Posts by caperjack

First put hijackthis in its own folder on you hdd ,not on the desktop,something like c:\HJ\hijackthis.exe for backup's .

then make sure you have all window explorer and Internet Explorer windows closed and run

hijack and mark an X and fix the following .

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED

PROGRAM FILES\BRIDGE.DLL

O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file

O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL"

,Load

THE 08'S CAN BE FIXED IF YOU DON'T WANT THEM IN YOUR RIGHT CLICK LIST

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16af

1d10c0eb1b...ip/RdxIE601.cab

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.

com/cab/98ME/bridge.cab

ok now reboot computer into Safe mode [hitting f8 on bootup]and delete the following file if

found ,hijack may have already deleted them ,

C:\WINDOWS\SYSTEM\ A.EXE --- file only

C:\WINDOWS\DOWNLOADED PROGRAM FILES\ BRIDGE.DLL --- file only

Also you may need to show hidden files to delete above files .
How to show hidden files .

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#2

Now Run hijack again and post a new log .

ok i have 512MB of ram in my i have 3 of my DIMM modules in use, #1 and #2 have 128MB sticks in them, and in #3 i have a 256MB stick i read my manual for the computer and it says to not pair two different kinds of ram together or you wont get the maximum performance. so is it ok to have a 256 stick in module#3? or should i have a 128MB stick in module 3 and 4? OR can i get another 256 stick and put into #4? :eek:

I think they mean speed and not size ,.Anyway I don't think it will hurt to use 2 ,128 and 1, 256.,I'm running 1,512 and 1 256 ,128 pin ,sdram,both are 133mhz.
my computer works almost Flawless.
My opinion!:)

would it hurt anything if i left the side of my computer case off? it gets really hot in there and it helps cool it down? any reasons why i shouldn't?

MY Opinion ,If you have the room it wouldn't hurt ot leave it off and also would help if you have a small household floor or tabletop Fan to put it, so its blowing on the openside of the tower.:)

wow you guys are really helpful...

some of us WORK!!!:)

just had a look at the site and wondered if you missed this

How to download the full IE6 SP1...

First of all you will need to visit the Microsoft website and get the IE6 SP1 installer
using this link: ie6setup.exe (479kb)

Did all that ,downloaded ,I thought it would put it in that folder i created and put that file in ,C:\Downloads ,not there I don't know where it went .when i clicked that i wanted it for win98 it wouldn't download ,so i checked off winxp and it downloaded something ,but it must have been a ghost ,gone .

a few here.
ICONS

right click on the icon and go properties /change icon ,there will be 4 to choose from ,hit browse and browse to the shell32.dll file and you will get more .also you can search the web for a Icon program to get more .

whats in the folder .

well i suppose you could download a fresh copy of IE6 and reinstall. you can download here for instructions on how to get a full fresh copy

I wanted a full version to load on another computer,the instructions on that site seemed like it was what i was looking for ,until it finished then told me, "nowto go to windows upsate and install ie6 .nothing in the downloads folder i created .

First please get Spybot S&D to clear out most of the spyware.

Fix everything SpybotSD labels in red.

How to download and use hijackthis .
http://www.netstar.me.uk/hjt/hjt.html

Then after reboot:
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Unzip to a permanent folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
then post the log here

WOW ! Never heard that one before ,I would like to know how that would be possible ,if you computer is restarting you would loose all internet conection ,and computer video display .

F11 will not make it dissapear like that .it still leaves some controls up there

Is the CDROM jumper set to master.
not sure about what going on ,but if the hardrive are on the same cable,then dada transfer between the two could cause conflicts as they are traveling on the same ide cable .I would master one on Primary IDE ,slave the cdrom and master the other on secondary IDE .

Yeah ,I guess so ,1 track mind lately .and its early .

Are you using ,Winxp home or pro ,with SP1 ,Are you getting any error message !You may
have the Blaster 32 worm !

You have the peper trojan Follow these instructions to get rid of it..

1. Use the uninstall tool - download from:

http://www.memorywatcher.com/uninst.exe

double click on 'uninst.exe', let it run and terminate. You must be online to have this work and do not block any attempts for the program to connect to internet if your firewall squwaks.

