Posts by TallCool1

My brother's pc is recently hijacked. The error reads:-
Error loading C:\Windows\Downloaded Program Files\bridge.dll.

You should have started by reading the messages at the top of the Security Forum page: UPDATED: DO NOT POST ABOUT BRIDGE.DLL BEFORE READING THIS and Helping yourself: What to do before starting a new thread or posting a HiJackThis log, but we are here to help.

You should read those posts before continuing, as well as updating your copy of HijackThis, which can be updated from within the program. It's easy to to do: click the Config button in the lower-right corner of the program window, then click Update.

You need to run Spybot - Search & Destroy. Make sure that you update the datafiles during installation (be sure you're online). Follow the instructions carefully. Your biggest problem seems to be MyWebSearch, but some other notes follow, as well.

After following the instructions in those two posts and running S-S&D, run the updated HijackThis to see how you are doing. Then, and only then, re-post your cleaned log.

Watch out for the problem denoted in this line:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe

Remove these (useless):
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe

Get rid of Kazaa. It's one of the worst security risks out there. Find a different, safer network with similar functionality--they do exist.

Help!!! Pls kindly assist. Cant even used hijackthis to fix those checked box on my pc cos the 'worm' may have caused the application close promptly after few seconds. Where got time to react to check those boxes???

You are not without recourse. Try running HijackThis in Safe Mode and see if that gives you enough time to delete the offending startups. There are also alternative tools available to kill the offending processes, including CodeStuff Starter and PrcView. Either of them should work; Starter has a "nicer" interface and can also be used to delete stuff from the startup list, like HijackThis or MSConfig.

Kill the following process and delete the file: C:\Documents and Settings\Admin\Desktop\AAAA.exe

Get rid of the following (use HijackThis to check these off and "fix checked"):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://zfpyjv.outhost.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://zfpyjv.outhost.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://zfpyjv.outhost.info/sp.php

All the lines beginning with 01 - Hosts

O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - …

My PC has been spontaneously rebooting over the past few days. I've been running a hardware monitor to check temperatures, memory, and voltages, and everything is normal except the +12 V reading, which has been reading upwards of +13.1 V and higher. Could this be the problem, and if so, how can I fix it?

Yes. There is a signal line from the power supply to the motherboard called PSG (power supply good). If the voltage goes out-of-bounds, the system may well shut down. the upper bound on the 12V line is about 13.5V, so it's entirely possible.

Replacing the power supply is probably your best bet. They are no longer economical to repair.

My hard drive keeps restarting itself before it gets to the welcome screen. I can read the contents of the HD but I can not get access to my documents because it is denied.

There are a couple of possibilities. One is a damaged Registry. You can boot from the XP CD (if you have the full version) and use the "repair" option.

If all you have is the so-called "restore" CD, I'm not sure how that would work, as I have not used one.

If you can boot from Knoppix, I don't think the power supply is your problem.

If you can't get into Safe Mode, your problem is most likely bad RAM. Try running MemTest86.

The below is what was found by HijackThis.

Actually, you only posted half the information--you left out the Registry-entries list.

What you posted looks almost clean--except for the RunDLL32 entry, which usually indicates a problem. Please post the rest.

I should point out that there is a security issue with WinZip 8.1 and below, so update to v9.0, or use 7-Zip instead.

Logfile of HijackThis v1.97.7
Scan saved at 8:20:37 AM, on 4/21/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

A major problem right-off-the-bat is that neither your Windows XP nor your Internet Explorer are up-to-date. Partly due to this, you have been loaded with nasties. As soon as you clean up your problems, download all the patches you can get.

Most of the rest of what you have can be removed automagically by Ad-Aware and Spybot - Search & Destroy. Run each individually, but be sure to update the detection data files before running either program.

Then you can post your new HjT log back here.

i am getting the following message on boot up
stop: 0x0000007B(0xFAF73640,0x0C0000034,0x00000000,0x00000000)
I have checked the hard drive and it is o.k it boots up fine in another p.c--it wont even boot up in safe mode.

