Posts by DMR

You're welcome, glad we could help! :)

No CD or floppy drive?? Unless you can get the laptop to boot from that DVD drive you're kind of stuck.

If you want to reformat your system drive, you won't be able to do that when booted into the Windows installation on your drive anyway- you'll need to boot from a Windows install CD and you will then be able to choose to reformat your drive as part of the installation process.

I hate to even ask this, but since a neighbor of mine actually did this a couple of weeks ago and (obviously) got the same error message:

Are you sure you're plugging the phone line into the modem jack and not the Ethernet jack? On many laptops that come equipped with both interfaces the connectors are right next to each other; it's easy to plug into the wrong one, and the (smaller) phone line connector will fit into the Ethernet jack.

- Can the drive read disks?

- What burning software are you using?

- Does Device Manager see the drive and report it to be functional? To find out, right-click on your My Computer icon, choose Properties, go to the Hardware tab, and click Device Manager.

You're welcome; glad we could help. :)

Well, at least you got your avatar... :p

Let's take a few steps back-

You first indicated that the computer was freezing because the Radeon was unstable, and also said that a reformat didin't help. What makes you believe that the video card is the culprit, and have you ruled out the possibility that perhaps a hardware fault is the cause and not the driver?

It could be anything from a corrupt video driver to a hardware problem with the video card or the monitor itself. If you can, try switching monitors with another computer; that will at least tell you if the problem lies with the monitor or within the computer.

Also- to try to eliminate the possibility of a corrupt video driver, see if the monitor exhibits the same problem when you boot your computer into Safe Mode. To get into safe mode, hit the F8 just as the computere boots up (just as or before you see the Windows startup message).

OK- you've got a number of things going on (and going wrong); one of the indications of that is that you have programs running from your C:\Documents and Settings\ashleyorlib\Local Settings\Temp directory. Legit programs are never run from Temp directories.

Before you do any thing else:

- Reboot into safe mode and, for every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Find and delete the following files:

C:\WINDOWS\System32\MtyJ62F.exe
C:\WINDOWS\System32\dp-him.exe
C:\WINDOWS\System32\SearchBar.htm
rpcend.exe
msrrv.exe

- Also delete the entire content of your C:\Windows\Temp folder.
- Empty your Recycle Bin.
- Reboot normally.

If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. The same goes for any messages concerning .exe files- those are the files you want to delete.

After rebooting, rerun HJT and have it fix any of these entries if it finds them:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

Any HJT entries which indicate "(file missing)" or (no file)

O4 - HKLM\..\Run: [BQW] C:\documents and settings\ashleyorlib\local settings\temp\BQW.exe
O4 - HKLM\..\Run: [ML] C:\documents and settings\ashleyorlib\local settings\temp\ML.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\MtyJ62F.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [A] C:\documents and settings\ashleyorlib\local …

Thanks for that Ashley.

Now that we can see the full info though- I see that you're not using the latest version of HJT. Sorry to say this, but you need to download the latest (1.98.2) version and post the contents of the logfile that that version generates.

A) Yes, if the driver doesn't work for you, you should be able to go into the video card's properties in Device Manager and use the "Rollback" option to revert to the previous driver.

B) The picture you asked about is called a Custom Avatar. You can get more info about that by clicking on the "User CP" menu option at the top of the forum pages and then choosing the "Edit Avatar" option.

I have downloaded Spy Sweeper and the problem has gone.

adria

Glad that worked for you. Traditional anti-virus programs don't do a very good job of detecting "spyware", so you do need to run anti-spyware utilities in conjunction with your AV utility

Hi Ashley,

The contents of the logs you posted are incomplete- please run HJT again and choose the option to save the logfile once the scan is done. Once you've saved the logfile you should be able to open it Windows Notepad; select all of the contents of the file from there and paste it here.

There is a Win XP video driver package for the R32 on IBM's site which has a release date 2 months newer than the date you gave for your driver. The package date may not be the same as the actual driver date though, but you might want to have a look:

http://www-1.ibm.com/support/docview.wss?rs=0&q1=r32&uid=psg1MIGR-43146&loc=en_US&cs=utf-8&cc=us&lang=en

Hey M_S, I'm going to merge the Radeon posts here into your other thread on the subject in the Windows forum- lets follow the video card issue up in that thread since it's Windows-related.

