Posts by dlh6213

These all sound like devices that could be part of your motherboard; when you bought the computer (or motherbord, if you built it yourself), you should have received a CD containing the motherboard drivers. If you don't have this CD, you will need to open your computer and get the model number of the motherboard. If you can't find the motherboard drivers yourself (using google), you can post the model number here and we'll see if we can assist.

What OS are you using?

If it's XP, here is the manual way to do what "Repair" is supposed to do:

Go to Start, Run, type in cmd, click OK.

When the new window comes up, type in ipconfig /release

Wait a moment for it to do that, then type in ipconfig /renew

This may take a few moments; when it's done, type in ipconfig /all and post the results here.

You can also try IEFix from here:
http://www.majorgeeks.com/download4467.html

And Winsockfix from here:
http://www.digitalminds.net/index.pl/downloads

See if this helps:

http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx

Looks good except for this

O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun

Its either good or bad its hard to tell the good one has the same name as the bad one (how convienent) so maybe so one else can make the call.

This is the Registry Checker tool; more info here:
http://support.microsoft.com/kb/183887/EN-US/

draft --> windy

Snowwolf, you need to go to Windows Update and get the Critical Updates for your system, at least SP1.

No need to start a new thread, I'll move this one there now...

You shouldn't try to remove it, but you should be able to stop it from running all the time. Here's a little info on it:
http://www.auditmypc.com/process/helpctr.asp

DIMM is one of several types of RAM; to find out more about RAM, check out this site:
http://webreference.com/graphics/column14/

Of the ones you've listed, I would say Dell probably gives the best value for the money with Windows installed (if you get one of their systems at one of their frequent sale prices). BUT, avoid their financing arm (Dell Financial) like the plague!

Also, of the ones you've listed, Apple will give the most stable, problem-free performance, but it comes with a higher price tag.

Linux systems offer both value and stability. I'm partial to Linspire (aka Lindows) myself, and Tiny (among other manufactures) offers it with their systems. Find out more here: http://www.linspire.com/
You may also be able to get a Dell with Linspire: http://dell.questar.it/

:My problem isn't that I suspect my computer has been hacked (although the suspect may be watching my every entry, even as I type it, I know)...

What do you mean by this? Do you suspect a keystroke logger has been installed on your computer?

:...my main interest in IP numbers comes from not wanting them to trace me...

What type of ISP do you have, dial-up or DSL (or somthing else)? If you have dial-up, your IP address changes everytime you log on, so it would be pretty hard to trace you that way. If you have DSL, or something else with a static IP address, you can change it by doing a Release & Renew as often as you like -- I don't know if it will help, but it might.

See posts #25 & #28 in this thread:
http://www.daniweb.com/techtalkforums/showthread.php?t=10031&page=2&pp=15

Try IEFix from here:
http://www.majorgeeks.com/download4467.html

And Winsockfix from here:
http://www.digitalminds.net/index.pl/downloads

Hi,

Can I install Windows 98 on an XP machine? Run dual operating systems?
I need Windows98 because some of my old software won't run on XP.
Is this a good/bad idea? How do you do it? or should this be done by a professional? Thanks!

If you ever decide to go ahead and do it, you can find instructions here:
http://www.daniweb.com/techtalkforums/thread11350.html

In addition to Ad-Aware and Spybot, please do the following:

Go to Windows Update and get the Critical Updates for your system

Get the latest version of HijackThis (currently 1.99.1)

Close all browser windows, scan with the updated hijackthis, post the new log.

Just to expand on what seatsd said, I've been using Norton System Works since '96; I've had very little trouble with it, but since coming here to DaniWeb I've learned quite a bit. Norton uses a lot more system resources than most other programs that do the same thing -- when my current subscription expires, I'm going to try something else. AVG is supposed to be one the better free antivirus programs, but, for a reasonable price, NOD32 is supposedly the best.

Don't ever let yourself be fooled into thinking you are fully protected -- it ain't gonna happen. The combination you described, a good AV, Spybot, and Ad-Aware will offer a good amount of protection; and you should consider adding SpywareBlaster as well. Keep everything updated, incuding Windows and IE! That's the most important thing. Most viruses, etc., are released after patches were made available to prevent them.

There shouldn't be any conflicts among anything you mentioned; is the firewall you're getting a hardware firewall or software firewall? If it's a software firewall, you should disable the Windows firewall or you will have conflicts there.

Using an alternative browser, such as Firefox, is a good idea, but you still need to keep IE as there will be a few sites that won't work with Firefox (Windows Update, in particular).

