, and before running the program, you NEED to FIRST update the reference file following these instructions. http://www.lavahelp.com/howto/updref/index.html

Now do the follwing :

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"

Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.

Finally, close Ad-Aware, and reboot.
That ought to get rid of most of your spyware.

And after that, please do the following:
download and update
SPYBOT

how to setupSpyBot
reboot computer and post a new hijackthis log

so do we get to share you pay check also .

Sorry to hear that, the scope of these programs is also compuclated .perhaps there is a computer geek in you neighbourhood who can help you ,

you having a great day ,no wonder the post are down around here !:(

SpeedProblems, please be more descriptive when you name a thread. Here are the rules when posting: http://www.daniweb.com/techtalkforums/announcement.php?f=10&announcementid=2

Please obey the rules. You'll get better responses that way. You don't want to be warned or banned by not obeying them.

WOW , A unfriendly looking character you have there ,the enforcer !! threatening poster isn't the job of a mod :evil: ,helping is ,helping is what is done here ! :D The poster is only 13 and needs your help ,not you Power : sad:

When I browse the internet its so slow and when a page loads all the graphics start off as boxes with red x's in them. Then gradually the photos and graphics begin to load. I am getting alot of script errors and games aren't working as well. I am getting frames. just 2 months ago I bought a xtasy 9600 256 video card my processor is AMD 2.4 my hard drive is huge and dxeng.exe is up to date. Can anyone help
I have an always on cable connection,firewall and pop up stop

No guarentees, as it could be a couple things, but please do these:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.

your welcome

have u run cwshredder lately .in my signature .

hi check around some more and it is also recomended by some to fix this .
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

post a new log after you fix and reboot computer if you wish

Exelent log looks clean now ,hows you IE working now !:)

Have Hijack This fix the following by placing a check in the appropriate boxes

and selecting fix checked. Make sure all browser and all Windows Explorer

windows are closed before fixing.

O2 - BHO: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1

\PERFEC~1\BHO\PERFEC~1.DLL (file missing)

O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1

\iesearchbar\iesearchbar.dll (file missing)

O2 - BHO: (no name) - {773333A7-7553-5EE0-1704-E37D78DE97D9} - (no file)

O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe

O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

This is not needed and recomended uninstall via the Add/removePrograms in

control panell ,if you want

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P

Networking.exe /AUTOSTART

This is not adware but is recomended removal as it is a known rescorce hog .

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://

software-dl.real.com/2084e38...ip/RdxIE601.cab

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.

flingstone.com/cab/2000XP/bridge-c.cab

now reboot into safe mode and delete following files .

C:\Program Files\Common files\updmgr\ updmgr.exe>>>> file only

C:\Program Files\AutoUpdate\ AutoUpdate.exe >>> file only

C:\WINDOWS\ Belt.exe >>>> file only

C:\Program Files\Common Files\GMT\ >>>> Delete "GMT"Folder

The above files may be hidden there for you will need to …

please read edit in my last post about unzipping hjthis