Hey. Why have u stopped help me?
someone give me some more solutions.

Pardon me, but we work here on a volunteer basis, have real world responsibilities, and have others to help when we are here.

It does, and no doubt offers some level of security, but since a lot of this garbage out there today finds ways to circumvent that siv we call MS security, I don't have a lot of faith in it.

Granted, and agreed.

But I think a bigger problem is the number of applications that won't work at all for a limited user, mine included :( .

Yes- unfortunatley, I've run into that problem as well. The restrictions are too "global" in that aspect with a normal stand-alone, multi-user computer; you just can't get the finer levels of permission controls that you could in something like a domain environment. Too bad MS decided to make it that way...

Could be a number of things.

- Do you get any more info in the error messages than "Run time error, do you wish to debug?"?

- Does the debug error seem to come from Internet Explorer, or do you also get when IE isn't running?

and everything started acting strange

Please elaborate on that if possible. Remember- we aren't sitting at your computer, so giving us as much specific info as you can will help us get this solved most quickly.

Please post more specific info on the exact text of the error messages if possible; we'll be able to get you a solution more quickly that way.

I understand, but our posting guidelines are pretty clear about what content belongs in which forums, and the techical forums are for resolution of technical questions and problems.

Also, concerning the following:

I put this thread in the windows section in hopes that the thread will be viewed by the adamant microsoft supporters who frequent there

No offence meant at all, but what's really the point? The whole "merits of Windows vs. Linux" issue is a horse which has been flogged to death countless times over. Personally, I use both operating systems pretty heavily- I know them both very well, and both have their strong and weak points. However, "which OS is better"-type questions are highly subjective, and as such, you'll only get a million or so different opinions if you ask that type of question.

Grrr.. I was afraid that would be the situation with XP Home. Still, while a Restricted user account might allow downloads, does it not prohibit the actual installation of downloaded (and other) porgrams? I was under the impression that it did.

Hey Starry- see my response in your previous thread if you haven't already:

http://www.daniweb.com/techtalkforums/showthread.php?p=45356#post45356

However, continue posting your questions related to the video issue here, as your previous thread was dealing with another separate issue.

Thanks.

The R32s ship with the Radeon 7000, yes? Can you tell us exactly which video driver you're currently using? To find that info:

- right-click on the My Computer icon and choose "Properties"

- In the resulting window, click the "Hardware" tab and then click "Device Manager".

- Double-click on "Display Adapters", and then double-click on the Radeon card's entry.

- Click on the "Driver" tab in the resulting window, and post all of the info listed there.

If that doesn't work, try emptying any program/system cache folders. I've run across instances where the fact that you recently accessed a file on a floppy gets "remembered" by a program or even by the OS, and because of that your floppy drive gets checked to see if the file is still available. I remember that I used to have occasions where I'd fired up Word and the "Please insert a disk into drive A:" dialog window poped up right as the program was finishing loading. It turned out to be caused by the fact that in those instances I had worked on a document that was stored on floppy, and that document was still listed in Word's cache of recently-used files.

Yeah, the Messenger service (which has nothing to do with messaging programs like msn, aim, and the like) has a security flaw which allows outsiders to send you unwanted pop-up ads. Download and run "Shoot the Messenger from here:

http://grc.com/stm/shootthemessenger.htm

Have you added any new software lately? It sounds like something loading in the background might be doing a quick disk scan.

go to control panel ,Users and create a new acct with limited axcess,then make sure you passworded you Admin acct.and your acct ,.

Yes, creating an account which is a member of "Restricted Users" should prevent the user from installing programs.

You can also get some pretty fine granularity of control over many security-related aspects of the system through snap-ins in the management console (on XP Pro at least, not sure about the Home edition). Click the "Run..." option under your Start menu, type "mmc" (omit the quotes) and hit enter to open the console. In the File menu, choose "add/remove snap-in" and then click the "Add" button in the resulting window. That will bring up a list of modules which you can use to manage the policies for several different aspects of your computer.