There are a few likely possibilities.

One is a memory error. This can be tested using MemTest86.

Another is a BIOS error, corruption. This can be cleared by following the instructions in your motherboard manual.

A third possibility is a USB error. Try unplugging all the USB devices or hubs plugged into the computer's USB port and boot it again.

That's all I've got for now. Keep us posted.

I honestly fail to see how use of any one program over another would be more simple:

PrtScrn way:

1.) push Print Screen
2.) paste somewhere
3.) save

External App way:

1.) Load app.
2.) Tell it to capture
3.) Save shot

For example, I run TinyResMeter all the time anyway--great utility, it monitors my memory, resources, and CPU usage--so a screen grab is [PrintScrn]. That's it, one step, repeat as needed. Save is automatic, to a directory called ScreenShots. Each filename is automatically incremented. Much simpler.

How Would I take A Picture Of My Desktop And Post It At A Forum As An JPG?

I think what some of the posters to this thread are losing sight of is the fact that the intent is to capture screens, not dink around with copy-and-paste and graphic-manipulation programs. The advantage of a program like TinyResMeter, SnagIt, or HyperSnap-DX is that a screen-grab is a one-step process. This allows a series of screen captures quickly, if needed--or at the very least, simplifies the process.

How Would I take A Picture Of My Desktop And Post It At A Forum As An JPG?
I'd also like to know how to turn a link into jpg, I've actually done this once in MS Paint but I don't know how I did it.

I use TinyResMeter for screen grabs. It's tiny, easy, and requires no installation.

Attaching files is easy, too. Just scroll down to Additional Options and select Manage attachments.

Unless you are referring to linking a graphic from another site...

My computer runs very slow after a while and it would become difficult to shut programs. I would then go to the task manager to close the program only to see that the cpu is running at 100% and it won't let me do anything.

AMD Anthlon 2600+
256MB
40GB HDD
64MB Geforce2 MX400

Which OS are you running? Which anti-virus? Have you checked for adware/spyware lately? Are you running the Windows fast-switcher PowerToy? Are you on broadband or dial-up? Are you using a firewall? Any weird toolbars, pop-ups, or changed start-pages lately?

Please help us help you. Read the malware article in m\y signature, below. If you feel that you are up to running HijackThis, post a log here before you try to fix anything. In any case, we need more information.

I also have this problem, but cannot access the internet at all. I am using another computer now. Is there a way to take care of this with ie not working?

It looks like the Hungry Hands pr0n hijacker is hard at work again. It seems to be consistently causing this problem. I think there are two means of attack at your disposal which can probably be combined, as well.

One is to download the Mozilla browser on another machine, burn it to a CD, and install it to the target machine. You might also want to download Ad-Aware and/or Spybot - Search & Destroy. Be sure to download the data files and use them to update the detection before running either program.

Once you have run both, you are going to have to download and run HijackThis. Note: read the instructions on the linked page very carefully (the main download link is broken -- use one of the mirrors). Do not actually remove anything from your startup or Registry until you have posted the log that it generates and are given explicit instructions on what to remove. You should also read my article on this subject (in my signature below).

You also might want to download and install some free prevention measures, including SpywareBlaster and SpywareGuard. These will stop malicious ActiveX installs, a major part of your problem.

By having Mozilla, Ad-Aware, Spybot …

Having the same issue. When clicking on desktop icons the screen goes blank and then refreshes without opening. also unable to open the control panel.

I moved your original post to its own thread and answered it there. Sorry you didn't find it the first time!

ok im not really following, so if I have 256 256 128 128 then i would not be getting as good performance as if I did just 256 256?

No, that two pairs (128/128, 256/256) beats one-pair-plus-one (128/128, 256/0)--depending on the hardware. This also assumes that you have Windows 2000 or XP, since Windows 98 will choke on more than 512 MB.

