Posts by DMR

Ok-

1. Close all open programs except HJT. Have HJT fix:

O4 - HKLM\..\Run: [wyreg] C:\WINDOWS\SYSTEM\wyreg.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://petite-virgins.biz/dl/adv15/x.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.ruworld.com/chm/files.chm::/file.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe

2. Reboot into safe mode, find and delete:

wyreg.exe
win32x.exe
Q330994.exe

3. Delete the entire DAP folder

4. Delete all Temporary Internet files, including "offline content"
Delete your cookies
Purge your browser's cache
Empty your Recycle Bin

5. Reboot

OK- It looks like the make completed successfully, so you should now have a xine executable in there somewhere.

I don't recall what the actual program's filename will be, but you should be able to find it (and/or documentation for it) in the new xine directory. Once you locate the program you can just create a shortcut to it on your desktop or in your Programs menu

Hey Christian,

I've never had a dependency issue when installing the development/kernel packages from the install CDs. Additionally, those packages are not included in the standard/workstation default install options in Red Hat, so a reinstall, unless done in custom/expert mode (and specifically choosing the development packages) won't do the trick. For some weird reason, RedHat (among other distros) doesn't consider the compiler/kernel packages to be essential... go figure. :?:

Blusignan,

If you are still having problems in regards to your original question, please send a PM to me or one of the other moderators and we will reopen this thread.

jps609 and sibylbanks:

Please read our Forum posting rules.

For reasons of clarity and fairness we ask that members posting a question do so in their own thread rather than "hijacking" a thread previously started by another member.

I'm closing this thread unless we hear from the original poster again; as I mentioned, please post your questions in their own threads.

Additionally, because both of your posts involve HijackThis logs, please start your new threads in our Security forum. Read this announcement posted (by our site administrator) at the top of each forum:

http://www.daniweb.com/techtalkforums/announcement.php?f=10&announcementid=1

http://penguin-skills.com/index.php?action=view&id=54
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.ruworld.com/chm/files.chm::/file.exe

More than that though.

Brian-

A) Run Ad Aware again and let it fix everything it finds.
B) Download and run SpyBot (link in my sig) after running Ad Aware and rebooting. Let it fix whatever it finds as well.
C) Download and run Hijackthis (again, the link is in my sig); post the log file it generates.

Just FYI, here are some of your problematic areas:

- DAP: Download Accelerator Plus. Adware- remove it. More info here:
http://www.pestpatrol.com/pestinfo/d/download_accelerator_plus.asp

- "O4 - HKLM\..\Run: [wyreg] C:\WINDOWS\SYSTEM\wyreg.exe".
C:\WINDOWS\SYSTEM\wyreg.exe is almost certainly an "unwanted guest".

- This is bogus as well: "O4 - HKLM\..\Run: [WinLogin] win32x.exe"

- All of these entries are related to your dialer problem:

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://petite-virgins.biz/dl/adv15/x.chm::/load.exe

O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.ruworld.com/chm/files.chm::/file.exe

O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe

Please read this thread (posted by our site admin) at the top of each forum:

http://www.daniweb.com/techtalkforums/announcement.php?f=32&announcementid=1

Issues concerning virus/spyware/etc, and HJT log analysis belong in our Security forum. I'm moving this there now...

You've still got problems, but I need to log off for a bit- I'll get back to you in a couple of hours if no one else does so in the mean time.

edit: a hijackthis log would be a good start! http://s89223352.onlinehome.us/mirror/hjt/

Yes, but as I've mentioned before: not in this forum. Due to the sheer magnitude of HJT logs that we've been experiencing, posts including those logs need to be put in our Security forum.

In addition to any error messages you might be getting, knowing your hardware specs would help as well.

By the way:

oh uh... have you done anything that would require rundll32.exe to run.

A user may not have done anything explicitly which would cause rundd32.exe to run; like svchost.exe, that program is responsible for loading legitimate system programs. "Malware" programs can abuse rundll32.exe, but the pure fact that rundll32 is active is not necessarilly indicative of a problem.

