Posts by dlh6213

HAPPY BIRTHDAY DANI!!! :)

In Win 98 I use WINPOPUP.EXE to send messages between PC´s connected in an Office web. I do not find some similar in Windows XP and I need it.
Ty. :o

I think what you're looking for is the net send command. If you have SP2 installed, have a look at this before using it:
http://support.microsoft.com/kb/839018

Here's a link to complete, detailed instructions:
http://www.daniweb.com/techtalkforums/thread6632.html

For some time now I have wondered about a file called Thumbs.db that appears in many folders on my computer. I finally decided to do a little research to find out what it is.

It turned out to be pretty innocent, yet unnecessary. The thumbs.db file is generated by the Windows operating system. It is a database file containing the small images displayed when you view a folder in "thumbnail" view (as opposed to tile, icon, list, or detail view). No harm is done by deleting thumbs.db files and there is no need to include them in your system backups. Whether you see these files or not depends on how you have your File Options set. Even if you can't see them, they are probably there (unless you've previously performed the following instructions).

To turn off this feature and save some disk space:

Click the Start button
Select Control Panel (or Settings, then Control Panel)
Select Folder Options
Click the View tab
Check Do not cache thumbnails
Click the Apply button
Click the OK button

Now you can search your computer for thumbs.db files and remove them:

Click the Start button
Click Search (or Find)
Click All files and folders
In the All or part of the file name box type Thumbs.db
Set the Look in pull-down menu to 'All …

Swank02, same as with your computer, HJT should be in a safe folder before fixing anything with it.

Close all windows, scan with HJT, and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

These look suspicious to me but the only info I can find is in an Asian language that I can't read; maybe you know what they're for:
C:\WINDOWS\System32\NECNSSNT.EXE
C:\WINDOWS\System32\NECPSSNT.EXE
C:\WINDOWS\System32\NECPWDNT.EXE
C:\WINDOWS\system32\NECPSP.EXE
O4 - HKLM\..\Run: [NECPSP] NECPSP.EXE

That's all I see, maybe one of the experts will see something I missed.

Look in this thread and you will find a link to "how you got infected," that will explain it a bit:
http://www.daniweb.com/techtalkforums/thread5690.html
While you're there, go to the link for SpywareBlaster and get that to help prevent further problems. And don't forget to keep Windows updated!

Here's the link to Kazaabegone:
http://www.spychecker.com/program/kazaagone.html
But if you've never had Kazaa installed on your computer you shouldn't need it.

Have you checked the settings in your firewall?

You could also try another browser, like Firefox, and see if that will allow you to get to those sites.

What happened to your HJT? Your first post was with the latest version, but this last one is an older version. You should post another log using the newest version (1.98.2)

I believe it's a dialer for PeoplePC and it won't work without it (I could be wrong though, see what replies you get).

Sending the error report won't rectify anything. Eventually, Microsoft may create a fix for it and put it in an update.

What exactly does the error say?

Double-click on My Computer, double-click on the c: drive, double-click on the Documents and Settings folder, double-click on the Owner folder (and/or your user ID), double-click on the Local Settings folder (Show hidden files and folders will have to be enabled in order to see this folder), double-click on the Temp folder, and delete all the contents. While you're there, you may as well click the back button a couple of times and delete the contents of the Temporary Internet Files folder as well.

Offeroptimizer seems to be your problem, similar problem in this thread:
http://www.daniweb.com/techtalkforums/thread5297-offeroptimizer.html
If there aren't links to any of the tools suggested in that thread, you will find them in the "Helping Yourself" thread at the top of the Security forum (just scans with a couple of different updated antivirus programs and adaware should do it). If you have anymore trouble with this, you should post a hijackthis log in the Security forum.

Before anymore help can be given, your logs need to be put in folders as suggested in post #4.

Are these logs from the same computer? It looks like posts 1 & 3 are, but 5 looks different. None of the logs show HJT being in a folder safe for saving backups.

Another helpful thread if Outlook Express freezes or Internet Explorer crashes:
http://www.daniweb.com/techtalkforums/thread10656.html

Yes, it would be helpful to know what kind of problems you're having.

This thread has attachments that describe how to install a dual-boot system, just follow the first part of either attachment for Win98:
http://www.daniweb.com/techtalkforums/thread11350.html

Go to Add/Remove Programs in the Control Panel and remove these:
WinRatchet.exe
WinAdTools.exe
Go to C:\Program Files and delete this folder:
Windows AdTools

Right now you're running HJT from your desktop; before fixing anything, it should be in it's own folder so it can safely save backups. You can either put it in a folder on your desktop (like C:\Documents and Settings\Owner\Desktop\HJT\\HijackThis.exe), or on your HDD (like c:\HJT\hijackthis.exe).