Since this thread is of the "comments and opinions" sort, and does not concern a technical problem/question with Win NT/2000/XP/2003, I'm moving it to the Geek's Lounge.

I've gotten lots of tips on recovering data. Everything from changing the orientation of the hard disk (make it vertical, its narrow sides pointing up and down). Manually spin the disk, etc.

Tapping/rapping on the drive with your knuckle or the handle of a screwdriver might get the drive to engage; just don't whack it too hard.

Also- as crazy as this sounds, putting the drive in your freezer for a few hours might get it functioning long enough to copy off the data:

- Remove the drive and place it in an anti-static bag.

- Place that bag inside two zip-lock freezer bags; suck as much air out of the bags as possible.

- Leave the drive in the freezer for at least a few hours.

- With the drive still in the baggies (keeps the cold in longer), hook the drive back up to the computer and power up.

If the drive comes up, you may only have about 20-30 minutes before it heats up and stops working again, so get copying quickly. I'd suggest you start by copying your most critical data first just in case the drive dies during the copy process.

I performed the above proceedure on a client's drive last week, and it worked.

camelNotation:

In your post you stated: "I was asked to read and post in this thread", but I think you misunderstood; what I had asked you to do was to read the suggestions in caperjack's post in this thread, not to put your own post here.

I've split your post into its thread located here:
http://www.daniweb.com/techtalkforums/showthread.php?t=9286

Uh-oh... I'm not entirely sure that's a Good Thing. Better make sure you have a spare NIC hanging around just in case... :p

Hiya you could always try using spybot-sd link below.

http://www.spybot.info/en/index.html

i have been using it for ages and never had any problems well give it a whirl and i hope it sorts out your problem. :-)

Definitely. When used together, SpyBot and Ad Aware will get rid of the majority of the "nasties". Run them consecutively (the order doesn't matter), rebooting after each program has completed its scan and fixes.

Yeah, it could vey well be the spyware/virus that's fighting your downloads. I don't know if you'll have any better luck getting HJT and CWShredder from the link below, but give it a try:

http://www.stevewolfonline.com/Downloads/DMR/DMRCA/Malware%20Utilities/

Also, if you have access to another computer with a CD burner, download the programs onto that machine, burn them to CD, and install them on your machine that way.

Should I try another spyware detecting program?

Yes, but I don't have time to respond in detail right now (dinner time on my end of the world).

I'm moving this thread to our Security forum so that our "spyware" experts can offer their input. Have a look through the threads in the security forum to find out what other programs you can use to help rid yourself of your "unwanted guests".

Now, for point B, I agree with you again. However, I was looking at it this time from a Joe Sixpack or a one-OS is fine for me standpoint...

Oh, I definitely agree that looking at this from the "Joe Sixpack" perspective is a Good Thing. I just threw that out there because I know that many of here deal with the "Tommy Twelvepack" side of it... you know- 1 six pack of Windows, 1 six pack of Linux (or BSD). :mrgreen:

Yes- POP seems to be some sort of online dating crud. It is an indication of a malware infection, and could certainly be connected to your Internet Exploder problems. I'm moving this to our Security forum so that our experts there can offer their advice.

Could you give us more specific information on exactly what problems you're having with IE? Having that information could help us more quickly pinpoint the culprit.

What does the pop-up window say? It obviously shouldn't be there, and it could certainly indicate that you've got malicious programs on your system. Remember that no single utility, included Ad Aware, will be able to detect and remove all possible infections.

In your Internet Options control panel under Temporary Internet files->Settings, what is the "check for newer versions of stored pages..." option set to?

Are you using a separate email program such as Outlook or Eudora, or is your email a web-based service like Yahoo?

Sounds like you might be infected with viruses or other malicious programs. They can alter Internet Exploder in some pretty nasty ways, and considering that you say Opera is working fine....

Have a read through the threads in our Security forum to find out where to download and how to use the recommended "spyware" detection and removal tools. The utilities we recommend such as Ad Aware, SpyBot Search and Destroy, HijackThis, CWShredder, etc. are trusted, effective, and free.

If these programs do detect spyware on you system and you have further questions/problems in that area, please start another thread in the Security forum, as that is where we concentrate on such issues.