(Again though- the rundll32 shutdown error would have me looking at a virus/malware infection as well)

oh uh... have you done anything that would require rundll32.exe to run. if not, it sounds like some malcious program is using it for its own puposes... pull out HijackThis and post your log.

BinaryMayhem,

I do agree that is probably a malware issue, but please do not ask members to post HJT logs in any forum except our Security forum. We had to create the security forum primarily due to the overwhelming postings of HJT logs across this entire site, and do ask that members concentrate their "malware"-related posts there. Read Dani's (our site admin) post at the top of each forum concerning this issue:

http://www.daniweb.com/techtalkforums/announcement.php?f=10&announcementid=1

Thanks,

DMR

Glad we could help you get it sorted- marking this one as solved...

:)

checking for gcc... no
checking for cc... no
checking for cc... no
checking for cl... no

Those errors indicate that you don't have a compiler installed, which you will definitely need when installing a program from source code. You probably also don't have the necessary kernel source/kernel header packages installed either (which you will also need when compiling from source).

The compilers and kernel files should be available on your RH CDs and installble from whatever Package Manager you use. In RH 9.0, go to the "Red Hat" taskbar button->System Settings->Add/Remove Applications option, Look for and install the Development and Kernel Development tools.

As for the issue of the removable drive and your music:

How is the drive formatted (NTFS, FAT, ext2, ext3, etc.)?
Where is the drive located on you IDE chain (primary slave, secondary master, etc.)?

:D

the wombat is finally nestling in my underbrush thank you very much.

Glad I could help Kevin, but... don't tell the wife about the Wombat- she might have a problem with the fact that someone other than she was having anything to do with your underbrush.

:mrgreen:

if i could send you virtual home made chocolate chip cookies i would.

Mmm, Yummy- Monster love virtual chocolate chip cookie...

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/CookieMonster.jpg[/img]

Again, glad to have been of help. Happily marking this one as solved...

The following is my Hijack log after deleting the 3 keys you suggested.

Any further ideas.

jps609,

You haven't previously posted in this thread, and none of us have (unless I missed something) suggested deleting any registry keys. Are you sure you responded to the right thread?

Grrr!

OK, keep us posted.

Very cool, goodtaste!

Thanks for the informative follow-up; I'm sure it will help others in the future.

Marking as solved...

Also, you need to remove Download Accelerator Plus- it's adware. More info on that here:

http://www.pestpatrol.com/pestinfo/d/download_accelerator_plus.asp

Follow the DAP removal instructions in the link above, run HJT again, and have it fix the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {B1C0188E-22DB-4912-829F-F1CB131EC904} - C:\WINDOWS\System32\acpbah.dll
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

- Reboot

- Delete the contents of your C:\DOCUMENTS AND SETTINGS\Owner\LOCAL SETTINGS\Temp folder

- Delete C:\WINDOWS\System32\acpbah.dll

- Open the Internet Options control panel and delete your cookies and Temporary Internet files (including "offline content")

- Purge you browser cache

- Empty your Recycle Bin

OK- first, you seem to have had a couple instances of IE open when you ran HJT:

" C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe"

HJT can't perform its fixes fully with the browser open; you should close all browser windows before doing any HJT fixes.

Download and run the "malware" removal utilities in my sig below. Allow them to fix any problems they find and post a fresh HJT log.

Um, did you miss the first post on this forum?:

"Announcement: Post all HijackThis logs in the security forum"

We do ask that members post their questions in the appropriate forum, especially when it comes to HJT logs.

No Biggie though, I'm moving this to Security now- we'll take it from there...

Why not? Do you encounter errors when you try to install it, or is it some other problem?

Yes, WeatherBug is a nasty- kill it.

