Posts by dlh6213

Go to Windows Update and get all the critical updates for your computer except SP2.
Do what deonna has suggested.
After your computer has been cleaned up, you should probably go to Windows Update again to get SP2, but you should read through this thread before doing so:
http://www.daniweb.com/techtalkforums/thread10031.html

Need more info; OS, free HDD space, RAM, CPU, program(s) being used for MPG's...

I also understand my memory is not ideal for Windows XP. The problem is that this PC comes with the emergency restoration disks so if the hardware is changed, then I can´t restore the original setup anymore. Ever.

That doesn't sound right to me, where did you get that information? You should be able to add RAM without affecting setup. :confused:

I'll try to help with what little I can. First of all, go to Add/Remove Programs in the Control Panel -- see if ebates or websavings is there and remove it if it is.

Next, clear out all Temp and Temporary Internet folders; do a search for *.tmp and delete everything found.

Close all windows, scan with hijackthis, and have it fix the following entries, if found:
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

Reboot into Safe Mode and go to C:\Program Files, look for WebSavingsfromEbates and delete it if found.

Reboot normally, close all windows, scan with HJT, and post a new log. Maybe one of the experts will spot something else.

Follow the tips in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html
as well as the links in crunchie's signature as these will help keep you from being reinfected.

Please post another HJT log.

Hi Hazel09, before you fix anything with hijackthis you need to have it in a permanent folder (like c:\hjt\hijackthis.exe) so it can safely save backups in case something goes wrong. It shouldn't be run from a temporary folder or from your desktop. Also, whenever you scan with hjt, you should have all browser windows closed.

As long as you use P2P programs, you will continue to have problems.

This thread has links to free antivirus and firewall programs:
http://www.daniweb.com/techtalkforums/thread5690.html
The firewall is nearly as good as Norton without using up as much of your systems resources. Most 3rd party firewalls are better then the XP firewall.

Unfortunately, no antivirus/spy/ad ware program will clean up everything -- you need to have several programs, keep them updated, and scan with them regularly. That thread has additional utilities besides the ones you are already using that can help keep your system clean.

You also seem to have a problem with your memory, as 112MB is not a standard size (and barely enough for XP anyway).

Hi Htgrl, welcome to DaniWeb! :) You must not have seen it, but there is a notice at the top of this forum requesting that all hijackthis logs be posted in the Security forum. You can either repost it there or wait for one of the moderators to move it for you. But before you move it, there are a couple of things you should do. First, follow all the recommendations in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

If your problem has not been cleared up, put your hijackthis in a permanent folder (like c:\hjt\hijackthis.exe); HJT cannot safely save backups when it is a temp folder like you have it now. Backups could be needed if something goes wrong. Also, close all browser windows before scanning.

I'm not sure about this, but I believe Spybot is waiting for you to reboot in order to clear up a few more entries, so you should also reboot before posting another log.

Hope this makes sense...

It's spyware, check this link for info:
http://www.liutilities.com/products/wintaskspro/processlibrary/ViewMgr/

To get rid of it and anything else you may have, and to help prevent further intrusions, follow the recommendations in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

If you decide to post a hijackthis log (explained in that thread), please do so in the Security forum.

The answer to that for most people is yes, but you should first read through this thread for possible consequences and to make sure your system meets the minimum requirements:
http://www.daniweb.com/techtalkforums/thread10031.html

You've already taken one important step by cleaning up the malware on your system (thread http://www.daniweb.com/techtalkforums/thread12633.html). In that thread you stated your system was running slow, and I now see part of the reason for that -- you barely have enough memory for XP to run well. Also, 112MB is an odd number for RAM, are you sure it's not 128MB? If you can increase it to 256MB or more, I think your computer will run much better.

Hope this helps some.

Oh no!! More!!

Politically-Correct Virus -- Never identifies itself as a "virus," but instead refers to itself as an "electronic micro-organism."

Paul Revere Virus -- This revolutionary virus does not horse around. It warns you of impending hard disk attack: Once, if by LAN; twice if by C.

The popup you're getting makes it apparent you have adware on your system, but I can't help you get rid of it. This is not a solution, but it should at least prevent the popups: try a browser other then Internet Explorer, like Firefox or Opera. Note: you will still need to keep IE in order to get Windows Updates and to access certain other sites.

For your other problems, a refresh install of Windows may resolve them.

(Suggestions compliments of Catweazle)

reformat and get windows XP, dont download SP2, put norton on and see what happens

Steve, given the price of Windows XP, this may not be a very good solution. Besides, with XP you don't really need Go Back because System Restore does basically the same thing.

Tom, I'm afraid I don't have a good solution either, but if I were to make a guess, I'd suspect insufficient memory.

Hopefully someone else here will have some better ideas.