EVERYTHING SEEMS TO WORK AGAIN!

Is it safe to turn windowblinds and cursorxp back on?

Cool! :cool: Yes, you can turn them back on.

My home page in IE is now about:blank. I can manually remove all appropriate registry entries (startpage, etc), and then if I click on the IE icon the arrow turns into an hour glass for 15 seconds or so, then back to an arrow. If I then look at the registry, everything is again set to about:blank. If I click a second time, IE does open.

Before you remove anything, turn off System Restore to keep stuff from coming back. While I cannot identify the hijacker, I can identify which files to remove. You need to remove the 02 - BHO (browser helper object) item, as well:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ankli.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ankli.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ankli.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ankli.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ankli.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ankli.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {D38BDAB3-3A14-45EE-B059-5EFF27D479F4} - C:\WINDOWS\System32\ankli.dll

After fixing, reboot into Safe Mode and delete C:\WINDOWS\System32\ankli.dll

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here's three resource wasters to remove:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: …

my life's been a living hell for the past few days with this computer problem.

I see your problem. You have WindowBlinds installed, a clever hack that wedges into the desktop. You have two hijackers: MyWebSearch and HungryHands. The result is massive confusion as the hijackers don't "understand" WindowBlinds.

To start, you need to boot into Safe Mode and disable WindowBlinds/CursorXP, then boot into the normal desktop and run
Ad-Aware and/or Spybot - Search & Destroy. Be sure to update the detection data files before running either program.

After your scan(s), re-run HjT and see if the following have been removed:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program
Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\hhU.dll

Here's one that should be removed, as well:

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

You can read more in my articles and links. See my signature below.

When I start explorer a different home page pops up and I have begun receiveing many pop ups.

This appears to be a CoolWebSearch variant; hopefully, the newest CWShredder will take care of it. Another possibility is the IEFEATS.A Trojan, though this seems less likely. One good bit of advice from that page, though: remember to turn off System Restore before searching for and deleting these files to remove infected backed up files as well. Also, make sure that there's nothing else running when you run CWShredder or HjT.

I have listed the problem files. After performing the above steps, create a new HijackThis logfile and make sure they are gone. The ones below the tilde-line are optional.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\ietq\mssearch.dll

O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install

O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

i got a question about ram, i have:

slot1: 128 / slot2: 128 / slot3: 256 / slot4: nothing

could i get another 256 and put it in slot 4?

Yes. Another aspect depends on which processor and motherboard that you have. If it's a Pentium 4 with a 533 or 800 MHz front-side bus, pairs are best, anyway. If that's the case, you are taking a performance hit right now by not having 2 pairs.

I did all you said and this is my new log:

There's a couple of others that will be useful to remove. Have only HjT running and remove these entries:

O4 - HKLM\..\Run: [LoadQM] loadqm.exe
Microsoft "trickleware"--potential spyware. Causes slowdowns.

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
Never very useful and no longer needed.

I also recommend that you update your Acrobat Reader from v5.0 to v6.0.

My redhat 8.0 box froze up yesterday leaving me no chose but to powerdown. now it wont boot. it getts going but then starts doing file system checks and drops me in to a recovery shell so i can run fsck and e2fsck.

is there a way i can kick this box back in to life without the full re-install?

Use Knoppix. See my sig.

Hey boys ! I've been hijacked.

Remove these keys:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\System32\mihaba.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank

O1 - Hosts: 213.159.117.235 #uto.search.msn.com

O2 - BHO: (no name) - {13D48D0E-FEDC-416B-92BA-D86B6A3FADAE} -
C:\WINDOWS\System32\mihaba.dll

Other than that, you are clean.

Hi guyz,

Well to make a long story short, I've been having this dialog box poppin up evry 10 mns sayin cannot open file c://WINDOWS/dlm.html ....

I ran about 10 different virus scna and nothin is found ..I know there are some registry key and other touchy files i should whip out but i would like to ask xperts first.

