Posts by dlh6213

As long as you have Kazaa and other P2P programs, you will continue to have problems. The first thing you should do is go to Add/Remove Programs in the Control Panel and remove them. Then run Kazaabegone from here to clear out the remnants of kazaa:
http://www.spychecker.com/program/kazaagone.html

Also, whenever you scan with HJT, make sure all browser windows are closed first.

I'll try to help with what little I can. First of all, go to Add/Remove Programs in the Control Panel -- see if ebates or websavings is there and remove it if it is.

Next, clear out all Temp and Temporary Internet folders; do a search for *.tmp and delete everything found.

Close all windows, scan with hijackthis, and have it fix the following entries, if found:
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

Reboot into Safe Mode and go to C:\Program Files, look for WebSavingsfromEbates and delete it if found.

Reboot normally, close all windows, scan with HJT, and post a new log. Maybe one of the experts will spot something else.

You should find the instructions you need in this thread:
http://www.daniweb.com/techtalkforums/thread6632.html

Try posting your problems in the Windows XP forum or Windows Software forum, maybe someone will be able to help.

There are a lot of things running there, check this site for tips on settings:
http://www.blackviper.com/WinXP/servicecfg.htm

Empty all Temp and Temporary Internet folders for all users; search for *.tmp and delete everything that is found.

For the tools Billy suggested, go to this thread:
http://www.daniweb.com/techtalkforums/thread5690.html
Follow all the other suggestions there as well.

Before scanning with HJT, be sure all browser windows are closed. After doing the previous steps, scan with HJT and have it fix the following entries, if found:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Does this help?
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q323885
Or maybe this?
http://support.adobe.com/devsup/devsup.nsf/docs/51401.htm
It could have something to do with your ActiveX settings, check this thread for more info:
http://www.daniweb.com/techtalkforums/thread11734-activex.html

Did this problem start when you upgraded to SP2? If so, there is an update that may help:
http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=17D997D2-5034-4BBB-B74D-AD8430A1F7C8&displaylang=en

What BIOS do u have? You can try doing a search for 'beep codes' for your particular BIOS and see what that code means.

You might find it here:
http://www.pchell.com/hardware/beepcodes.shtml

Did you install the motherboard drivers? They would either be on the CD that came with the motherboard or the computer (this may be a Restore CD).

Great! Happy to hear it! :)

(Can one of the moderators mark this one as solved?)

That's great! Good job! It's looking better already :). Close all windows, scan with HJT and have it fix the following entries:
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - file://C:\WINDOWS\SexDownloader.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab
O21 - SSODL: systemie - {FD4738A0-FF1C-11D8-A442-444553540000} - systemie.dll (file missing)

Do you use the Aramco portal?

Reboot into Safe Mode and go to the C:\WINDOWS\SYSTEM folder and delete the following:
RNAAPP.EXE
TAPISRV.EXE
PSTORES.EXE
DDHELP.EXE

Reboot normally, close all windows, scan with HJT, and post a new log.

Also, you are running HJT from your desktop, it should be put in it's own folder (like c:\hjt\hijackthis.exe). You can then put a shortcut to it in your CLEANING STUFF folder for easy access. :)

One more thing, before scanning with HJT, close all open browser windows.

You can get the latest version of HJT from here:
http://www.softpedia.com/progDownload/x-Download-5034.html

If you can boot your computer normally, there is another way to boot into Safe Mode with Windows XP:
Boot the computer normally.
Close all open programs.
Click Start, and then click Run; the Run dialog box will appear.
Type msconfig in the box and then click OK.
The System Configuration Utility should appear.
Click on the BOOT.INI tab.
Check the "/SAFEBOOT" option, and click OK.
You will then see the prompt to restart the computer, click Restart.
The computer will then restart in Safe Mode.
When another box opens asking if you want to run in Safe Mode; click Yes.

One thing to try for the System32 opening is to click on Start, point to Programs, point to Startup and see if System 32 is there, if it is, delete it.

Before you fix anything with hjt, you should put it in its own folder -- like c:\hjt\hijackthis.exe -- so it can save backups in case anything goes wrong (and so you can find the backups easily).

Someone else will have to help you with the majority of your log, but to clean it up a bit (after you put it in its own folder), close all windows, scan with hjt, and have it fix all items that say (file missing) as well as these:
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...0dd3f5553147fe9
O16 - DPF: {C64C9CBD-8F82-4E77-0EF3-A2BFF63F6C1C} (DownloadUL Class) - http://public.searchbarcash.com/cab/003/piiapzvp.cab
Reboot and post a new log as I'm sure there is more.

(Just noticed crunchie's here, follow his advice :) )

Did you boot into Safe Mode to delete this folder and file?
C:\PROGRAM FILES\WEB_REBATES-folder
C:\WINDOWS\SYSTEM\LJPBMZEJ.EXE-file
They're still showing in your log.

You should use the link in crunchie's signature to download spywareblater, it will help prevent reinfections (don't forget to update it).

Since none of the pros are here right now, I'll get you started, but there will be more to fix later.

Close all windows and scan with hijackthis. Have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

Reboot, scan again and post a new log.

I'm a bit confused -- are you using Netscape or Internet Explorer?

To get access to the ActiveX controls in Internet Explorer, Open IE, click on Tools, click on Internet Options, click on the Security tab, click on the Custom Level Button near the bottom. Scroll down a bit to ActiveX controls and plug-ins; here you will have several options. If you Enable all the options, you are leaving your system open to infections.