Then!
You should move the hijackthis.exe file to its own folder like C
:\hj\hijackthis.exe before you run it again ,hijack creates backups and needs its own folder ,run it then post back with a new log .

hijak does a backup of changes ,they should be in the folder you ran hijack from ,by the way it is not recomended that you run it from a temp folder ,so lets hope the backup is still there .
Run hijack ,go to config/ backups ,it should show up in the window ,hit RESTORE . good luck!:)

If that works put hijackthis .exe in its own folder like c:\HJ\hijackthis .exe
And run it again and post a new log .

found this.
http://www.computing.net/windowsxp/wwwboard/forum/92193.html

Booting with power max floppy ,does it not see the drive

well it seems to be there just not sure y i cant open text docs by just double clicking thx any way guys.

if you follow my suggestion and check the little box ,ALWAYS use THIS program for this file type,you should then be able to click on the file and open notepad

This wasn't in the last log ,it is Wild Tangent Releated for checking for updated web drivers ,so if you want to use wild tangent and update the web drives leave it if not ,run hijack and fix this ,make sure all browser windows are closed .

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/...lim/install.cab

reboot int osafe mode and delete this folder
C:\WINDOWS\ wt

Ignore all of the Above if you want to use Wild Tangent .

Also this needs attention for safer surfing

Logfile of HijackThis v1.97.7
Scan saved at 7:23:05 PM, on 2/17/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

a trip to the windows update site would be order to update to XP SP1
and IE SP1

Hold down the shift key,right click on the document icon ,and choose OPEN WITH and browse to the notepad.exe file in the C:\windows folder .

Yeah, I'd say Spybot S&D or adaware, or maybe both...

these two programs alone will not remove a CoolWebSearch Infection,you will need to run CWShredder,and then Spybot and Ad-Aware .

id pay close attention to caperjack hes a genius and wont steer you wrong. all hail to caperjack

The words Caperjack and Genius ,don't belong in the same sentence !

Then do This , get Spybot S&D to clear out most of the spyware.

Short tutorial and download link here:
http://tomcoyote.org/SPYBOT/

Fix everything SpybotSD labels in red.

Then after reboot:
Download 'Hijack This!'. http://63.247.79.145/~coyote/downloads/HijackThis1977.exe
Unzip to a permanent folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
then post the log here

Hello

You Have a CoolWebSearch Infection.

Please Download CoolWebShredder, from http://63.247.79.145/~coyote/downloads/cwshredder1482.zip, Extract it & run the program. Click the Next Button & let it scan. Make sure you let it fix all CWS Remnants.

no not I :)

Just forget how right now but you can also move the program files folder to the bigger drive and change in the registry the default program install from C:\ Program Files to D:\ Program Files ,or what ever letter you second partition becomes .

The only speed difference i noticed was that it shows part of the page and then slowly loads the rest ,graphics and such,and finally loads the complete page ,about as fast as my IE6 SP1

Well, AdAware detected and assisted in removing another tonne of crud. Included in this crud is Huntbar and Hotbar and their associated crap files. I have two items in the Add/Remove Programs list, SearchTools and Shopper Resources (somthing) that I cannot remove. They just keep reappearing. From my home computer experience I was planning on running Hijack This but can't find a download. It appears TomCoyote's account is terminated. Can anyone help with a download site that works?

I think Tom Coyotes is either under another DDOS Attach, or is going back to orignal server .

Yeah hard to find a site that has it for download .most are shut down because of,DDOS= Denial of Service attacks .

can they all of a sudden cause a problem?

I dought it ,was just a thought ,I use the google search toolbar and popup stopper ,it works great blocks all but those floating type addscan they all of a sudden cause a problem? ,and there are few and far between.If installed uncheck when installing about communicateing with the mothership. LOL

I have no guarantee's !:)

this system info tool will show you just what kind of memory you now have,just match that .
http://www.webattack.com/get/aida32.shtml

a virus or trojan can be the cause of you problem .Try the online virus scan in my signature .