As far as cidaemon.exe goes, that's a component of Windows indexing service. You don't need it, and it does bog down the system a bit, so you might want to turn indexing off:

Go to my computer and right click on the (NTFS) drives. Click properties and uncheck "Allow Indexing Service to index this disk for fast file searching" in the General tab. Repeat for all your (NTFS) drives. For the iecont.dll and iecontlc.dll issue, make sure you get the latest IE upgrades/patches/fixes; that should solve the problem.

Do the BIOS and the OS recognize the full 512M of RAM?

If you want to rule out bad RAM, download and run memtest86; it's a free memory testing utility.

If the problem isn't really the RAM, open Task Manager and have a look at your running processes. Check for processes that might be using an unusually large amount of resources, and/or processes that might look "suspicious" (as alc6379 said, you could have some "nasties" in your system).

Yes- with a fresh install you will have to reinstall your programs to register them with the new OS.

Try going into Start menu->Settings->Control Panel->Administrative Tools->Services. Find the Plug and Play service, start it, and set the startup type to Automatic.

If it's always stalling in the same place, it could be a bad spot on the disk, but it could also be having trouble with a certain device in your system.

What are specs for the hardware in the machine (vid card, network card, etc.)?

it was really confusing trying to fuiger out what was going on... I had to find jheft's post before I could answer yours!

Yeah, this question was originally "piggybacked" onto that other thread; it didn't traslate too well after I split it out into its own thread...

Don't sweat the SpyBot DSO message- it's a known bug. You can read about it here:

http://forums.net-integration.net/index.php?showtopic=17159&st=0&#entry81148

The presence of FireDeamon.exe and sud.exe indicate a possible trojan infection. See if the following applies to you:

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q294/7/28.ASP&NoWebContent=1

Is it possible that you simply have a DNS problem? The conditions you desrcibe are exactly what would happen if your system couldn't contact a DNS server in the process of resolving URLs to their IP addresses.

Try this:

- Open a DOS box

- Type:
ping 64.233.167.99

and then:
ping www.google.com

If the first works, but the second doesn't (both pings should reasch Google), check the DNS server IP entries in your TCP/IP properties and make sure the IPs are present and correct.

Bummer- nothing else comes to my mind. Hopefully one of our other memebers will offer a suggestion.

Thanks.

Marking as solved...

Glad you got it sorted :)

Glad it worked for you- marking this as "solved"

:)

please read this thread:
http://daniweb.com/techtalkforums/thread7370.html

Also, please read our posting rules- tagging your question onto a thread started by another member is something we are, for numerous reasons, trying to discourage.

The problem could be due to a number of things, including a resource (IRQ or I/O address conflict) or a driver issue.

1. If your BIOS allows, turn off the "Plug-N-Play OS" (or similar) option; this is known to cause problems with PCI hardware under non-Microsoft operating systems.

2. Open a terminal window, type the following commands, and post the results of each (remember that commands in Linux are case sensitive!):

- lspci

- less /proc/interrupts

- less /proc/ioports

- lsmod

- ls -l /dev/modem

(all of the " l " characters in the above commands are lowercase "L"s; some fonts make that hard to determine)

Program installation methods differ depending on the type of program you are trying to install. Redhat uses the RPM utility to manage .rpm programs, but if you have a .tar, tar.gz, .tgz, or similar install file, the steps for installing are entirely different.

From an old post of mine at the *cough!**shameless plug**cough!* other forum I moderate:

In general, RPM (Redhat Package Manager) files contain pre-compiled, ready-to-run programs and associated files such as instalation/usage documentation, etc.
.tar.gz files, on the other hand, often contain the source code for a given program. This isn't always true; but it often is. If that's the case, you'll have to compile the progam yourself; instructions on how to do so are usually included. The .tar.gz extension comes from the following:

The .tar part indicates that the file actually consists of multiple files combined into one large archive file using the "tar" (Tape ARchive) program. The .gz part means that the resulting .tar archive has been compressed using the "gzip" program (similar to zip or Winzip). tar does not, by itself, compress; it only "wraps" multiple files into a single archive file, hence the subsequent use of gzip to actually compress that archive.