Mabantot, there is a notice at the top of this forum requsting that all hijackthis logs be posted in the Security forum as this is where the security experts hang out. You can either repost your thread there or wait for one of the moderators to move it for you.

Before you repost, follow the steps in this thread as it will fix many of your problems:
http://www.daniweb.com/techtalkforums/thread5690.html

Ivan, welcome to DaniWeb!

You should have started a new thread instead of tagging onto someone else's.

You're problem shouldn't be related to the programs you mentioned, but it does seem to be malware related. You should try the steps recommended in the thread "Helping Yourself" in the Security forum (http://www.daniweb.com/techtalkforums/thread5690.html).

If the problem persists, post a hijackthis log (explained in that thread) in the Security forum.

Everyone is allowed to their own opinion, like I say, with free things you get what you pay for.

You seem to be implying that free anti-malware porgrams aren't any good, and that simply is not true. Some of the best and most recommended software is free. The links in DMR's signature are a few examples of this; these programs are all free and come highly recommended by anyone who rates or uses them.

If you get "script error" or "run time error" after installing SP2, check this thread for possible fixes:
http://www.daniweb.com/techtalkforums/thread12500.html

lgold5 started a new thread: http://www.daniweb.com/techtalkforums/thread12841.html

Try this: Go to your Control Panel, Administrative Tools, Services. In the list on the left side, find the name of the service you want to change (Windows Media Player); go over to the Startup Type column and change it from automatic to manual.

Hopefully someone else here will have some other ideas; I can only think of a couple of other possibilities.

Depending on how many services and programs you have running, 256MB of RAM may be inadequate. Have you tried running in Safe Mode to see if the problem exists there as well?

The only other thing I can think of would be the possibility of malware on your system so there are things running you're not aware of. Follow the recommendations in this thread to clear out any unwanted intruders
http://daniweb.com/techtalkforums/thread5690.html

Is this what you're looking for?
http://www.theregister.co.uk/2004/09/02/winxpsp2_security_review/

I don't think this one will answer your question, but you may find it interesting anyway:
http://www.ameritech.net/users/mpr_support/XP-SP2.html

Try the recommendations in this thread before you post a hijackthis log:
http://daniweb.com/techtalkforums/thread5690.html

try some better virus scanner/removers like this one
http://vil.nai.com/vil/stinger/

I don't know about 'better' as they all find different things and it is best to try different ones until a particular problem has been resolved. (There is a link to Stinger in the thread I suggested earlier as well as several other helpful utilities)

Follow the recommendations in this thread first:
http://daniweb.com/techtalkforums/thread5690.html

There's a link to hijackthis should you still need it.

Here's another thread to review for further assurance:
http://www.daniweb.com/techtalkforums/thread12720.html

Step 1. Go to Windows Update and get all the Critical Updates except SP2 (wait till you get your system cleaned up, then get SP2). These updates will help prevent this from happening again.

Step 2. Get SpywareBlaster (which will also help prevent intrusions); there is a link to it in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

Step 3. Follow the other recommendations in that thread as this will help resolve a lot of your problems.

Step 4. Put HijackThis in a permanent folder (like c:\hjt\hijackthis.exe) so it can save backups safely in case something goes wrong. Right now you have it in a temp folder.

Step 5. Close all browser windows, scan with hjt, and post a new log. Someone will help you clean up whatever is left.

Have you installed all the motherboard drivers yet? And if you don't have on-board audio and graphics, have you installed drivers for those devices as well?

I don't see anything bad in your log and since no one else has responded I'm guessing they don't either. This may not be malware related, perhaps if you post a thread in the Windows XP forum someone there will have some ideas. You might want to include a link to this thread as well. Sorry.

Close all windows, scan with HJT, and have it fix the following entries:
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
(for more info on this one, http://www.giantcompany.com/antispyware/research/spyware/file-multimpp.dll.aspx)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
(more info, http://www.giantcompany.com/antispyware/research/spyware/file-conscorr.exe.aspx)
O4 - HKLM\..\Run: [hvmyjrjry] C:\WINDOWS\System32\gtwnnjmp.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)

Note: the 'more info' links are only there if you want to find out more about these entries.

Go to Add/Remove Programs in your Control Panel and remove these if found:
conscorr
gtwnnjmp

Reboot into Safe Mode, go to C:\WINDOWS and delete this entry, if found:
conscorr.exe
Go to C:\WINDOWS\System32 and delete this entry, if found:
gtwnnjmp.exe

That's all I see, perhaps one of the experts will see something I missed.

If your Windows Updates are current, this is most likely due to a glitch in Spybot and you can set it to ignore DSO Exploits. Have a look at this thread:
http://www.daniweb.com/techtalkforums/thread8532-DSO+Exploit.html

Go to Widows Update and make sure you have all your Critical Updates (if you have WinXP, however, make sure you don't have any malware on your system before getting SP2).