It looks like your main problem is a dialer. Remove the following keys:

R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Go!Zilla\GoIEHlp.dll (file missing)

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe

O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe

O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\sxchost.exe

O4 - HKLM\..\Run: [meow htm] C:\PROGRA~1\GREYGL~1\chinplatform.exe

O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart

O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html

O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/1,0...AccesMembre.cab

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB

After this part, reboot. Where a path and a filename are shown in these keys, track the files down and delete them--for example, C:\WINDOWS\dl.exe. The same is true for the rest, as well.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Removal of the following are optional, but recommended:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Microsoft …

Here is the new log.

You still have some problems. Remove the following:

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.worldusa.com"); (C:\Program Files\Netscape\Users\sproston\prefs.js)

O4 - HKLM\..\Run: [ngbcdlg] "C:\WINDOWS\System32\ngbcdlg.exe"

O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\System32\wapitr.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.tiny.com/uk

~~~~~~~~~~~~~~~~

Removing these is optional, but highly recommended:

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27d13de...ip/RdxIE601.cab

When I click on the IE icon, nothing happens, and when I click on windows explorer or any other folder shortcuts on the desktop, all the icons and even the taskbar disappears for a couple of seconds, and then reappears.

I have a lot of work and valuable IE Bookmarks/Favourites, so I can't afford to lose the ability to browse for my files. I'm using netscape right now to type this.

Nothing is lost. Nescape/Mozilla can import favorites from Internet Explorer, and Microsoft provides favtool.exe, which works both ways.

But these are only temporary solutions. Your long-term problem is a hijacker, Trojan, or Virus that's wedged its way into your desktop. This can happen because Internet Explorer is an integrated part of Windows. I can almost guarantee that you have Active Desktop turned on, and a hijacker running.

You are going to have to download and run HijackThis. Note: read the instructions on the linked page very carefully (the main download link is broken -- use one of the mirrors). Do not actually remove anything from your startup or Registry until you have posted the log that it generates and are given explicit instructions on what to remove. You should also read my article on this subject (in my signature below) followed by this article--that I was planning to write, but Grinler beat me to it :cheesy:.

i looked at your suggestion with the pcmcia card , the problem with that is if the laptop does not have a usb port more then likely it is a 16 bit base laptop and that card is 32 bit which will not work. So they will have to do a lot of research for a 16 bit card if there is such a thing.

You are incorrect. Any processor newer than a 386SX (or any OS Win95 or newer) is 32-bit, so that's not the issue. The PCMCIA standard is 32-bit, anyway.

Logfile of HijackThis v1.97.7
Scan saved at 8:17:24 PM, on 3/31/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

You double-posted. I responded to the other thread, so check that out, too.

I've gotten back into this and have found out that SpyBot does find every time LOOK2ME and from what I've researched on the net, this is a deviant spyware program that attaches itself to Windows. So though I've tried to delete it from the registry, it comes back every single time... have you run into this spyware program and what are your suggestions for removing it?

Here's some specific information for you: Look2me Removal Instructions and Help.

Spybot Search & Destroy has an "Immunize" function that blocks a lot of the bad stuff. You can also download SpywareBlaster, which can help, too. You should read my article, the link is in my sig below.

The use of Mozilla for the majority of your browsing will also reduce problems, since ActiveX and browser helper objects are unique to Internet Explorer. You will still have to use IE for a few sites, but the number is (thankfully) decreasing.

My Pc keeps restarting when connecting to the internet.It has a SoftK56 Data Fax Voice CARP Modem, P4 2.4ghz proccessor, MSI motherboard.

