Posts by dlh6213

Try posting your problems in the Windows XP forum or Windows Software forum, maybe someone will be able to help.

You need to go to Windows Update and get all the Critical Updates for your system (you may want to hold off on SP2 until you get all the malware cleaned off).

There are a lot of things running there, check this site for tips on settings:
http://www.blackviper.com/WinXP/servicecfg.htm

Empty all Temp and Temporary Internet folders for all users; search for *.tmp and delete everything that is found.

For the tools Billy suggested, go to this thread:
http://www.daniweb.com/techtalkforums/thread5690.html
Follow all the other suggestions there as well.

Before scanning with HJT, be sure all browser windows are closed. After doing the previous steps, scan with HJT and have it fix the following entries, if found:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

The first thing you need to do is follow the advice in this thread:
http://www.daniweb.com/techtalkforums/thread7370.html

After that, you should go to Widows Update and get all the Critical Updates for your system (you may want to wait on SP2 until you get all the malware off your system).

Go to Add/Remove Programs in the Control Panel and remove Coupons and offers.

Empty all Temp and Temporary Internet folders for all users; do a search for *.tmp and delete everything found.

You should have all browser windows closed before scanning with HJT. Scan with HJT and have it fix the following entries, if found:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O3 - Toolbar: SuperBar - {784270A1-D96F-4119-817D-E38EBF00F82D} - C:\Program Files\SUPERBAR\SUPERBAR1.dll (file missing)
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm

See if you can find out if this is related to any software you are running:
C:\WINNT\bbbxmedu.exe

Please post a new log after everything has been completed.

Having too many things running could be slowing it down. Here are a few things that you may not need running all the time, or at least not on startup:
Roxio, Quick Time, Palm, Messenger

Check this site for information on settings:
http://www.blackviper.com/WinXP/servicecfg.htm

Whenever you scan with HJT, make sure all browser windows are closed first. Scan with HJT and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

That's all I see, maybe one of the pro's will spot something else.

Your HJT is still in a temporary folder, before fixing anything with HJT you need to put it in a permanent folder so it can save backups in case something goes wrong. Do as crunchie suggested earlier:
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

Also, go to Add/Remove Programs in the Control Panel and remove the programs crunchie recommended.

Thanks for the reply, but as far as I know, I have switched auto-update off everything, as I don't like stuff going on without my intervention !

Good idea! In that case, you may have some malware on your system that is doing it without your knowledge. Follow the suggestions in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

If the problem doesn't go away, post a HijackThis log (explained in that thread) in the Security forum for some help identifying the problem.

Description: A tool designed by Merijn to keep up with the prolific variations of the CoolWebSearch hijack. If you've been infected, it may seem near impossible to fix due to these complex variants without using CWShredder.

You can get it from here:
http://computercops.biz/
Go to their Downloads section, and then to Anti-spyware.

Just for information purposes, you may want to bookmark this site for future references (nothing about CWShredder in it though):
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Here are a few more, doesn't anyone else have any? Or is there just no interest in humor here? :p

I would diagree with that, b/c a debate shows what side the candidates are on. They get to show who is better. I think that the debates are a way to show who is better.

"...you should research their beliefs and how they have conducted themselves in the past."

This is how you really know what side they're on, not by watching/listening to debates.

Thanks Catweazle, another great tip!

Couldn't hurt to try another power supply if you can get a hold of one without buying it.

Are you getting it whilst reading hijackthis logs? I get a few warnings from my AV on some logs that I read.

No, most often it seems to come up when going from one forum to another or one thread to another.

It sounds to me like you have a number of programs set to auto-update whenever you connect. Auto-update would be good for your antivirus program if you don't think you can remember to do it manually, but most other things should either be set to update manually, or use Task Scheduler to have them update at different times.

I don't bother with editing the registry for that. The process is too easy to start with.

Begin installing the game as usual. When you are asked which directory to install to, simply click on the address to highlight it, use the cursor key to scroll to the beginning of the address, and change the drive letter. The game will be installed to a 'Program files' directory structure on the drive of your choice.

Simple ;)

If it were only that simple. Only about half the time do I get asked where I want it to go to, the rest of the time it gets installed automatically on the C drive. I have a feeling this is Larry's situation as well.

I thank caperjack for the link and will probably put it to use. :)

Thanks Catweazle, that's good to know! :)

Check this thread to see if the AC adapter recall affects you:
http://www.daniweb.com/techtalkforums/thread12590.html

Hi, since you hadn't posted in awhile I thought you got the problems fixed. I can only think of one other thing for you to try right now, hopefully someone will check your HJT and see if there's something there.

