DMR

Those servers do exist- are you sure you're entering the names correctly? In your post you did mis-spell "sm[i]tp[/i]"; make sure you haven't done that in your server setup as well.

[QUOTE=manicolo]Any idea of how i am going to get this wupdater.exe file working properly ? Thank You[/QUOTE] You won't, you'll remove it- it's spyware. Either you got it with the screensaver, or the spyware that was bundled with screensaver caused a conflict with spyware currently on your system that had …

Hi motopsycho, welcome to TechTalk! :) Could you post your log and the description of your problem in a new thread in our Security forum please? Due to recent (and extreme) rise in spyware/malware posts, we're currently trying to concentrate HJT log analysis in that forum. Thanks, -DMR

Some info on the trojan: [url]http://www.google.com/search?hl=en&ie=UTF-8&q=Dyfica+Trojan&btnG=Google+Search[/url] Note the references to disabling System Restore and running your utilities in Safe Mode. If system restore is enabled, and the virus was present at the time your last restore point was taken, the virus can be reintroduced to your system that way.

- Does this happen when running in safe mode? - When did it start happening? - Had you added/changed/removed anything in the system just prior to the problem's appearance? - Are there any errors or messages in your event logs which might pont to the problem? - Does this happen …

A) You're running HJT from within a temp/temporary folder; you need to create a separate folder on your hard drive for HJT and run it from there. B) Have you run through the standard SpyBot/Ad Aware/CWShredder/etc. drill yet. If not, do so and then post a fresh HJT log. (Links …

First of all, let's figure out if the problem might not be being caused by something malicious that didn't get removed. Could you run HijackThis again and post a copy of the log file here please? If you're system [i]is[/i] clean, we can start looking at the possibility that you …

[QUOTE=FreeFolios]My laptop is second hand so I have no manual.[/QUOTE] Um, yes- but neither do we... :mrgreen: Care to at least tell us the make/model of laptop? You don't see a ' symbol anywhere on the keyboard?? That's weird.

The first thing to do would be to check your settings in Explorer's view options. Got to Tools menu and navigate to Folder Options->View->Advanced Settings. If the "restore previous folder window at logon" option is checked, uncheck it.

One important thing: make absolutely sure that your hardware is compatible with whatever distro (and specifically, version of the distro) you decide to go with. Most distros have a Hardware Compatibility List (HCL) on their support site; check that out before purchasing/installing. It's also a very good idea to have …

[QUOTE=jtf27]I would like to edit the boot choices...[/QUOTE] If by that you mean that you now have a menu giving you 2 choices of Windows to boot into, but you need to delete the bogus one, the file you want to edit is "boot.ini" (located in C:\).

Legit questions, yes- but definitely OT for the Security forum. ;) Moving to the... um... where the devil [i]does[/i] this fit?! Oh well- looks like mostly Win 95/98 stuff, so off we go...

Dump Internet Explorer if possible. Other browsers such as Netscape, Firefox, and Opera are totally immune to the "about:blank" hijack and most of the other nasties that can infect IE.

That isn't a complete log- there should be a list of running programs/process at the beginning. Save the log file as a text file and then open the log file in notepad. From there you see and be able to cut-n-paste the entire log.

There seems to be a relationship between the write error and ATI video card caching/performance settings. This is one quote I found concerning the problem: "Are you using an ATI Radeon video card? If the Performance options under system properties advanced tab are set to large system cache or priority …

And there was much rejoicing... :) Marking as solved.

Just out of curiousity- what are the names of the files in question?

- HKMJW.EXE is the executable for the game "Hong Kong Mahjong". Is that the games you're talking about. - easyclea.exe is the executable for ToniArts' EasyCleaner utility. - fyjh.exe looks very suspicious to me. The filename looks like one of those random names that trojans or spyware would use. Any …

Could you give us more specific information please? - Which drive? What type (IDE, SCSI, etc.)? - What do you mean (exactly) by "lose"? - Which operating system?

NEVER open emails from an unknown source! The emails could be benign mass-mailings, mistakes, or viruses. It isn't worth finding out which if you know they're not intended for you. If your mail program allows spam/bulk mail filtering, use that function. If not, delete the files immediately upon receipt. Considering …

[QUOTE=vchopra]Thanks friends. My problem is solved!!!!!!! :lol:[/QUOTE] Happily marked as so...

Just another vote of agreement. Even if the repair shop didn't purpously skneetch a stick of your RAM (and yes- that definitely does happen), they may have forgotten to reinstall it or they reinstalled it incorrectly. Open the case to physically verify what you've got in there.

Hi- Welcome to TechTalk! :) 1. Did the anti-spyware programs find/fix anything? 2. Have you tried to repair IE? Instructions on how to do so are here: [url]http://support.microsoft.com/default.aspx?scid=kb;EN-US;194177[/url]

[QUOTE=head_hunter]but it ALWAYS comes back sooned or later...[/QUOTE]Betcha it'll go away for good if you dump IE and use another browser instead. :cheesy: Seriously- many of these exploits are either targeted directly at IE, or use IE as a conduit to other areas of your system.

[QUOTE=pokok]Can I delete Rundll32.exe?[/QUOTE] NOOOOO!!! Rundll32.exe is a critical Windows system file responible for loading other Windows components. Spyware programs use/abuse this function by telling rundll32 to load their components as well; it is their programs which cause the errors, not rundll32 itself.