If you still have the problem, follow the recommendations in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

If the problem persists, post a hijackthis log (explained in that thread) in the Security forum.

What OS do you have and what brand is the flash drive?

After you replaced the motherboard, did you install all the motherboard drivers?

...can anyone instruct me how to get rid of it??
Wallace.

Well, that kinda depends on where it is; if it's in a Temp folder, you should just be able to empty the folder. Your best bet may be to post a HijackThis log (found in this thread: http://www.daniweb.com/techtalkforums/thread5690.html or from here: http://www.softpedia.com/progDownload/x-Download-5034.html) in the Security forum.

Can you boot into Safe Mode and use System Restore to a point before you made the changes?

devldr32.exe is part of your Creative Labs Audio.

The Sticky Thread near the beginning of this forum has a link to a HijackThis tutorial, and there are others if you do a search with google.

Google is also one of the best ways to learn about viruses.

I don't have time to review your log now, hopefully someone else will shortly.

How is your computer running now? Your log looks okay to me, but maybe crunchie or someone else will spot something.

This is how I have my ActiveX settings; use this as a guide to set your own to see if it helps any:

To get access to the ActiveX controls in Internet Explorer, Open IE, click on Tools, click on Internet Options, click on the Security tab, click on the Custom Level button (near the bottom). Scroll down a bit to ActiveX controls and plug-ins; here you will have several options. Keep in mind that if you Enable all the options, you are leaving your system open to unwanted intrusions.

Here is how I have my settings:
Download signed ActiveX controls -- Prompt
Download unsigned ActiveX controls -- Disable
Initialize and script ActiveX controls not marked as safe -- Disable
Run ActiveX controls and plug-ins -- Enable
Script ActiveX controls marked safe for scripting -- Enable

The more of these you have Disabled, the safer you system is, but there will be sites that you can't access. Prompting is the next best thing, but constantly clicking OK can be tedious and usually you don't know whether it should be allowed or not. The described combination works best for me, but not be best for you -- it is just shown as a reference.

Anyone have any advice on the HJT log? (Or other suggestions for the script and activex errors)

You can find a free firewall, antivirus, and other useful tools in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

That's quite a worm there!

Lameme is a Spanish word meaning "you lick me" so you could be right in your assumption.

Adware -- Follow the suggestions in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

If you need to post a Hijackthis log (explained in that thread), please post it in the Security forum.

Product Key -- All I know is to contact Microsoft. Maybe someone else here will have another idea.

For future reference, if anyone else has a similar problem, please start a new thread.

Catweazle: in my case the installations aren't being rushed, in fact I do it so slowly, reading everything to make sure I don't miss something, that it irritates my son! Wish I had your luck in always getting software that asks!

Larry: Are you using XP? If you create a Restore Point on your system before you make any changes, you can always go back if you make a mistake. And/or you can create a backup of the registry to really make sure by following the steps from M$:
http://support.microsoft.com/default.aspx?kbid=322756#2
It won't hurt anything to do both the Restore Point and backup.

After you've set a Restore Point and/or made a backup of the registry, follow the steps in the link caperjack provided.

Please post your hijackthis log here so we can see what you have.

Go to your Control Panel, Administrative Tools, Services. In the list on the left side, find the name of the service you want to change; go over to the Startup Type column and change it from automatic to manual. Use the Blackviper website I gave earlier as a guide to settings. You should only change one or two at a time and run your system for a couple of days to make sure you haven't changed something you want.

After you have HJT fix the noted entries, please post a new log.

If someone hacked into my system (which actually did happen once and I reformatted my system!), I'd want to at least make sure everything was clean. Follow the recommendations in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

Go to Windows Update and get all your Critical Updates (if you're using WinXP, don't get SP2 until after you're sure your system is clean).

Get SpywareBlaster (in that thread), update it, and have it enable all protection.

After you've done all tha, post a Hijackthis log (also explained in that thread) in the Security forum.

You should find the instructions you need in this thread:
http://www.daniweb.com/techtalkforums/thread6632.html

Some type of malware could be causing this, but it could also be overheating.

Have you cleaned inside your computer lately? Be careful when doing this and usa a ground strap to prevent damage via static electricity. Make sure all the fans are working and not making any funny noises (case fan, CPU fan, and power supply fan).

If there's no problem there, it could be the power supply going bad. If you have another one available, try putting it in and see if it helps. If you don't have one handy, I'd try the malware stuff first.

If you suspect some type of virus, go to this thread and follow all the advice given:
http://www.daniweb.com/techtalkforums/thread5690.html

If you still suspect intruders, post a hijackthis log (explained in that thread) in the Security forum.

Attached is an application for U.S. president: