Posts by dlh6213

First, follow the steps outlined in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

I'm pretty sure you will need to post a hijackthis log (explained in the thread). If you do, please post it in a new thread in the Security forum.

Also, empty the contents of all "temp" and 'temporary internet" folders for all users. You should also do a search for *.tmp and delete everything that is found.

Try the tips in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

Hijackthis shouldn't be run from your desktop, it should be in it's own folder (like c:\hjt\hijackthis.exe).

Empty all "temp" and all "temp internet" folders for all users. Then post a new log; I believe there are a couple of things the experts need to address.

Have you tried running Norton's Live Update to see if that would fix your WMI problem?

I don't see anything obvious (to me) in your log, maybe one of the pro's can spot something.

Almost everything in that log is important! But there are a few things that aren't. Before you fix anything with HJT, however, it should not be run from your desktop, it should be in it's own folder (like c:\hjt\hijackthis.exe).

Once you have it in it's own folder, close all windows, scan with HJT, and have it fix the following entries:
O4 - HKLM\..\Run: [h9ldW0U.exe] C:\documents and settings\ashley taggart\local settings\temp\h9ldW0U.exe
O4 - HKLM\..\Run: [7a.exe] C:\documents and settings\ashley taggart\local settings\temp\7a.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Corel Network monitor worker - {A4831B2C-1CCF-45DF-9150-6CFD097AAB6C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A4831B2C-1CCF-45DF-9150-6CFD097AAB6C} - (no file) (HKCU)

Reboot into Safe Mode, go to C:\documents and settings, (make sure "show hidden files and folders" is enabled), go to each users account, local settings, and delete the contents of each "temp" folder and each "temporary internet" folder (contents only, not the folders!).

Reboot normally, close all windows, scan with HJT, and post a new log. I'm pretty sure there are more items that need to be fixed, but one of the pro's will need to help with the rest.

To help keep bad stuff off your system, install spywareblaster:
http://www.javacoolsoftware.com/
(and keep it updated!)

Bridge.dll is spyware and you don't want it on your computer. You probably ran a program that got rid of most of it, but left traces.

HJT shoudn't be run from the desktop, it should be in it's own folder (like c:\hjt\hijackthis.exe).

I'm not an expert on HJT's, but I can help you a bit. After you have HJT in it's own folder, close all windows, scan with hjt, and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtraffic.com/search...=protect1&term=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\system32\bridge.dll",Load
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL (file missing)

Reboot into Safe Mode, go to C:\WINDOWS, in the system32 folder, delete bridge.dll (if it's there).

Reboot normally, close all windows, scan with HJT, and post a new log. I'm pretty sure there's more, but one of the pro's will have to help you with the rest.

I don't see anything bad in your log, but I'm not really an expert on HJT's. Not sure why no one else has responded to this.

You should have a look at this thread though; there could be something that will help:
http://www.daniweb.com/techtalkforums/thread7507.html

I don't see anything in your log, but I'm not an expert on HJT's. Maybe someone else can find something there.

However, I see you have Updated to SP2, were you having this problem before that? If it's related to SP2, this update may help:
http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=17D997D2-5034-4BBB-B74D-AD8430A1F7C8&displaylang=en

Are you using a router or other device that may have a firewall built-in?

Here's another way to get into Safe Mode:
Close all open programs.
Click Start, and then click Run; the Run dialog box will appear.
Type msconfig and then click OK.
The System Configuration Utility will appear.
Click on the BOOT.INI tab.
Check the "/SAFEBOOT" option, and then click OK.
You then see the prompt to restart the computer, click Restart.
The computer will then restart in Safe Mode.
Another box will open asking if you want to run in Safe Mode; click Yes.

...Looks like i wont be usin kaza anymore...

Good thinking!
Don't forget to install SpywareBlaster too (link in crunchie's signature).
You asked earlier about other recommended browsers; in other threads here that question has been asked (you can do a search and read them yourself), and the majority opinion seems to be Firefox.

I can help get your log cleaned up a little, but you'll need to wait for one of the pro's to help with your main problem. The bridge.dll shows in your log (as well as some other things), but I don't know how to get rid of it.

Close all windows, scan with hjt, and have it fix these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.smarter.com/index.php?sidebar=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497 - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3cac49effa47610

Reboot, close all windows, scan with hjt, and post a new log.

You should be able to use the microphone in your webcam with MSN Messenger without getting any other programs. Did you install the software that came with your camera/mic? There should be a cord with it as well that needs to be plugged into the mic socket on your computer (make sure its all the way in!). If those things are done, you may just need to look in whatever tools MSN has available to make sure the mic is enabled.

Hi american and welcome to DaniWeb! As the post right before yours suggested, you should have posted this in a new thread.

It appears you have some sort of spyware/adware problem. You should check this thread and follow the advice to clean up your system:
http://www.daniweb.com/techtalkforums/thread5690.html
If you need to post a hijackthis log, please do so in the Security forum.

It also seems you're having some problems due to SP2, check this link for more help with that (in particular, look for the post referring to an SP2 Update):
http://www.daniweb.com/techtalkforums/thread10031.html

(oops! Sorry DMR, didn't see you there!)

As antioed said, this sounds like a spyware/adware problem; follow the advice in this thread to get you started on cleaning it up:
http://www.daniweb.com/techtalkforums/thread5690.html
If you need to post an HJT log, please post it in a new thread in the Security forum.

To help a bit temporarily, try this:
Go to the Control Panel and open Administrative Tools; double-click on Services, see Internet Explorer is in the list; if it is, right-click on it and select Properties. Change Startup Type to Manual. Reboot and see if it helps.

...I feel like a fool having been swindeled by spyassasin like this...

I know the feeling, I got duped into buying xoftspy before I found out about SpywareWarrior; it's a good site to have in your favorites list so you can check if you ever wonder if something is legit.

Here's another bit of info on spyassasin:
http://www.spywarewarrior.com/family_resemblances.htm#10

Hi all,I am a complete novice but here goes.When I try to click on a link such as to make a credit card payment,I get page not displayed.Also when trying to download IE update from microsoft I get "your current security settings prohibit running activex controls on this page as a result the page may not display correctly" I have even reduced my security settings to the minimum and can still do nothing.Is it possible to delete and re-install IE?Any help appreciated.
Thanks

I hope this will help (expanding on caperjack's advice):
To get access to the ActiveX controls in Internet Explorer, Open IE, click on Tools, click on Internet Options, click on the Security tab, click on the Custom Level button (near the bottom). Scroll down a bit to ActiveX controls and plug-ins; here you will have several options. Keep in mind that if you Enable all the options, you are leaving your system open to unwanted intrusions.

Here is how I have my settings:
Download signed ActiveX controls -- Prompt
Download unsigned ActiveX controls -- Disable
Initialize and script ActiveX controls not marked as safe -- Disable
Run ActiveX controls and plug-ins -- Enable
Script ActiveX controls marked safe for scripting -- Enable

The more of these you have Disabled, the safer you system is, but there will be sites that you can't access. Prompting is the next best thing, but constantly clicking OK can be tedious and usually …

Thanks for the information. I also have Symantec's CD with utilities (it's the same thing isnt it?). [/b]

No, it's not the same thing, Symantec doesn't do what this Restoration utility does. Keep in mind that the more you use your computer, the more corrupted the lost data will become, hence less 'good' data that will be recoverable. Restoration will fit on a floppy disk and can be run from there as well.

My pleasure :)

Article written by TallCool1 with lots of good info:
http://www.ameritech.net/users/mpr_support/XP-SP2.html

After you change the settings to Automatic, you may need to reboot for them to take effect.

It's netsend. More info (and examples) here :
http://www.lantalk.net/netsend.php

Upgraded to SP2 and now Defragment doesn't work? Try this:
Go to the Control Panel and open Administrative Tools; double-click on Services, scroll down to Windows Installer, right-click on it and select Properties. Change Startup Type to Automatic. Reboot and try Defrag again.

For links to more advice and tips, check this thread:
http://www.daniweb.com/techtalkforums/thread11701.html

(Thanks to Catweazle)

Problems connecting after upgrading to SP2? Try this SP2 Update from Microsoft:
http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=17D997D2-5034-4BBB-B74D-AD8430A1F7C8&displaylang=en

(Thanks to antioed for finding this)

A link to some more useful information:
http://www.michna.com/kb/WxSP2.htm#Cannot_install_Service_Pack_2

I should have included this when I originally posted, but this link is useful if you're getting an error message that says "unable to read from or write to the database".