You almost certainly need newer drivers. Which version of Windows are you using? Go to the Zoltrix site and download the apprpriate drivers based on the model number and version of Windows. I'm assuming Zoltix based on the information you have provided so far; if this is not the case, let us know.

Everytime I connect to the Internet I get searchcentral.cc as my start page, and Ive tried to change it, but when I reboot it comes back... I'm not sure what to fix, so if you could tell me it would be great..

MSIE: Internet Explorer v6.00 (6.00.2600.0000)
First problem: IE patches are needed. You are way behind.

C:\ARCHIV~1\WINZIP\winzip32.exe
Versions of WinZip prior to v9.0 are security risks. See this link.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4384
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4384
O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update12.js
These are your main problem. The Java applet is what keeps reinstalling the searches. Delete the .js file on the next boot after removal.

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
These are resource wasters and excess baggage and can be safely removed.

any help with what to fix would be great.

You have a couple of things here that may be causing you trouble. Whether you want to get rid of them or not depends upon how you use your machine.

C:\WINDOWS\System32\WISPTIS.EXE
A lot of people are having problems with this. Note the removal instructions later in the thread.

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
Worthless Creative Labs registration-reminder service.

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
Older versions of this quick task-switcher app have been known to cause system slowdowns.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Useless QuickTime startup service.

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
Some people don't like this one much, either.

Hey,

I'm having a problem on startup of Windows XP Home Edition and on Shutdown (as well as a few other random instances). I get a popup window with with an error regarding "OPXPApp.exe".

Are you running the Softex OmniPass biometric application? That's the only reference that I have been able to find. It may have been damaged by the malware. If not, it may be another nasty, masquerading.

Hi there, I've been having a problem that when I load the task manager it flashes up and then shuts down. I also can't run regedit, renamed it from exe to com and I now can. Based on what I've found there's a virus messing things up.

You are correct. Remove the following (some are merely resource drains, but absolutely unecessary):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O4 - HKLM\..\Run: [Configuration Loader] msgfix.exe

O4 - HKLM\..\RunServices: [Configuration Loader] msgfix.exe

O4 - HKCU\..\Run: [Configuration Loader] msgfix.exe

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O9 - Extra button: Run DAP (HKLM)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/29b4df709602da330106/netzip/RdxIE601.cab

thx for your help guys here his his new hjt log i know there are a few things still on there that need fixing but it seems a lot better.

You are correct, you are almost there -- to the point where most of these are merely resource-wasters (except ISTSvc):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123found.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

Those should do it.

This is my result from Hijack This.
Logfile of HijackThis v1.97.7
Scan saved at 12:34:31 PM, on 3/23/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Remove the following (most are spyware, some are simply unecessary and annoying):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://www.anything-internet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD75B9D5FA7D} - C:\WINDOWS\DOWNLO~1\MYBAR.DLL
O3 - Toolbar: PopupPD.com - {4E7BD74F-2B8D-469E-C0FF-FD75B9D5FA7D} - C:\WINDOWS\DOWNLO~1\MYBAR.DLL
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\PROGRAM FILES\REAL\PLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WebInstall2] C:\PROGRAM FILES\CLIPGENIE\WEBINSTALL.EXE /R
O4 - HKLM\..\Run: [ABJ] C:\WINDOWS\ABJ.exe
O4 - HKLM\..\Run: [CGJ] C:\WINDOWS\CGJ.exe
O4 - HKLM\..\Run: [CGJMQ] C:\WINDOWS\CGJMQ.exe
O4 - HKLM\..\Run: [XTMSFTD] C:\WINDOWS\SYSTEM\XTMSFTD.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/28eaa6f092920bea3d23/netzip/RdxIE601.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - 
       

I completely removed McAfee VirusScan from my computer, and I still get the Backtrack Monitor message. What else can be causing this problem?

VirusScan was never the problem, we knew that days ago, Backtrack's not part of it. Why don't you share your process list so we can see what's running?