Get sysclean from here:
http://www.trendmicro.com/download/dcs.asp
For the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package. This file can be found in the Update Center on the left side, at the bottom of the list. Allow it to clean up any bad files it finds; it may take awhile.

After that, make sure all browser windows are closed, scan with HJT, and post a new log.

I don't think it's possible unless there is some third-party software that I'm not aware of. If XP had been installed with FAT32, then Win98 would be able to see it, but you can't change it now without reinstalling XP.

Check here to see if your Dell notebook is affected by the AC adapter recall:

http://pchw-os.web.boeing.com/hw/portable/issues/default.htm

Cartoons, jokes, whatever (just keep them tasteful!). I've attached a few to start it off.

Five times in the past hour while in DaniWeb I've gotten the Virus Alert from McAffee: Exploit-MhtRedir.gen
McAffee finds it in the Temporary Internet Files folder and is able to delete it and I also empty that folder right after I get the message so it's not really a problem, but I'd like to know why I keep getting it while here.

Along with that message I get a warning about my ActiveX settings not enabled to allow...
I know how I have my ActiveX settings and have them that way for a reason; just including that in case it has something to do with the Exploit.

OS is Win2K, 5.00.2195, SP4
IE 6, SP1 (ver 6.0.2800.1106)

I'm reluctantly supporting Kerry. He's not far enough to the left for me...

The Communist Party of The United States of America (CPUSA) is publicly
supporting the election of John Kerry, how much further left can you get?

Great! Glad we could help! :)

As long as you don't want to boot to XP, that should work.

However, if you can you still boot up with the XP computer, I think you'd be better off to put your Win2K drive in the XP computer as a slave in order to transfer your data.

Here is a thread with links to complete instructions for reinstalling XP:
http://www.daniweb.com/techtalkforums/thread6632.html
(If I remember correctly, I believe it even has tips on backing up)

thanks alot so for taskmgr.exe i see 2 of them in the sytem32 filefolder one seems fine but the othe has an icon with 3 square with letters fmc on it,it has no identity or info and it was created 10/06/2004. last question i should remove osen.exe in safe mode right.

You can try to delete osen.exe in Normal Mode, but if it won't let you, or comes back, then do it in Safe Mode.

I can't answer your question about taskmgr/fmc, anyone else have an answer?

Another thing that will help prevent further intrusions is to get all your Critical Updates from Windows Update.

Follow the advice in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

If you're still having a problem after that, post a hijackthis log (explained in that thread) in the Security forum.

Good luck!

For your 'script error' try this: With IE open, click on Tools, click on Internet Options, and then click on the Advanced tab. You should see a heading that says Browsing, and under that, one that says Disable script debugging. If there is not a checkmark at this, put one there.

For the RunTime Error, have you installed any new software recently? You can try a google search for the exact error message you're getting (along with the new software, if any) and see if anything comes up that will help.

You didn't need to uninstall SP2 because of this, you just need to disable the XP firewall as McAffe (as well as most others) is better anyway. The XP firewall is better then nothing for those that don't have anything else. You should give SP2 another try.

Is an elevator to space possible? Check out this website:
http://www.elevator2010.org/site/index.html

There are competitions to produce Climbers and Tethers.

Good enough. Will it effect the log? Anything in the the log that stands out?

HJT should be in it's own permanent folder so it can safely save backups in case something goes wrong.

There are a few things that look bad to me, but I'd rather one of the pro's help you (I don't want to give you a bum steer).

One more thing, next time you scan with HJT, make sure all browser windows are closed first.

A couple more points before you post another log; you shouldn't run HJT directly from your hard drive, you should put it in a folder of it's own (like c:\hjt\hijackthis.exe), and close all browser windows before scanning.

...I removed kazza. I also have abc bittorrent and removed it as well...

GREAT! :)

Here are a few things you can do to get started.

Open Task Manager and end the process for t?skmgr.exe, if it's running.

Do you have BargainBuddy installed on your system? If so, you should go to Add/Remove Programs in the Control Panel and remove it.

Close all windows, scan with HJT, and have it fix the following entries:
O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {37D8372D-C437-7895-8624-65550BF02A45} - C:\WINDOWS\System32\bukfm.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O4 - HKCU\..\Run: [Microsoft Update Machine] winupdt.exe
O4 - HKCU\..\Run: [Yvai] C:\WINDOWS\System32\t?skmgr.exe

Make sure you can see Hidden Files and Folders. Reboot into Safe Mode.
Go to C:\WINDOWS\System32 and delete t?skmgr.exe (if found).
Go to C:\WINDOWS and delete twaintec.dll (if found).