These threads may interest you as well:
http://www.daniweb.com/techtalkforums/thread16365.html
http://www.daniweb.com/techtalkforums/thread5690.html

different --> weird

I would suggest trying these two fixes and see if they help:

IEFix from here: http://www.majorgeeks.com/download4467.html

Winsockfix from here: http://www.digitalminds.net/index.pl/downloads

You probably need to unzip it :)

To unzip it, right-click on the hijckthis.zip file, and then choose the "Extract All..." option from the menu; this will start XP's extraction Wizard. Follow the Wizard's steps using the default selections. This will create a sub-folder named HijackThis, which contains the actual hijackthis.exe program.

Oh, by the way, it's caperjack (not camperjack :) )

Turtles --> Turtle Wax

I haven't actually used, or even seen one, but I've heard there are computers coming out now that don't have a restore CD with them, they have the all the XP files and other programs that came installed on the computer on the hard drive. The model you have I believe came this way and the files are probably on your "D" partition. Is that the "Destructive Restore" you mentioned?

Once you get it reinstalled, see this thread before going online again:
http://www.daniweb.com/techtalkforums/thread16365.html

Ooooo, sorry about that, I meant SP1! Typo! Thanks Dave :)

"Show hidden files and folders" may need to be enabled in order to see those entries DMR noted.

Hello Guys! Can I ask a "beginner question"?
Is defrag supposed to last 3 days? I had to cancel my last one because it never ended, it went on and on, night and day. . .is there a way to "speed it up"? Will it last longer the more I delay to do another one? And finally, if I run defrag, let's say for 48 hours and stop it (to get some things done), will it pick up where it left off if I start it again the next day?
I'm sorry, I just don't know technical stuff like that, but want to learn.
Thank you! :confused:

Just to add to what caperjack and Mr. M said, defrag shouldn't take three days. If it does, it's because of something else running that makes it restart. When it restarts (either by you or by some program), it will start over, but will go through the part that has already been defragment rather quickly, so it's almost like starting where it left off.

How long it takes depends on the size of your drive (or partition) and how fragmented it is. The more often you do it, the less time it will take; some people say once or twice a year is enough, but in my experience it can take several hours when doing it that seldom. I do mine once or twice a month and it only takes a few minutes each time... I'd rather spend a …

You have hijackthis in a temporary folder, please move it to a permanent folder of it's own, like c:\HJT\hijackthis.exe, so that it (and it's backups) don't get accidently deleted.

After you've moved it, scan again, save the log, copy it, and paste it here (not as an attachment, please).

Go to Add/Remove Programs in your Control Panel and remove these (if found):

180solutions
Rjrant

You may need to use Pocket Killbox for some of these, but let's see how hijackthis does with them first. Scan with HJT and have it fix the following entries:

O4 - HKLM\..\Run: [Windows Compliant] winole.exe
O4 - HKLM\..\Run: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\Run: [Microsoft is Gay] nesse69.exe
O4 - HKLM\..\Run: [dBbFUobc] D:\WINDOWS\doreymf.exe
O4 - HKLM\..\Run: [sais] d:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Asaha] C:\Program Files\Rjrant\Mmmskk.exe
O4 - HKLM\..\Run: [Dns Server] dnswn.exe
O4 - HKLM\..\Run: [Microsoft Update] Svhost.exe
O4 - HKLM\..\Run: [PPPOEO] pingppac.exe
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe
O4 - HKLM\..\RunServices: [Microsoft Excel] msexcel.exe
O4 - HKLM\..\RunServices: [Microsoft is Gay] nesse69.exe
O4 - HKLM\..\RunServices: [Dns Server] dnswn.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Svhost.exe
O4 - HKLM\..\RunServices: [PPPOEO] pingppac.exe
O4 - HKCU\..\Run: [Microsoft Excel] msexcel.exe
O4 - HKCU\..\Run: [Windows Compliant] winole.exe
O4 - HKCU\..\Run: [Dns Server] dnswn.exe
O4 - HKCU\..\Run: [Microsoft Update] Svhost.exe

Be sure all windows are closed other that HJT before hitting the Fix button

Go to the following locations and delete the highlighted file or folder:

D:\WINDOWS\doreymf.exe
D:\Program Files\180solutions
C:\Program Files\Rjrant

Reboot

Close all browser windows, scan with HJT, and post a new log please.

It will help if you tell us what you did do; did you make any changes to the registry? Run Ad-Aware, SpyBot, or Fixme yet? Did you get HijackThis? A log from HijackThis may help quite a bit.

You need to go to Windows Update and get the Critical Updates for your system, at least SP2.

Get SpywareBlaster (use the Software tools link in caperjack's signature), update it, and have it enable all protection.

Doing these two things will prevent most of the type of problems that just got cleaned up.

Are you still having trouble with searchfeed and kon4ay?