I uninstalled/reinstalled McAfee VirusScan. That didn't solve the problem. I still get the same message when I shutdown.

Well, something has to be running -- error messages like this don't appear out of nowhere! Keep looking.

Thanks, but keep in mind I'm new at this. So how do I install a new os if I'm locked out the the computer. All I keep getting is a message about contacting administrator, not having administrator rights, or in the administrator group.

There are a number of ways to get around this. One is to boot fropm a live Linux CD like Knoppix. There are boot floppies that do the same thing. Can't remember where I saw them; I'll look and report back.

Also remember: "Google is your friend."

I don't understand your fix. I don't have McAfee QuickClean installed on my machine.

But you must have some piece of McAfee software installed to get that error message. Look at your Install/Remove Programs panel and look at the running processes in the Task Manager to see what it is.

Thanks for your reply, sorry for my lack of knowledge, but you mention TinyResMeter and System Tray. Can you give me step-by-step instructions on where I can access this? I do already have codestuffer... Though I did not see anything unusual listed there, I'll get a listing of that and post it here..
One more question>> is Mozilla used like Netscape or Internet Explorer?

OK, let's back up a step. In my original message, the highlighted words in blue (for example "TinyResMeter") are all clickable hyperlinks (the word "clickable" is another one) -- in the TinyResMeter example, the download link for the program. The System Tray I made reference to is the area in the lower-right corner, next to the clock, where a group of icons are placed which represent currently-running programs that you can interact with by either double-clicking the icon (to activate in some way) or right-clicking (to bring up a menu). These programs usually include virus checkers, firewalls, and other programs that launch at startup. Once you understand those concepts, the rest should follow.

As far as Netscape vs. Mozilla, Netscape 7 is Mozilla -- an old version (1.3, I think. Current is 1.6) with AOL advertising added.

I'm not a techie person, so easy on your replies:
I have Windows 98
I connect to the internet via AOL
I use both IExplorer and Netscape
I'm getting LOW RESOURCES msg and the computer locks up (everything). The only way to temporarily repair the problem is to reboot.

I recommend a two-pronged approach, using free programs that are especially useful in this case.

Windows 98 has a built-in resource meter. Ironically, it is such a resource hog itself as to be totally useless in a case like this. Fortunately, the free TinyResMeter can be easily configured to monitor system resources. There's no need to unzip or install it; just run it. When the little "bug" icon appears in the System Tray, right click on it. Go to the Fields menu and select the following items: CPU usage, SYS, GDI, and RAM (there are other fields as well, but these are of the most interest right now). Initially, this will at least give you warning of impending doom -- when SYS and/or GDI drop below about 40%, you are in the danger zone.

Next, download and run CodeStuff Starter and/or HijackThis to find out what's running. Note: read the instructions on the linked page for HjT very carefully (the main download link is broken -- use one of the mirrors). Do not actually remove anything from your startup or Registry until you have posted the log that it …

I have Windows 98. When I shut down my computer I receive the message Backtrack Monitor
Fatal Error 8205---cannot take snapshot

Backtrack Monitor is part of the McAfee packages QuickClean and Uninstaller that seems to perform a function similar to Roxio GoBack. It would appear to be a configuration error. I have not used this utility myself. You may wish to try the configuration options or to uninstall/reinstall the program. Here's a PDF with more information.

It seems to be functioning normally... Here's my new log.

The only remaining things that I would remove:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)

O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp (file missing)

Oops... please ignore the first paragraph of my reply in your case:

Start by running Shoot the Messenger, DCOMbobulator, and UnPlug n' Pray from Gibson Research (about mid-page). This will close the door on some of the vunerabilities used.

It doesn't apply to Windows 98. I was thinking XP, for some reason. Sorry about that!

I need to know how to wire a RJ45 8-conductor jack. Can someone point me in the right direction?