O4 - HKCU\..\Run: [Aths] C:\Documents and Settings\Alexander Chang\Application Data\osen.exe <-- See what you can find out about this one.

Reboot normally. To help prevent future problems, get SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html

Close all windows, scan with HJT, and post a new log along with anything you found out about osen.exe.

...it only took a few days for my whole system to be taken over again...

There are some steps you should take to help prevent this from reoccuring. First of all you should go to Windows Update and get all the Critical Updates for you system.

You should also get SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html

When you have DSL or Cable internet, you need, at a minimum, a software firewall. A hardware firewall would be even better, and both would be best.

Concerning your HJT, you should have all browser windows closed before scanning with it.

You should post an updated log to be sure you're system is clean.

...i think a virus may be the cause...

There could be other causes, but if you suspect malware, you should follow the tips in this thread first:
http://www.daniweb.com/techtalkforums/thread5690.html

I installed it on one computer after a fresh install and had no problems. I think most problems that occur are due to conflicts with some software that was installed prior to the SP2 Ugrade, or due to malware on the system. Anyone thinking about upgrading should read through this thread first:
http://www.daniweb.com/techtalkforums/thread10031.html

Hijackthis shouldn't be run from your desktop or a temporary folder. Before you fix anything with HJT, you should put it in it's own permanent folder (like c:\hjt\hijackthis.exe).

As long as you have Kazaa it will continue to create problems. The first thing you should do is go to Add/Remove Programs in the Control Panel and remove it. Then run Kazaabegone from here to clear out the remnants:
http://www.spychecker.com/program/kazaagone.html

You still haven't mentioned what antivirus program you're running.

I'm sure there's more stuff to fix, but the rest will have to wait for one of the pro's.

What antivirus program are you running?
Open task manager and end the process for winln.exe (if it's running).
Close all windows, scan with HJT and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearcher.com/?a=2&b=encry
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearcher.com/?a=2&b=encry
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\_h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\_h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-v.net/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearcher.com/?a=2&b=encry
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearcher.com/?a=2&b=encry
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll (file missing)
O2 …

Hey MiDude, are you trying to install this on the same computer you're working on in the Security forum? If it is, you shouldn't. You shouldn't install any new programs until you get all the bad stuff cleared out. After you get everything cleaned up, go to Windows Update and get all the Critical Updates for your system. Then Defrag. Then try installing Adobe from your CD. If it still doesn't work, update this thread with another post :)

Did you happen to find out why/how Norton was keeping you from opening links in Hotmail?

Hey to all the newbies here! Unless you have a suggestion to help the original poster, you shouldn't post in this thread; you should start your own new thread for the best response!

Richard -- Control Panel > Add/Remove Programs > Microsoft Internet Explorer > Remove

Speaking -- Control Panel > Add/Remove Programs > Microsoft Internet Explorer > Repair (for IE). Check this thread to reinstall Windows: http://www.daniweb.com/techtalkforums/thread6632.html

Mack -- You should follow the tips in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html
If you still have a problem, post a hijackthis log (explained in that thread) in the Security forum.

Firefox is a good browser but there are some sites you can not access with it, in particular Windows Update, so if you use it, you should keep IE as a backup.

Not much to go on there. Try the steps outlined in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

If you still seem to have problems, post a hijackthis log (explained in that thread) in the Security forum.

Good luck!

I've never owned a Compaq, but I've heard the same thing. I think IBM might be a little better then Dell, but will probably cost more. Also, Dell's tech support is handled by people in India now (if that matters to you; it does to me because I like to be able to understand a tech when trying to resolve a problem). Not sure about IBM's support.

Empty the contents of this Temp folder: C:\documents and settings\john\local settings\temp

Note: You will need to have Hidden Files and Folders showing in order to see the local settings folder.

Go to the Control Panel and in the Add/Remove Programs, uninstall MyWebSearch. You can then delete the folder in c:\Program Files if you like. Next time you scan with HJT, have it fix any entries that have mywebsearch in them (if any).

AppInit_DLLs should be on the side panel, when you double-click it you should get some other information in the Value Field (like ixalhua.dll or some gibberish like that). Try it again.

It's okay to post a getservice log here, but crunchie should be along soon to review your link.

Does this help?
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q323885
Or maybe this?
http://support.adobe.com/devsup/devsup.nsf/docs/51401.htm
It could have something to do with your ActiveX settings, check this thread for more info:
http://www.daniweb.com/techtalkforums/thread11734-activex.html