Since this is spyware-related, I'm moving this to our Security forum. Read caperjack's post in the following thread; he gives instructions on how to use a few other helpful spyware removal utilities, as well as instructions on how Ad Aware can be configured to scan your system most effectively:

http://www.daniweb.com/techtalkforums/thread9076.html

Thanks for the follow-up dmbfan819... I'll mark this thread as solved now.

:)

Webhancer had been previously removed through the add/remove programs, but had apparently left some pieces of itself behind.

Yes- the WebHancer uninstaller is bogus; it does leave pieces of itself on your system.

One question remains: Should I let HJT fix
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank ??

It would be safe to do that, yes.

I also tried deleting the dll file that bho demon detects but it just keeps on coming back with a different name.

Yes- unfortunately, many of these malicious progams have the ability to change the names of the files they create and use. You won't get anywhere by trying to delete these individual files, as they are only components of the main program, which is hiding elsewhere on your system.

I would have done a system restore but I found out that my brother turned it off, so its no use.

That's actually OK- if your system was infected at the time that previous restore points were saved and you did a system restore now, you would restore the infections.

Can you reach this site?:

www.stevewolfonline.com

If so, I'll post copies of the removal utilities there for you. If not, I can email them to you. Don't post your email address here though- contact me via a Private Messages.

The Ad Aware download is the installer program. If you double-click on the downloaded file that will start the installation wizard; it should be pretty straight-forward from there.

Once you have the program installed you'll have an Ad Aware icon in the Programs menu under your Start button, and perhaps an icon right on your desktop as well. Click on the icon to start Ad Aware, and before actually having the program start a scan, do the following:

- Click the "Check for updates now" link and go through the update process. If it finds a newer reference file than the one you are using, choose to install it.

- Click the “use custom scanning options, and then click “Customize

- In Settings, under 'scanning' - have it set to:
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'

- In 'tweaks':

under 'scanning engine', set it to: 'unload recognized processes during scanning.'
under 'cleaning engine', set it to: 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.'

- Select 'activate in-depth scan' before starting scan.

- run the scan (this can take some time). When the scan finishes, select all of the items Ad Aware has found and have it fix them.

- Delete the contents of all Cookies, Temp, …

Since you've indicated that you have spyware/hijackware problems, I'm moving this to our Security forum so that our security experts can give you their input. :)

1. If your version of Windows has the option of booting into "Safe Mode with Networking Support", try that. To get to the Safe Mode menu, hit the F8 key as your system first starts to boot (right at the end of the BIOS messages on the black screen, just before the "Starting Windows"-type message appears). That might at least allow you to get to the download sites.

2. If you can get to the CWShredder site, also download another program there called HijackThis.

3. If you cannot get to Merijn's site, let me know and I will send you the current versions of CWSredder and HJT.

*Both before and after performing "spyware" removal procedures, it is a very good idea to delete the contents of all Cookies, Temp, and Temporary Internet Files folders and then empty your Recycle Bin. Rebooting after doing so is also a good idea.

1. To start with, you are infected by a WinTools variant. Carefully follow the instructions in the link below to remove it:

http://www.pchell.com/support/wintools.shtml

2. Have HJT fix the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.piyovwjyalldzh.info/yJQs...PLraVt7Sf8G.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: CnfSearch Class - {D7CD08F0-D691-11D8-9669-0800200C9A66} - c:\winnt\system32\ConfuSearch.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [ObjBiasSeekDumb] C:\Documents and Settings\All Users\Application Data\4 heck obj bias\Axis Heart.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0100131...ip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/sof...nch/alaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4...21/cpbrkpie.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/ver...en/AMClient.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure …

Much info on the backWeb-7288971.exe file can be found in the links below:

http://www.google.com/search?hl=en&ie=UTF-8&q=backWeb-7288971.exe&btnG=Google+Search

...and the HijackThis log as well

Please do not advise people to post HJT logs or other virus/spyware/security- related info in this forum. All posts/questions of that sort need to be posted in our Security forum.

Thanks.

At the top of the screen a message flashes that starts with “Error…

Can you catch any more of the text of that error before the screen blanks? That could help us narrow things down.

Is this the password for the built-in "Administrator" account, or simply an account you created that had Admin-level rights?