Great! Happy to hear it! :)

(Can one of the moderators mark this one as solved?)

hey that is a pretty good site for the limited resources that geocities provide. How old is your son it seems like he likes halo alot so couldn't be that young.

Thanks. He's 12. The site should look better next Monday, he accidentally deleted a bunch of stuff a couple weeks back and is in the process of restoring it.

Did you apply thermal compound between the CPU and heatsink?

That's great! Good job! It's looking better already :). Close all windows, scan with HJT and have it fix the following entries:
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - file://C:\WINDOWS\SexDownloader.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab
O21 - SSODL: systemie - {FD4738A0-FF1C-11D8-A442-444553540000} - systemie.dll (file missing)

Do you use the Aramco portal?

Reboot into Safe Mode and go to the C:\WINDOWS\SYSTEM folder and delete the following:
RNAAPP.EXE
TAPISRV.EXE
PSTORES.EXE
DDHELP.EXE

Reboot normally, close all windows, scan with HJT, and post a new log.

For the about:blank problem, check here:
http://www.daniweb.com/techtalkforums/thread5690.html
http://www.daniweb.com/techtalkforums/thread7507.html

For browser info, try these:
http://www.daniweb.com/techtalkforums/thread11398-browser.html
http://www.daniweb.com/techtalkforums/thread9492.html

So, what should I do about it?

:?:

Try to be patient, an HJT pro should be here soon to look over your log. By the way, you shouldn't run HJT from your desktop, it should be in a permanent folder (like c:\hjt\hijackthis.exe).

-Run reglite : type--
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
into the address bar, or expand the same key.

-Rename the Folder Windows
to NotWindows highlighted as a purple folder
in the left hand pane of reglite.

-Click "AppInit_DLLs" again and clear the data value:
C:\WINDOWS\System32\mshepg.dll (random named dll) <- delete this line ,
'Apply' and 'ok' to set.

-Rename the NotWindows folder back to its
original name Windows

-Restart computer

Check in the system32 folder if the culprit dll is visible & delete it.

You may need hijackthis, but there are things you can do before that. Have a look at these threads:
http://www.daniweb.com/techtalkforums/thread5690.html
http://www.daniweb.com/techtalkforums/thread7507.html

You should find links to most of the tools you will need in the first thread (including hijackthis). If you do need to post a hijackthis log, be sure to post it in a new thread in the Security forum.

Here are some HJT tutorials:
http://hjt.wizardsofwebsites.com/
http://www.help2go.com/article153.html
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
http://www.spywareinfo.com/~merijn/htlogtutorial.html

If you haven't already done, have a look at this thread, there's quite a bit of info here:
http://www.daniweb.com/techtalkforums/thread10031.html

Why can't you go online? Do you get some kind of error message? What happens when you try to connect? Are you using dial-up, DSL, cable, or something else? Were you able to connect before and now can't? Please provide as much info as possible so someone can help.

Hey, check out my son's website (constantly under construction, lol):
www.geocities.com/all4halo2

Tiger Direct often has good prices and always has a good selection:
http://www.tigerdirect.com/

Tiger Direct often has good deals on cases and barebone kits:
http://www.tigerdirect.com/

If you have kazaa installed please uninstall it as it will continue to create problems. Then run Kazaabegone from here to clear out the remnants:
http://www.spychecker.com/program/kazaagone.html

You need to go to Windows Update and get all the critical updates, that may help prevent some of the stuff you are getting (you don't even have SP1 yet).

Also, you are running HJT from your desktop, it should be put in it's own folder (like c:\hjt\hijackthis.exe). You can then put a shortcut to it on your desktop for easy access if you like.

One more thing, before scanning with HJT, close all open browser windows.

You can get the latest version of HJT from here:
http://www.softpedia.com/progDownlo...nload-5034.html

Another thing that will help prevent intrusions is SpywareBlaster, you can get it from here:
http://www.javacoolsoftware.com/
Update it right after you get it, then have it enable all protection.