Here is how I have my settings:
Download signed ActiveX controls -- Prompt
Download unsigned ActiveX controls -- Disable
Initialize and script ActiveX controls not marked as safe -- Disable
Run ActiveX controls and plug-ins -- Enable
Script ActiveX controls marked safe for scripting -- Enable

The more of these you have Disabled, the safer you system is, but there will be sites that you can't access. Prompting is the next best thing, but constantly clicking OK can be tedious and usually you don't know whether it should be allowed or not. The described combination works best for me, but not be best for you -- it is just shown as a reference.

Hope this helps.

Well, it's looking better but that's about all I can help with, it's up to one of the pro's now. :)

One of the experts will need to help you with a lot of the stuff you have there, but I can help you get started so they will have less to deal with.

First, hijackthis should not be run from your desktop, it should be in it's own permanent folder (like c:\hjt\hijackthis.exe).

After you get hjt in a permanent folder, close all windows, scan, and have it fix the following entries (if they are still there):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=2c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=2c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=2c00&LC=0409 (file …

Good luck Amber.

Amber, here is a "Dear Abby" article I think you should read:

http://www.uexpress.com/dearabby/?uc_full_date=20040914

(Make sure the date showing is September 14, 2004) Hope it helps.

For those interested in gmail, there is a Sticky thread dedicated to it in the Geek's Forum.

Thanks for sharing!

According to that link, the problem isn't supposed to exist with WinXP, have you tried the fix yet to see if it actually works for you?

This problem isn't exactly the same as yours, but similar enough to have a look at it:

http://www.daniweb.com/techtalkforums/thread10773.html

Maybe there will be something there that will help. Read Catweazle's article as well (the link is in his post at that thread).

Happy it helped you echoman, hope it works for whiskeyjar as well.

I have the same problem. Can I get a copy of the driver, PLEEEEASE

It is almost certain that Roaddog has a different video card then you, so whatever driver he used wouldn't work for you anyway. If you have your Windows CD, try getting the drivers from there like Roaddog did. If you can't do that, try Windows Update. If that doesn't work either, you need to open your computer (remember to protect your system against static damage) and get the name and model number from the video card and go to the manufacturers site for drivers. If the video is built-in (no video card), then you need to get the drivers for the motherboard.

Any more questions, please post in a new thread as this one has been marked as solved. Good luck!

This link I gave you, http://www.michna.com/kb/WxSP2.htm#..._Service_Pack_2
has a downloadable link to the "fixdb.bat" file; I don't know why it didn't copy over as a link, I just now noticed that it didn't.

Well, since no one else has responded to this, I may as well put in my two cents. Is there an error code with this message? That may be helpful. Are you sure these two systems meet the minimum requirements for SP2? Check this thread to see:
http://www.daniweb.com/techtalkforums/thread10031.html

There must be something different about these two systems from the others.

I found the following info at:
http://www.michna.com/kb/WxSP2.htm#Cannot_install_Service_Pack_2

I know you've tried some of this already, but maybe there's something here that can help.

Error 0x800710D9 Unable to read from or write to the database
The quickest and most thorough way to solve this problem is a batch file, written by fellow MVP Torgeir Bakken from Norway. Reboot the computer and, before running any other program, run the batch file. It will tell you when it is finished. Here it is: fixdb.bat

For other possible solutions check http://www.updatexp.com/cryptographic-service.html and the following Microsoft Knowledge Base article for details.

You cannot install some updates or programs
http://support.microsoft.com/?kbid=822798

The most successful workaround for the cryptographic service error has been the method 3 mentioned in that article:

Rename the Catroot2 folder, and then try to install the program again. To rename the Catroot2 folder, follow these steps:

Click Start, and then click Run.
In the Open box, type cmd, and then click OK.
At the command prompt, type the following commands, pressing ENTER after each …

Try this link:
http://www.geekgirls.com/windowsxp_fileviews.htm

I think you'll find your answer in the "Details View" section.

i did post the value.. that was what the value was... what am i suppose to do with it?

Oops, sorry, my mistake. I thought you were just saying you looked for it there, not that that was the actual value. I actually thought Crunchie would get back to you on this, but since he hasn't I've copied the instructions he gave me and put them below. The only thing I changed is your dll file name. This fix worked for me, so hopefully it will for you as well:

-Run reglite : type--
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\\AppInit_DLLs into the address bar, or expand the same key.

-Rename the Folder Windows
to NotWindows (highlighted as a purple folder in the left hand pane of reglite).

-Click "AppInit_DLLs" again and clear the data value:
C:\WINDOWS\System32\hlpmidb.dll <- delete this line , click 'Apply' and 'ok' to set.

-Then, rename the NotWindows folder back to its original name, Windows

-Restart computer

Now check the system32 folder, the culprit dll (hlpmidb.dll) should now be visible.

If it is, delete it. If all goes well, your problem should be gone!

sounds like it could be overheating.
Try taking the side off the pc to play. You might want to place a large fan to blow nice cool air into the case too.

If that works then you need to see about improving your case cooling.

As Dave said, it could be overheating; if you haven't done so recently, remove the cover and vacuum and/or blow (with canned air) the fans, CPU & heat sink, and power supply. Be sure to ground yourself (either with a strap or by touching the case) to prevent damage via static electricity.

C:\WINDOWS\System32\hlpmidb.dll and i looked for it under that.. and i searched the entire computer for that file.. but it didnt find it

Did you follow Crunchies instructions?

You need to download and install Registrar Lite. Then run it, and copy and paste this line into reglite's address bar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Hit the "go" tab. Find: "Appinit_Dlls" value on the right side panel, Double Click (you have to double-click to get the info), then copy and post the information in the 'Value' field.

This fix worked for me, hopefully it will for you too. Apparently this dll is not visible until you run reglite -- this will make it visible so it can then be deleted. Crunchie will give you the rest of the instructions after you post the info in the Value field of reglite. Good luck!