Don't have an answer just a comment ,when upgrading you allways backup important data ,you did this right ,giving that you had lots of important data on you PC .

IE 6 SP1 and I rarely have a problem with it ,it has had to shutdown a couple of times over the past 6 mnts.Same for all 3 users on this computer ,running winxp pro sp1

assuming that you win2000 is NTFS , your win98 is fat32 file systems ,you would have to convert 2000 to fat32 ,as win98 will not run see or run on ntfs .

http://web.ukonline.co.uk/cook/dualboot.htm

I use the TCP Optimizer http://www.speedguide.net/downloads.php on this site for my cable internet and on most sites get 6/700 kps,after the tweek,3/400 before . on of the best tweek sites I've found
http://www.speedguide.net/read_articles.php?id=157

Glad I could help ,all I could find on the msnmsgr.exe was good so allthough I thought it looked bad ,wasn't sure .

I've found a file that seems to be causing the 100% CPU problem.....msnmsgr.exe .(did a virus scan using housecall), prompted me with a worm agobot.uy....cant seem to find any pgms to remove it

I was wondering about that one but couldn't find any info on it and it is tha same name as tha actual msn messanger exe .not sure about what to do with it .check the fix in the link above .

run hijack again and fix these .

O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe

R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
reboot and delete this file

Delete this file .did you reboot into safe mode the last time to delet it .
C:\WINDOWS\Belt.exe---- file

You may want to deal with this one first ,
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32

\stlbdist.DLL,DllRunMain

for this one check this link and follow removal instructions .Just try the add/remove programs option first .

http://www.doxdesk.com/parasite/BrowserAid.html

Make sure all browser windows are closed ,then run hijack again and fix these, then after ,deleteing the belt.exe file ,post a new log .

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startium.com/

metasearch.php?dst=DIST1

O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32

\stlbdist.DLL

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~

1\BHO\INCFIN~1.DLL (file missing)

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32

\stlbdist.DL

O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32

\stlbdist.DLL,DllRunMain

for this one check this link and follow removal instructions .

http://www.doxdesk.com/parasite/BrowserAid.html

this one is optional ,not Adware but a really big rescorce hog and fixing is suggested as it

is not needed to be in run!

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.

EXE

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.

com/nprotect/nprotect/npx.cab

O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.

cab

If you know this to be your IP address don't fix ,but if it not yours fix it .

O17 - HKLM\System\CCS\Services\Tcpip\..\{D1DDDD61-AA2F-46E9-B1BD-69314B811E0A}: …

Short and Sweet .nothing in it bad ,Also you should put hujack in its own folder and not a temp one ,for backup purpous .
one thing that is suggested to fix because it is a rescorce hog is this .

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE

This is just something off the top of my head,have you tried disabling pop up manager ,some times popup blockers can cause problems .

Lets try this !:)

.

Download 'Hijack This!'. http://63.247.79.145/~coyote/downloads/HijackThis1977.exe
Unzip to a permanent folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
then post the log here

Hi I don't see anything bad in the log ,and the hijackhelper program I use doesn't show any thing bad ,i will post in the classroom when i can for a second opinion . ,.I 'am part of a leaning classroom on the Tom Coyote Forum ,but I'm having problems connecting ,they had to use a back up server because of a DDOS attach,may be gi=oing back to orignal.

try a repair or reinstall maybe .
http://support.microsoft.com/?kbid=318378

Have you tried a repair of IE

http://support.microsoft.com/?kbid=318378

My other question is, im a P2P frequent downloader (bittorrent)...so what other methods should i take in order to prevent another attack? For example: i take it Norton AntiVirus can only help me in such an amount, because every single time i've been hit NA can only prevent the Ghbot/gen from entering my pc but not the other blaster worms. Thx for the help.

Check the link in my signature ,How I got infected in the first place .

Hello

You Have a CoolWebSearch Infection.

Please Download CoolWebShredder, from http://63.247.79.145/~coyote/downloads/cwshredder1482.zip , Extract it & run the program. Click the Next Button & let it scan. Make sure you let it fix all CWS Remnants. Afterwards, Please Post a fresh Hijack This log.