Posts by caperjack

I received another E-mail that had the hjt file attached. Again the message said, " outlook has blocked the attachment because it is a potentially harmful file. Is this a virus that si aware of me trying to eliminate it an preventing any application that may do so? Still looking for a solution. I could reload all of my original disk that were loaded at first. The only problem with that is I really dont know how to back up files, delete, reload and all the must not or must do's in the process. I wish we could come up with an easier way. I really appreciate the help. Thanks

open outlook /tools /options /security and uncheck do not allow attachments to be saved that could be harmful or a virus , then someone resend the files .

I have a similar question.

My IT department has disabled my display properties at work (when I right click on the desktop and click properties I get "your computer administrator has disabled the display proerties". If I change the registry value will they know about it ? Also recently they made it so I cant adjust the time.

and would assumme for good reason !now get to work!LOL

log looks clean now .
,,,,,,,,,,,,,
just to make sure we have clean restore points lets do this:

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. >>>(will delete old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot.

3. Turn ON System Restore.>>>(creates new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
------------------------------------------------------------------------------------------
Please follow a few tips to remain malware free:

1) Make sure you keep your Windows OS current by visiting Windows update occasionaly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.
http://v4.windowsupdate.microsoft.com/en/default.asp

Also download, install and keep updated- Antivirus Software (and use only one):
Free for home users:
http://www.avast.com/eng/free_virus_protectio.html
http://free.grisoft.com/freeweb.php/doc/2/
http://www.free-av.com/

2) Watch what you download, …

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!

1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.
You might want to print out or copy & paste to notePad , these instructions as you will need to close this browser window to fix with hijackthis !
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = …

Hey casperjack ... I couldnt open your link ... is the link inactive or I am having some kinda trouble ??

opens for me here is is again.
http://support.microsoft.com/default.aspx?scid=kb;en-us;810869

This might help you bring it back.
Recycle Bin

my brother appears to be getting different ones all the time so i dont know what it is.

ok,next time he gets one tell himto write it down

HI ,the full error message would help, with out it ,its a shot in the dark

you wouldn't happen to have this winupdate85093701[1].exe
still in you recycle bin would you or on you harddrive ,check and see if you do ,zip it up and mail it to ,submit@fbeej.dk

Ok lets follow the direction in this thread seems to be working .
Unistall hotoffers

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!

1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.
You might want to print out or copy & paste to notePad , these instructions as you will need to close this browser window to fix with hijackthis !

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/192/

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe

O1 - Hosts: 69.50.173.3 lycos.com www.lycos.com
O1 - Hosts: 69.50.173.3 lycos.com www.lycos.com
O1 - Hosts: 69.50.173.3 lycos.com www.lycos.com
O1 - Hosts: 69.50.173.3 lycos.com www.lycos.com
O1 - Hosts: 69.50.173.3

I have to go to work for a bit but will check back later and do some looking

can you please post a new hijackthis log .

lets start with this .
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from HERE

Then it’s time for Ad-Aware
Ad-Aware
Install and update by using the globe icon. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.

Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware
How To Setup Spybot SD and Ad-Aware

http://www.pcbuyerbeware.co.uk/Sound2.htm
Check that link for info on you problem .remember when editing the registry be sure to make a backup first ,to do so go to file in the open regedit program and click export and name it and save it to you harddrive .

try winsockfix.zip download ,unzip it and run it see if that helps .

I have a Micro ATX form mother board, however I think I need a PSU specially designed for matx. Is this true?

you say a micro atx form motherboard ,is it in a micro case ,its the case it in ,not the motherboard that will dictate the size of the PSU you have to use ,
Might be cheaper to buy a midtower case ans psu and swith cases if its in a micro case ,better air flow anyway

before you format ,try this .
,,,,,,,,,
This problem could occur because of Spyware , go on over to the Security section of this fourm and post you problem along with a hijackthis log .
Spyware & Trojans and Other Nasties
,,,,,,,,,,,,,,,,,,,,,,,,
Please Don't post the hijackthis log in this section Thanks .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Please do this.
Download 'Hijack This!'. HijackThis
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

Or HERE if that link fails to work or you don't have a zip program installed .