If your distro supports the use of RPMs (Redhat and Mandrake do),you have a couple of choices:

- Your distro will include one or more installation program which you can use from within the GUI. These can vary depending on the …

Close Internet Exploder and run HJT again. Have it fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {FED1CF1B-544C-45FF-A600-3B96AA589127} - C:\WINDOWS\System32\gafama.dll
O4 - HKLM\..\Run: [birsiztibss] C:\WINDOWS\System32\wnacob.exe
O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing

- Reboot into safe mode (hit F8 at startup) and delete:
gafama.dll
mxTarget.dll
wnacob.exe

- As for: " O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe", I've heard some questionable things about PC Doctor; you might want to remove it.

- Open the Internet Options control panel. In the Temporary Internet files section, delete Cookies and files (including offline content).

- Empty your Recycle Bin and reboot.

- Install SpywareBlaster if you haven't already; download the latest updates and enable all protection.

Moving this to the Security forum...

OK, you've got evidence of both "spyware" and a possibletrojan/virus in that log. You say that there are no viruses on the computer; did you use a good (Norton, McAffe, etc.) anti-virus program with the most current virus definition updates to thoroughly scan the system? If not, do so.

- Once you've doen a virus scan, read this thread to find out how to download and use Ad Aware, SpyBot, and other free utilities to clean the nasties out of your system.

- It appears that you had IE open when you ran HJT; HJT cannot fully do its job with the browser running. Close all open programs and run HJT again. Have it fix the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [bkh] C:\WINDOWS\bkh.exe
O4 - HKLM\..\Run: [LYIZP] C:\WINDOWS\LYIZP.exe
O4 - HKLM\..\Run: [TZJQW] C:\WINDOWS\TZJQW.exe
O4 - HKLM\..\Run: [CJPWAGNT] C:\WINDOWS\CJPWAGNT.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing

Kind of hard to tell without knowing the exact model of the card.

Has this always happened, or is problem something relatively new? Give us a little more background on that if you can.

.. after i formatted it does not see drive c:..

What exactly do you mean by "does not see" the drive? Are you saying that the installation CD doesn't recognize the drive, or do you mean something else?

I am attaching a hijackthis log for your examination.

Doesn't look like it ;)

Posts involving "malware" issues and HJT logs belong in our Security forum; moving there now...

Plug-N-Play would definitely be part of the picture if the keyboard is USB; is it?

Also- it isn't usually necessary to add drivers for a keyboard. What make/model is the keyboard and what exact software for it did you install?

In what exact part of the installation did it freeze?

Can you verify that the install CD isn't damaged?

When you say a "clean install", does that mean you reformatted the drive?

It sounds that way to me as well, so I'm moving this to our Security Forum.

KimMik1982,

Have a read through the following post to find out how to download, configure, and use a few of the recommended (and free) "malware" detection and removal programs:

http://www.daniweb.com/techtalkforums/thread5690.html

If you have any questions once you've followed the advice in the above thread, please repost with as much specific information as possible.

Marking as (um, I guess...) solved.

:mrgreen:

if you are still unsure of what to do, you can turn of the stupid prompt for the OS in windows. right click my computers, select properties, goto advanced, click start up and recovery, then UNCHECK "display list of operating systems for xx seconds".

Yes- if you don't to risk mucking up your boot.in file (and hence your booting), do as BM suggests.

What sort of tasks, and in what environment? Knowing that would help us give you the specific help you need.

For example: are you asking about administering a W2K domain, a W2K workgroup, or just managing individual W2K workstations?

Perhaps this an issue with the particular driver you're using for the vid card then. Can you go into Device Manager and tell us what exact driver the vid card is using?

Using only one adware/malware removal tool is only a partial approach. You will find the same advice everywhere you go looking for answers - use two or three such tools in combination!

Yes- absolutely. The people who write these removal utilities are always one or two steps behind the #$^$&* who are writing the malware programs; there is no single program which will catch/fix all of the problems.