I can think of a couple of things for you to try:

Winsockfix may resolve the problem; http://www.digitalminds.net/index.pl/downloads

Or, you can try Hoster; Download Hoster from http://members.aol.com/toadbee/hoster.zip
Run Hoster and press Restore Original Hosts, OK, and Exit Program.

Reboot

See if you still get the error

also... i didnt have my system restore off like i did before when i did the hijack this... just to let you know before you give me any more advice!!!

I'm not real sure what you mean by this, but if you have System Restore off now, you should turn it back on after your system is cleaned up; if it is on now, you should set a new Restore Point when your system is clean.

You should never click on any popups; you should either right-click and select Close, or use Task Manager to end it.

USave may have been installed via Bearshare, but I don't belive it's a part of it. Here is a bit of info on it:
http://www.liutilities.com/products/wintaskspro/processlibrary/save/

Download Hoster from http://members.aol.com/toadbee/hoster.zip

Now, scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jbqdi.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jbqdi.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jbqdi.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jbqdi.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jbqdi.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jbqdi.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [SYSBA32.EXE] C:\WINDOWS\SYSBA32.EXE
O4 - HKLM\..\RunServices: [NETYS.EXE] C:\WINDOWS\NETYS.EXE
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupdatednews.com/install/aun_0011.exe

Be sure all windows are closed before hitting the Fix button.

Go to the following and delete the highlighted file or folder:

C:\WINDOWS\SYSBA32.EXE
C:\WINDOWS\NETYS.EXE
C:\PROGRAM FILES\SAVE

I'm not sure about these, do you know what they're for?
O4 - HKLM\..\RunServices: [AVKService] C:\PROGRA~1\EXTEND~1\AVKSER~1.EXE
O4 - HKLM\..\RunServices: [WINLJ32.EXE] C:\WINDOWS\SYSTEM\WINLJ32.EXE
If not, right-click on them, go to Properties, and give us whatever info you can on each of them.

Run Hoster and press Restore Original Hosts, OK, and Exit Program.

…

I agree with hellotim's opinion about the use of bearshare being a possible entryway for malware.

Any data you have that you feel is important enough to keep, you should be backing up regularly so you don't have to worry about losing it when (not 'if') something happens.

You should get the latest version of hijackthis from here:

http://www.spywareinfo.com/~merijn/

As always, close all browser windows, scan with HJT, save the log, copy and paste it here.

Try reinstalling the motherboard drivers, they should be on the restoration CD you got from eMachines.

This program will work, but as DMR said, if the drive has been in use, the files most likely will have become corrupted:

http://www.snapfiles.com/get/restoration.html

The easiest way to get to your ActiveX settings is to Open Internet Explorer, click on the Tools tab, click on Internet Options, click on the Security tab, and then click on the Custom Level button. You will see several options for different settings; go down the list and make the appropriate changes, for example:

This is how I have my ActiveX settings; you can use this as a guide to set your own (If you Enable all the options, you are leaving your system open to unwanted intrusions.):
Download signed ActiveX controls -- Prompt
Download unsigned ActiveX controls -- Disable
Initialize and script ActiveX controls not marked as safe -- Disable
Run ActiveX controls and plug-ins -- Enable
Script ActiveX controls marked safe for scripting -- Enable

The more of these you have Disabled, the safer your system is, but there will be sites that you can't access. Prompting is the next best thing, but constantly clicking OK can be tedious and you usually don't know whether it should be allowed or not. The described combination works best for me, but not be best for you -- it is just shown as a reference.

You should post your hijackthis log in the Virus forum for review.

Do you want to get rid of the Cookie Washer program? If so, you should go to Add/Remove Programs in your Control Panel and remove it; then use hijackthis to fix the O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Administrator" entry. and finally, go to C:\Program Files and delete the Cookie Washer folder.

The Hotfixes you mentioned are the patches from your Windows Updates -- you shouldn't delete them. If you're not getting your updates automatically, you should get them manually.

To delete those keys, you need to use the Registry Editor.

To get to the Registry Editor, go to Start, Run, and type in regedit; click OK and the Registry Editor will open.

Before you edit the registry, you should make a backup. At the top of the Registry window, click on the Registry menu, click Export Registry File. In the Export range panel, click All, then save your registry as Backup.

Make the changes you want, then exit the Registry Editor.

In terms of the 180Search Assistant, don't even bother trying to use Add/Remove Programs to uninstall it. Even if you went through all of the (intentionally difficult) uninstallation process, it wouldn't remove all traces of the programs anyway.

See if these two utilities can remove the offending programs:

Download and run Ad Aware and SpyBot Search & Destroy. Download links are in the "Helping Yourself" sticky thread near the beginning of this forum.