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!

1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

3. Close ALL windows except HJT

4. SCAN with HJT

5. POST the new log in this thread using 'Add Reply'

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE …

hace you tried to get it to display in another user account ,if you don' have another go to users in control panrl and create one and try it !you may have a corrupt acct.
also spyware/trojan could cause this ,check out the spyware abd other nasties section of this fourm

Have you done this !!
,,,,,,,,,,
to delete files and folder you will need to do the following
go to
Show hidden files & folders

you don't seem to be following out suggestions very well as all the things you are being ask to fix and delete are still showing up in the new log .

Hi! I have what I believe is a simple question but I can't seem to figure out how to do it: I added the Mozilla browser to my computer because I'd heard it is more secure (and boy is it!) :eek: . However, now, I often cannot access some sites. Mozilla is set as my default browser and I don't know how to change it back to Internet Explorer. Can anyone tell me how to set Internet Explorer as my default browser? Thanks for all your help! :)

need to know what OS you use ,but will say if it winxp go to control panel .add and remove programs /set axcess and defaults on the left panel !

Go
Here and Get Trojan-Hunter Fully working trial! and run a full scan
,,,,,,,,,,,,,,,,,,,,,

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Do a virus scan here.
If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.
,,,,,,,,,,,,,,,,,,,,,,,,,,
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from :-
HERE
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT

First use Spybot S&D. (Version 1.3)
Spybot
Unzip, and update. Install the updates and run. …

I had this same type of prob. your info got me on the right track. I was able to use your info and figure out what I needed to do in my situation. It was a guess, I didn't know if it would work, but I had to try it and it did I thank you for your time and your knowledge. It has been a great privilege Thank You Cyrus

It was like reminiscing for me to go all the way back to 2003!
Actually its not my knowledge,just a good Google!:)

on of the best popup blocker in my opinion and that of many others, is the Google tool bar and its free
http://toolbar.google.com/.

I used to use Windows Media Player (version 10) to rip my CDs, so I set the Tools/Options for ripping in WMP to "rip inserted CD." I now use other software for ripping, so I have turned this feature off in WMP.
However, WMP does not recognise this. Whenever I insert a CD, WMP opens and starts to rip it, meaning that I have to close it down every time.
Anyone had this bug before?

Have you tried ,going to mycomputer .right click on the cdrom /properties/ayto play ,in the drop down list choose music cd and check off to take no action .!!:)

try this program while waiting for a reply from Crunchie after running it post a fresh log .
,,,,,,,,,,,,,,,,,,,,,,,,,,
Go
Here and Get Trojan-Hunter Fully working trial! and run a full scan

Heyyyyyyyyyy it worked....thanks a ton !!

thanking you all.
bye

'Great glad to have helped .Good luck :)
So SP2 only remove the shourtcuts to these programs and not the program !

go the calc.exe in you system foler and right click it and copy ,then go to the documents ans settings folder on you c:\ drive open your user name or all users ,open start menu folder open programs folder ,open accessories and right click and paste it there .this will also work for the recorder

A hijackthis log will help maybe !

Glad to beable to help ,I reccomend and use these 3 programs ,Download and install these 3 programs to help you with stopping spyware .
http://subratam.org/?page=software&part=Spyware-preventions

yeah you need a CD for sure !
so neither one worked when you typed it into Start/Run .