Also, you are running HJT from your desktop, it should be put in it's own folder (like c:\hjt\hijackthis.exe). You can then put a shortcut to it in your CLEANING STUFF folder for easy access. :)

One more thing, before scanning with HJT, close all open browser windows.

You can get the latest version of HJT from here:
http://www.softpedia.com/progDownload/x-Download-5034.html

Help protect your system, download, install, and update SpywareBlaster from here:
http://www.javacoolsoftware.com/spywareblaster.html
Have it enable all protection.
Get an antivirus program installed ASAP.
Make sure your firewall is enabled (instructions here):
http://www.javacoolsoftware.com/spywareblaster.html

Try this to see if it will find the trojan:
First go to:
http://www.resplendence.com/reglite
Download and install Registrar Lite, and then run the program. Copy and paste this line to reglite's address bar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

and hit the "GO" tab. On the right side panel find the "Appinit_Dlls" value; double-click it (if you don't double-click, it won't work), and then copy and post the information that comes up in the "Value" field here in this thread for instructions on what to do next.

I wonder if this is even legal, sounds like a pyramid scheme. I'd worry about any 'company' that puts a paragraph like this in it's 'Terms and Conditions':

"MEMBER AGREEMENT

All members have read and agreed with the terms and conditions stated above. All members agree not to bring or participate in any legal action against us or our agents, directors, offices and employees."

Today I had a power failure (I usually have one every week, and it just shuts my computer down and it comes back up fine after power returns.) This time though, i was in the process of closing a program and I'm fairly sure the disk was writing data at the time the power was cut.

To keep this from happening again, you should get a UPS (Uninterruptible Power Supply).

...I can't for the life of me understand why people choose to continue using Norton products!...

Catweazle, this is not intended to be rude or offensive; I'd just like to explain why some people still use Norton products.

First of all, I believe it is name recogintion -- Norton is better advertised and many new systems come with a free trial preinstalled. If people new of alternatives, I'm sure they would try them.

Next, is what Norton SystemWorks can do. I've been using it since '96 (upgrading every other year) and have had little trouble with it. I just finished scanning with One Button Checkup and it found 7 registry errors and 15 shortcut errors. When I ran it the other day on another users profile, it found over 100 shortcut errors. Now, I suppose if I spent enough time, I'd be able to find many of these errors, but probably not all of them. And the time spent doing that could be better spent doing other things. Norton fixes them all in less than a minute.

Almost daily, I run Disk Cleanup (in Windows), clean all temporary folders for all users, search for *.tmp and delete whatever is found. Yet when I use Norton's CleanSweep, it still finds MB's of data that can be cleaned. I don't know where it's finding it, so without Norton it would continue to build up.

Using Norton's Internet Cleanup usually turns up a couple of plug-ins and ActiveX controls …

I don't think you can have a custom profile unless you are a moderator, administrator, or donor. Click here for donation options:
http://www.daniweb.com/techtalkforums/subscriptions.php

It is really getting near impossible for us to keep out systems safe and secure any more.

With DSL, you should also have a hardware firewall and a software firewall.

Hey Emmett, welcome to DaniWeb! Before you post another HJT log, you should update it using either the Update feature within it, or from here:
http://www.softpedia.com/progDownload/x-Download-5034.htm
l

I found out my Intel processor won't work with Win. 98 and that is part of the problem. Now I have all the drivers so hopefully I will have everything resolved as soon as I finish installing XP. Thanks for all of the help!

An Intel CPU that won't work with Windows? How did you find that out?

Here's the absolute surest way possible to ensure your data isn't lost:

- Pull the hard drive out of your system
- Buy another hard drive and put it IN your system
- Load Windows onto the new drive and get it running
- Change the jumper on your old drive to 'Slave' and pop it in as a second drive
- Copy your valuable data files across to the new drive
- If the system fails to read your files off the old hard drive, take the drive to a very expensive data recovery service.
- Find the nearest brick wall and bang your head against it (until blood flows) for being silly enough to have vital data on your hard drive without a backup copy of it. Blank CDs cost less than a single cigarette, and CD burners cost about as much as a case of beer!

You may not need to use a data recovery service, I used this free utility to restore literally thousands of files:
http://www.snapfiles.com/get/restoration.html