Follow these directions for configuring Ad Aware (directions courtesy of "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at …

This thread needs moving across to the correct forum. Apologies for that. Any help would be very much appreciated.

Here you go :)

I'm sorry, but assistance with p2p software is not permissible according to forum rules:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

wow! one from the lost and found

Been trying to get the unanswered threads caught up :)

Can't get rid of this as my frigging home page. Nothing works, and when I run my anti virus, it doesn't pick it up. Any ideas....?

Get HijackThis from here:

http://www.daniweb.com/techtalkforums/thread18768.html

Close all browser windows, scan with hijackthis, save the log, and post it here.

I got rid of the cache and cookie washer, but can't get rid of this file , I went into add/remove and it still shows
joal

What file can't you get rid of?

You should go to Windows Update and get the Critical Updates for your system (SP4).

As Catweazle suggested, you should still try to get IE working properly as it is the only way to get your Windows Updates. You may run into other websites as well that need IE to access them.

I'm now trying to find the right balance to block out the amazing amount of crap out there and still be able to install programs and browse.

It may help to 'Customize' your ActiveX settings:

The easiest way to get to your ActiveX settings is to Open Internet Explorer, click on the Tools tab, click on Internet Options, click on the Security tab, and then click on the Custom Level button. You will see several options for different settings; go down the list and make the appropriate changes, for example:

This is how I have my ActiveX settings; you can use this as a guide to set your own (If you Enable all the options, you are leaving your system open to unwanted intrusions.):
Download signed ActiveX controls -- Prompt
Download unsigned ActiveX controls -- Disable
Initialize and script ActiveX controls not marked as safe -- Disable
Run ActiveX controls and plug-ins -- Enable
Script ActiveX controls marked safe for scripting -- Enable

The more of these you have Disabled, the safer your system is, but there will be sites that you can't access. Prompting is the next best thing, but constantly clicking OK can be tedious and you usually don't know whether it should be allowed or not. The described combination works best for me, but not be best for you -- it is just shown as a reference.

I've been through Oregon a lot, but I never realized there …

You need to go to Windows Update and get the Critical Updates for your system, at least SP1.

You should fix this one with hijackthis too:

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/D...e/bridge-c7.cab

You've almost got it; right-click on your desktop, select New, Folder; name the new folder something like HJT or hijackthis; drag the hijackthis.exe icon that is on your desktop into that new folder.

Go to Add/Remove Programs in your Control Panel and remove (if found):

ISTsvc, IST, or something similar

Scan with hijjackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?ap...ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kon4ay.biz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kon4ay.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rd.yahoo.com/mail_us/mailto/....redir=ymmapi10
O1 - Hosts: 69.60.111.224 localhost #this is not an ad server this is your PC
O1 - Hosts: 69.60.111.224 www.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.doubleclick.net #remove this for atomfilms problems
O1 - …

Right-click on your desktop, select New, Folder; name it something like HJT or hijackthis; then, drag the hijackthis.exe icon that is on your desktop into that new folder.

Scan with hijackthis and have it fix the following entries:

F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O4 - HKLM\..\Run: [dxset.exe] C:\WINDOWS\dxsetu.exe

Be sure all windows are closed other than hijackthis before hitting the Fix button.

Go to C:\WINDOWS and delete dxsetu.exe

You can also try winsockfix and see if it helps resolve the problem:

http://www.digitalminds.net/index.pl/downloads

Get the latest version of hijackthis (1.99.1) from here:

http://www.spywareinfo.com/~merijn/

Close all browser windows, scan with the new hijackthis, and post a new log please.

I have tried to access the site on 3 different computers (Windows 98 and XP) in my home to check 4 different hotmail accounts and the same messages occur on all.

If you're having the same problem on all these computers, it's probably not a problem with this particular computer (unless it's a host?).

Do you have any routers or anything like that all the computer go through to connect?

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {BC09EBDF-73FD-49C9-A7F7-7542400D321E} - (no file)
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0181a3b8edfec4...ip/RdxIE601.cab
O18 - Filter: text/html - {D5292965-BFC2-4354-8470-63CFD6F3C7A3} - (no file)
O18 - Filter: text/plain - {D5292965-BFC2-4354-8470-63CFD6F3C7A3} - (no file)

Make sure all windows are closed other than hijackthis before hitting the fix button.

You can also try winsockfix and see if it helps resolve the problem:

http://www.digitalminds.net/index.pl/downloads

This thread should help you get started:

http://www.daniweb.com/techtalkforums/thread14624-hijackthis+scan+fix+log+notepad.html

This one may help prevent such problems in the future:

http://www.daniweb.com/techtalkforums/thread16365.html

You can also try winsockfix and see if it fixes the problem:

http://www.digitalminds.net/index.pl/downloads