You mean like this?

Can someone please have a look at this hjt log as my friend is gettin a lot of pop ups i have run adaware and cwshredder and a few more and fixed a lot of problems.

Start by running Shoot the Messenger, DCOMbobulator, and UnPlug n' Pray from Gibson Research (about mid-page). This will close the door on some of the vunerabilities used.

Next, you should remove the following malware-related items:

O2 - BHO: (no name) - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN\APUC.DLL

O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL

O4 - HKLM\..\Run: [RDLL] RunDll16.exe (be sure to remove both instances)

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\180SOLUTIONS\MSBB.EXE

O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe

O4 - HKLM\..\Run: [EOIVZCFJM] C:\WINDOWS\EOIVZCFJM.exe

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O16 - DPF: {6CAE02B8-EB30-11D1-8CE5-0004ACF74B57} (IFS_List Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_List.cab
O16 - DPF: {5DD1BBF5-E4B2-11D1-9211-0004ACF75CFC} (IFS_Wizard2 Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Wz02.cab
O16 - DPF: {F3DAE1EA-01DA-11D2-8E33-08005AAA630C} (IFS_Wizard4 Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Wz04.cab
O16 - DPF: {5915C16A-F555-11D1-8E31-08005AAA630C} (IFS_Wizard5 Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Wz05.cab
O16 - DPF: {C6C07D4E-3911-11D2-8708-0001FAF8D5C4} (IFS_Wizard7 Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Wz07.cab
O16 - DPF: {A3186A8D-134F-11D3-BBAE-0010E3624141} (IFS_Wizard8 Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Wz08.cab
O16 - DPF: {35831956-96AF-11D3-BC12-0010E3624141} (IFS_Wizard10 Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Wz10.cab
O16 - DPF: {1096842F-FEE6-11D2-965E-0010E3622565} (IFS_Lib00) - http://tescoonline.co.uk/dbpc2/cont...1.0/IFS_OLB.cab
O16 - DPF: {8F78C964-B20B-11D2-8D4A-0004ACF74B57} (IFS_Lib01) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb01.cab
O16 - DPF: {C6726AD0-E1E0-11D2-929E-0004ACF75CFC} (IFS_Lib03) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb03.cab
O16 …

IBM thinkpad ,vertial lines on the top half of the screen ,they show as yellow,blue and pink on a light background ,1 solid blackline on the blue desktop about 1/4 in apart. hooked to my monitor via a KVM switch they are not there so its in the laptops screen ,is it fixiable !!

It might be a ribbon-cable problem. The cable might be loose, but it's not likely. An LCD screen is divided into two parts, upper and lower--if something is affecting only one half, the problem could be either electronic or mechanical. Look over some of my other replies in reference to LCDs in this forum for clues. I was going to quote myself, but it's all here in the other messages...

help me please i did the hijack thing heres the log

Logfile of HijackThis v1.97.7

MSIE: Internet Explorer v5.50 (5.50.4134.0100)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers.net/NetpalOffers/DMO1/ON01.cab

First of all, before removing stuff manually with HijackThis, you should run at least the free version of Ad-aware. I also recommend Spybot -Search & Destroy, but please realize that it requires a bit more computer savvy than Ad-aware. In both cases, make sure that the data-file is up-to-date before you run either program.

Let's go over the problems, since some will have to be removed manually anyway.

* Frsk is one, a hijacker.
* The R0 IE search keys above can go.
* TaskMon is completely worthless, it can go.
* LoadQM is MS spyware ("trickleware") and known to cause problems, especially with Me. Remove it.
* The two 016 keys listed above can go, too. The AOL one is a useless "quality of service" monitor, the second one is part of the hijacker.

I highly recommend that you update to Internet Explorer 6, unless you have an extremely compelling reason not to do so.

hey guys ihave run into a dilemma , i have a usb memory stick with 16 mb of space on it and i dont know how to access it . im running windows nt. Any help is appreciated

Most versions of Windows NT didn't have USB drivers to start with, let alone memory-stick drivers -- they may be included in one of the service packs. You should also check the manufacturer's website for NT drivers.

darn cant find any burners like this tho for regular pc's. Still cool tho I need one hehe thanks again

I can virtually guarantee that you will not find a slot-loading CD-burner due to alignment issues. It's one thing to put a disc on a tray and let the mechanism load it. It's another thing entirely to shove a disc into a slot and have the mechanism deal with it that way. Think about it.