It sounds like you might infected with "spyware". Read through the information in the following link, especially the recommendations concerning many of the free utilities which you can use to detect and remove these malicious programs. If the utilities find problems and you need further help, please start another thread …

The HDD LED connection is nothing more that the connection which goes from your motherboard to the hard drive activity indicator light (LED; Light Emitting Diode) on the front of your chassis. Having it disconnected has nothing to do with your problem; although reconnecting it to the wrong points on …

You definitely have "unwanted guests". :( I'm moving this to our Security forum; that's the forum in which we concentrate on HJT log analysis and other "spyware"-related issues. One of resident HJT experts should pick up on this shortly.

Hard drives can be fixed (well, depending on the severity of their "death"), but unless you [i]really[/i] need the data on the drive, it probably isn't worth the hassle. Most people don't have the electronics skills or the specialized parts and tools needed to perform the repairs.

One of my clients' drives recently went south in that sort of way. No Windows-based solutions would let me access the drive in any way, even in two of my Windows machines. The only way I was able to salvage her data and save the drive was by putting it …

- At exactly what point in the boot process does it fail? - Can you start up in safe mode? - What are the specs of computer in question? - Was this a fresh, clean install of 2K? In other words, did you wipe ME and reformat the drive?

Please have a read through the previous threads here- the bridge.dll question has been answered many times here in the recent past. You've got more going on than that, though. Some of these are just suspicious or unnecessary, but some just outright have to go: C:\Documents and Settings\Lapeyre\Application Data\ooau.exe R0 …

Leg, I've merged you other thread into this one. Please do not start multiple threads for a single question; it just confuses things. Thanks for understanding :)

If the updates don't fix it, have a read through these suggestions: [url]http://inetexplorer.mvps.org/answers_5.htm#msvcrt[/url]

[QUOTE=Catweazle](This is a hardware question by the way. Could it be moved to the Hardware section please?)[/QUOTE] Yes- done.

Hi- welcome to TechTalk! First of all, you need to run HJT from its own folder; not from a temp/temporary folder (which you are doing now), not from the desktop, and not directly from your C:\ directory. You should also close [i]all[/i] programs before scanning. Secondly- your filesharing programs [i]need …

Any error messages in your log files that might shed some light? Use the Event Viewer in your Administrative Tools package to view the logs.

Any idea what you did to fix it? Posting that info could help others who might have the same problem... -Thanks

Create a separate folder for HJT instead of running it directly from your root (C:\) directory. Run HJT from that folder and have it fix: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\hflond.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\hflond.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://195.225.176.5/"]http://195.225.176.5/[/url] R1 - HKCU\Software\Microsoft\Internet …

Mozilla, Netscape, FireFox, Opera, etc. are all stand alone, fully functioning browser; they have no interaction or dependence on IE. This is generally considered a Good Thing- those browser are not an integral part of the OS (IE is), so they present less of security risk in terms of viruses, …

[QUOTE=bluedos82][size=2][b][color=DarkRed]but the numbers that I put in do not stay.[/color][/b][/size][/QUOTE] Could you clarify that please- exatly what numbers are we talking about?

How is your page caching set up in your Internet Options control panel? The settings are under the "settings" button of the Temporary Internet Files section of the General tab of the control panel. In the "check for new versions of stored pages" options, force it to "every visit to …

That could be caused by a [i]number[/i] of things. - Can your friend boot into safe mode? - Has he changed anything software or hardware wise just prior to the problem's beginning? - Has he tried a system repair by booting into the recovery console from the installation CD?

A conversion kit of that sort would allow you to install your desktop/tower computer in a standard 19" equipment rack. They usually come in one of two flavors: a kit which either has sliding rails or a shelf unit which allows you to mount the entire computer (chassis and all) …

There are still a couple of suspicious items in there. Did you run your AV and spyware utilities while booted into safe mode? If not, try that.

- You can safely have Ad Aware and SpyBot fix what they find; they're pretty spot-on. - The different procedures are due to th efact that there are so many malicious programs out there (with the number growing daily) that there's no single "catch-all" utility to remove all of them. …

I've moved this to our Security forum, as that's where we concentrate on "spyware" problems. At the very least, you've obviously been infected with the MySearch malware; some specific info on that can be found here: [url]http://www.mac-net.com/445088.page[/url] Download and run the (free) spyware detection and removal programs listed in my …

I'm moving this to the Networking forum; you'll get some network-savy eyeballs on your question faster there. As far as mapping goes, there are a few products mentioned here (although I don't know if any of them can pull the AD data in the way that you describe): [url="http://www.pcquest.com/content/networking/2004/104040704.asp"]http://www.pcquest.com/content/networking/2004/104040704.asp[/url]

If the whole point of this venture is to migrate to XP, you should just purchase a load of XP and start fresh. (especially since you sound pretty sure that the Win 98 disk is probably damaged). The fact that you get no graphical desktop after the b0rked 98 install …

Hi steviegee16, Please read the post right above yours concerning the need for you to post your question in its own separate thread. You'll get more attention that way, and you won't add confusion to the troubleshoot we're doing for the original starter of this thread. Thanks :)