• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
MrGoodbar

Notepad Trouble

7 posts in this topic

after a recent (and i suspect ongoing) infection Notepad seems to have dissapeared from my machine. I know it seems a little petty as its such a small, basic program but it does come in handy for coding a few things and posting HiJack logs etc. anybody know how to get it back?

 

my browser also seems very sluggish and certain pages including Yahoo wont load on the first attempt (HTTP Error 400 - Bad Request?) and need to be refreshed. any ideas?

 

thanx in advance to anyone who can shed some light on these little annoyances.

Share this post


Link to post
Share on other sites

I have got the same problem! Any help? I suspect a virus. named notpad.exe which took place of notepad.exe.

Share this post


Link to post
Share on other sites

Some pests like the CoolWebSearch trojans overwrite important system files and replace them with more trojans. Notepad.exe is one that gets attacked. I posted this for someone else. Maybe, it will help you. If you have XP, you should have a copy of

notepad.exe in your dll cache in C:/WINDOWS

and C:/WINDOWS/system32.

If only notepad is corrupt, you can

download a copy of it at www.spywareinfo.com/~merijn. If, your problem is bigger than that, you may need this:

Open the file search, click on tools, folder

options, then view. Check the "Show hidden files" option, and uncheck "hide

extensions..." and "Hide protected operating files" (O.k and apply)

Then, perform a search for notepad.exe If you don't have a notepad in windows

and the notepad.exe file in the dllcache in windows and

system 32, do the following:

Go to start, click on run and type in cmd.exe

Click o.k.

At the prompt, type in sfc/scannow to bring up your

sfc tool (It scans your system for missing or replaced system

files then puts them back.) It may ask for your XP disc, to get a clean copy

if your files are corrupt. Insert the disk; when it asks what to do,

choose exit. Let the sfc tool do the rest. When it's done (about 10 minutes),

take out the disk, search for notepad.exe, and copy/paste a copy of

notepad.exe in windows/dllcache and windows/system 32. There should already

be a notepad in the actual windows folder, and the windows/system32/dllcache.

Now, you should be able to use notepad, plus you've done a quick repair

on system files. If some .dll files happen to still be damaged, you may have

to search the net for a .dll library and download your missing files. That should do it. Remember to keep your anti-virus and anti-spyware programs updated.

Share this post


Link to post
Share on other sites

i had a look and i still have Notepad.exe, it just wont open. The curser changes to "busy" so its trying to do something, it just cant open it. think i should just delete and replace?

 

Im still having alot of trouble with my Internet Browser too. I deleted sum suspicious looking items using HiJackThis and Internet Explorer started to work again but they keep reappearing. i'll post my log and highlight the offending items im referring to, see if u can tell me what they are:

 

 

Logfile of HijackThis v1.97.7

Scan saved at 15:39:09, on 10/07/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE

C:\WINDOWS\SYSTEM\DEVLDR16.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\HPHA1MON.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\PROJECT SELECTOR\PROJSELECTOR.EXE

C:\WINDOWS\SYSTEM\HPHIPM07.EXE

C:\WINDOWS\SYSTEM\HPHID407.EXE

C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\DRAGTODISC\DRGTODSC.EXE

C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\AUDIOCENTRAL\RXMON.EXE

C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE

C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\AUDIOCENTRAL\PLAYLIST.EXE

C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\RUNWIN32.EXE

C:\WINDOWS\WININET32.EXE

C:\WINDOWS\RUNWIN32.EXE

C:\MY DOCUMENTS\MARTIN\SOFTWARE\HIJACKTHIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pipex.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dial.pipex.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PIPEX

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

F1 - win.ini: run=hpfsched

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\SYSTEM\HPHA1MON.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE

O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE

O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"

O4 - HKCU\..\Run: [Remote Packet Capture Protocol v.2.0] C:\WINDOWS\runwin32.exe

O4 - HKCU\..\Run: [Plug and Play] C:\WINDOWS\wininet32.exe

O8 - Extra context menu item: Take snap shot - C:\WINDOWS\TEMP\CSSnapShot.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.dial.pipex.com/

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/So...eDownloader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

Share this post


Link to post
Share on other sites

one more thing i just realised.... I think everytime I try to open Notepad it runs the following two programs:

 

C:\WINDOWS\wininet32.exe

C:\WINDOWS\runwin32.exe

 

this help explain whats happening at all?

Share this post


Link to post
Share on other sites

You have trojans still on your computer. For starters, run your anti-virus. If you don't have one,

go to www.pandasoftware.com/activescan/activescan.asp?Language=2&Country=63&

or housecall.antivirus.com

These free scans will remove the virus also. You can later remove the free scan files from your computer if you don't want them.

AVG (Grisoft) is a free anti virus program also. (It's your choice.)

After a full system scan, if you're still having problems,

Delete the value:

 

RunWin32 %windir%\RunWin32.exe

 

from the registry key:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

If you have MADCOW.EXE in your system, delete it (It is an internet worm that spreads through MS outlook and uses wininet32.exe.

Maybe, this will help.

Share this post


Link to post
Share on other sites

In case, I wasn't too clear at the end, wininet32.exe

should be deleted also, but like I said, hopefully your virus

scan will do it for you. ( I always recommend a scan before you

go into the registry.)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0