After you move it, close all windows, scan, and post a new log.

From Spywarewarrior, a reputable site that investigates alleged spyware removal tools;
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Like I said, I know that now -- thanks to the techs here -- but I didn't when I first came to this site and was desperate for a fix to the problem I was having.

Maybe an announcement could be put at the top of the Security forum stating that ads are not endorsed and/or to ask for advice/opinions before purchasing any?

As for this statement:

...word will spread VERY quickly among advertisers and that could be the demise of Daniweb.

I think it would only keep the rogue advertisers away.

And, as far as revenue is concerned, I think there would be more donations if the link were at the top of the forum pages instead of at the bottom. I was here for months before I even noticed it was there. I doubt donations will ever match advertising income, but it all helps, right? Also, unless I'm mistaken, I believe a small bit of income is derived every time someone just clicks on a google ad link; getting the word out about that could help some as well.

Do you have more then one firewall installed? If so, only one should be enabled.

Do you have any Norton/Symantec programs installed? If so, which one(s)?

Does this computer have SP2?

Yes, you should at least backup your important files first; a drive image would be a good idea too because things often don't go as planned.

To uninstall SP2, boot into Safe Mode, then remove it with Add/Remove Programs.

Updates look good Hammy! :)

C:\WINDOWS\system32\wscntfy.exe

Don't delete that file, you need it:
http://www.liutilities.com/products/wintaskspro/processlibrary/wscntfy/

Are you having a problem or just looking for a checkup? Please describe the problem if you have one.

1. As long as you have Kazaa and other P2P programs installed, they will continue to create problems. Go to Add/Remove Programs in the Control Panel and remove them. Run Kazaabegone from here to be sure all remnants of kazaa have been removed:
http://www.spychecker.com/program/kazaagone.html

2. Go to Windows Update to get all the Critical Updates for your system (but don't get SP2 until after you have cleared your system of malware).

3. Before you fix anything with hijackthis, it needs to be put in a permanent folder so it can safely save backups (like c:\hjt\hijackthis.exe); right now you have it in a temp folder.

4. After you put HJT in a different folder, reboot into Safe Mode and empty the contents of all Temp and Temporary Internet folders for all users, and then reboot normally.

5. Go to Add/Remove Programs in the Control Panel and remove Web Rebates and Windows AdTools.

6. Follow the recommendations in this thread to clean up some of the remaining problems:
http://www.daniweb.com/techtalkforums/thread5690.html (don't leave out SpywareBlaster!)

7. Close all windows, scan with HJT, and post a new log.

I only see a few minor things, but maybe one of the experts will see something important. But before you fix anything with HJT, it should be in it's own permanent folder (like c:\hjt\hijackthis.exe) so it can safely save backups in case something goes wrong.

The best advice I can offer is to follow the recommendations in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html
Then post a HijackThis log (explained in the thread) in the Security forum to, hopefully, identify the problem.

Does it say what the error is?

This may help:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q281679
If not, you may get a better response if you post your question in the Internet Explorer forum.

Does this help?
http://support.microsoft.com/?kbid=813514
If not, you may get a better response if you post your problem in the Software or Networking forum.

Personally, I wouldn't trust them -- they're probably part of the problem. Most of the legitimate (and free) tools can be found in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

If you need to post a HijackThis log (explained in that thread), please post it in the Security forum.

3 mnts and you still haven't posted a Hijackthis LOG! :)

Agreed, the best way for anyone here to help you is for you to post a HJT log (in the Security forum). No one can 'discover' what is on your system without something to go by. :)

oh boy. i dont have money.

It looks like an oversize watch battery and any place that sells watch batteries should have them. They're only about $3 (US); and easy to replace.

You have a lot to fix there, but there is a notice at the top of this forum requesting that all HijackThis logs be posted in the Security forum. You can either repost it or wait for one of the moderators to move it for you.

Also, before fixing anything with HJT, it needs to be in it's own permanent folder so it can safely save backups in case something goes wrong (like c:\hjt\hijackthis.exe), right now you're running it from a temp folder.

One more thing you should do is empty the contents of all Temp and Temporary Internet folders for all users on the computer. You can also do a search for *.tmp and delete all those files as well.

If you're having problems with system crashes and you have a pop-up blocker installed, uninstall the blocker and see if it helps. It did in this thread:
http://www.daniweb.com/techtalkforums/thread13214.html

Thanks Alex, if I notice anything again, I'll be sure to do that!