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.
You might want to print out or copy & paste to notePad , these instructions as you will need to close this browser window to fix with hijackthis !

unless this is you start page fix it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kon4ay.biz/k/

Search results of this one > http://sarc.com/avcenter/venc/data/pf/adware.cwsconyc.html
R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - C:\WINDOWS\SYSTEM32\SEARCH~1.DLL

Info on this one > http://castlecops.com/clsid-1393.html
O2 - BHO: BL Class - {28F65FCB-D130-11D8-BA48-8BE0C49AF370} - C:\WINDOWS\SYSTEM32\POPUP_BL.DLL

Search for and delete those two DLLs if found
All else looks ok
reboot computer and post a new log

I think i could be wrong this exe on its own is CSWsearch ,but i after looking for info on it with autoupdate maybe it isn't sorry will keep checking
.O4 - HKCU\..\Run: [Autoupdate Service] C:\WINDOWS\msxmidi.exe

EDIT: did some more searching of that and no one is fixing it when its with the autoupdate service .

go to start /run type in calc.exe ,see if you calculator still works ,
sooy i don't know what you were using to record unless it was just the windows recorder,in that case type this ,sndrec32.exe into run and see if its still installed .
If they are installed and working come back and i will show you how to put them back in accessories .

If they are not still installed go to control panel ,add and remove programs and on the left side add.remove windows components ,click it open accessories and utilitys ,details /accessories, click details again and check to install calculator .if its install check to uninstall ok you wat back out then go back in and reinstall it .
I looked around in there and can't see the recorder install

This on checks out as a coolweb vairant so please do the following then post a new log .
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from HERE

if you eye site is line mine watch out for those B s' that look like 8 s'

Abit of reading that might help ,Till someone who knows excatually what to do comes along .
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/intwork/inbe_vpn_NAXE.asp

Im confused ?????

about what !

This doesn't sound like a programming or software design issue. You didn't even bother to mention what browser you use. They're all different you know. Since you're somewhat clueless, I'll assume Internet Explorer. Go to Tools, then Internet Options, then Clear History.

>Basically i need to set on my computer so no one can see anything i have
>searched for or sites i have visited
You could stop searching for porn at work.

Hi ,she double posted and in other post said thank you for you help and mentioned that the other person was rather RUDE ,now i see why !!

Have you tried safe mode .
To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&ExpandSection=4&Src=sec_doc_nam

do ALT+CTRL+DEL .processes and see if any process is using all or most of the CPU , if system idel is at 99 its all right

You can create a new acct ,then go to windows explorer /click on the c:\ drive /open documents and settings folder ,there you will see all of the accts on the computer ,you can copy favorites/documents and desktop settings from one to the other .
Make sure to go to tools/folder options/view /show hidden files and folders .
If that is to vauge let me know .i will help some more .

and if that doesent work create a new acct and try it

posting this just in case you don't know how to get into safe mode !
,,,,,,,,,,,,,

To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.symantec.com/SUPPORT/tsgen...001052409420406

caperjack,crunchie and anyone else that was involved ...
Thanks for the help guys here is what I did after caperjack and crunchie last post..
1. Deleted NetZero from computer and re-booted
2. Re-install NetZero.....no help
3.Deleted NetZero again
4. Deleted Netzero in network Connections
5. Powered down computer for approximately 20 minutes.
6. Loaded older version of NetZero program from floppy disc.
Did this on 1/22/05 and still ok today.
Shure hope that it will stay this way.
Again thanks to all
katman

Your welcome .good to hear you got it working again !

in stead of using the netzero icon ,try setting internet explorer to auto dial when you click on it !
open IE,go to tools/internet options/connections ,and check off always dial my default connection . close IE then open it again .
If you already have it set like that ,then i din't know what else to say except maybe uninstall netzero software and reinstall

looks weird ,unless you have really fine tuned you system !i dont under stand where the rest of the log is .
Make sure you ahve internet explorer close as well as all other program ,just hijackthis running and try again

Logfile of HijackThis v1.99.0
Scan saved at 8:52:06 AM, on 1/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpfhtp.exe
c:\windows\system32\jfqkog.exe
c:\windows\system32\calc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [jfqkog] c:\windows\system32\jfqkog.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess

please help

looks like the bottom of the log is missing !!

Race you to 3000 :D

EDIT:
Noticed that ,To old [hehehe]for racing ,lets GO.I will see you there !