The links in the edit part of Dave's post (#11) should fix this particular problem (crsss.exe)

Well, I've tried to remove the registry entries but I couldnt find them.
That's strange. Maybe its a newer version.

I scanned my system with trojanhunter and it removed the trojan, but when I rebooted the trojan was back again, and this keeps going.

It seems impossible to remove this one. I really dont understand....

I haven't seen one yet that couldn't be removed, but some take more perseverance then others. Go to this thread and get HijackThis and post a log here.
http://www.daniweb.com/techtalkforums/thread5690.html

I haven't heard about the particular problems you're experiencing (except the slowing down from one other person). You should check this thread though to make sure your system meets the requirements and also to see what other conflicts have been discovered:
http://www.daniweb.com/techtalkforums/thread10031.html

If you reinstall XP and then get SP2, you shouldn't have any problems with it.

Necessary? Anything that helps with the security flaws in Windows should be considered a necessity! Having said that, if you have a hardware-type firewall, practice safe browsing habits, and are vigilant about keeping your system pest-free, then you can probably do without it. I don't have it on this computer I'm using now (yet).

You would need a third-party program in order to do that, something like PartitionMagic. Make sure your data has been backed up before using any program of this type as things can go wrong.

Are you sure you want only one 80G drive? It's usually better to have at least two for a couple of reasons:
Defragging and searching are faster
If one partition gets a virus, corrupted files or whatever, at least the files on the other partition are somewhat safe.

Try this; right-click on a blank area of your desktop (someplace where there are no icons), in the menu that pops up, click on Properties. In the next window, click on the Desktop tab; down near the bottom, click on the Customize Desktop box. Click on the Web tab and let us know what is in the box under 'Web pages:'

Before you make any changes to the registry, you should first back it up. Here are the instructions for doing so:
http://support.microsoft.com/default.aspx?kbid=322756#2

In regards to this statement:

The last thing I need is to defragment my HD.

Defragging should be done on a regular basis (once a week in my opinion, but some people say twice a year is okay). I think you probably meant to say 'reformat.'

Great! Glad it worked! :)

I don't know if this will help, but since you have SP2 it's worth a look:
http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=17D997D2-5034-4BBB-B74D-AD8430A1F7C8&displaylang=en

That's how I ended up purchasing xoftspy; since it was advertised here, I thought it was being 'recommended.' I know better now, but I've wondered myself if there isn't a way to screen the advertisers.

I work in a Middle School in Texas.
We have teachers here that teach World History. I had a lot of teachers who didn't know what they were going to use as a visual aide.
I have already seen this used in many rooms. They are all just putting it on the projectors and letting it play.

Thanx again for the link!

Cool!! Glad to hear it! :)

Roxie, no one thinks you're dumb; it's confusing and hard to comprehend in the beginning.

As for the part about clicking on the "x" instead of "no" -- sometimes their "x" means "yes" too. The best thing to do is right-click and select Close.

Did you mean to say Spyware Buster or SpywareBlaster? I'm not familiar with the first one, but if you don't have Blaster, you should -- there is a link to it in crunchie's signature. Keep that and your Windows Updates current and you will be protected from a lot of problems.

Go to Add/Remove Programs in the Control Panel and remove WebSavingsfromEbates, Internet Optimizer, and BullsEye Network if found.

Boot into Safe Mode.
Go to C:\WINDOWS\System32 and delete systime.exe and gdqvudij.exe
Go to C:\Program Files and delete the WebSavingsfromEbates, Internet Optimizer, and BullsEye Network folders (if found)
Go to C:\WINDOWS and delete alchem.exe and wupdt.exe

Scan with HJT and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 …

Also, there is a ridiculous noise coming from the cabinet that sounds like there is a wheezing asthmatic inside. I have cleaned all the cooling fans, so don't know what else it could be.

Interesting description :). It sounds like one of your fans is dying; you need to find out which one and get it replaced before you have some major damage. I've never heard a hard drive make a noise like that before, but I suppose that's possible too.

This may help:
http://www.kbalertz.com/kb_325478.aspx

It says it is n the C:\SystemVolumeInformation....... and to run AVG, but when I run it, it says that everything is OK and that I have no virus. And hours later the same note shows up. What do I do?

I believe DMR suspected this; the virus has made it's way into your System Restore folder. Review this thread for more information about it and how to fix it:
http://www.daniweb.com/techtalkforums/thread13142-restore+system.html
If that doesn't clear it up for you, feel free to ask for more clarification/help.