Posts by DMR

Can you post new HJT log so we can see what might have changed?

I moving this to our Security forum since the problem is "malware"-related.

Have a read through the following thread for info on some of the recommended spyware removal tools:

http://www.daniweb.com/techtalkforums/thread5690.html

A download accelerator is a type of third-party download management sofware which offers (supposedly) faster download speeds than your regular browser. I think what Alex is alluding to is that such a program might be corrupting the downloaded video images.

By the way- being "stuck" with Netscape isn't a bad thing; Internet Explorer is much more prone to spyware/adware/virus/trojan/etc. attacks.

Please move this to the Security forum where it goes. You will get more help there.

Moving now...

teleute,

Links to the recommended spyware removal tools can be found here:

http://www.daniweb.com/techtalkforums/thread5690.html

Run the utilities we mention in that thread and then post a fresh HJT log if you're still having problems.

Marking as solved...

:)

I have the same problem as first reported...

Hi ashdata, welcome to TechTalk!

As a new member, I would ask you to read our posting guidelines, especially the "Post in the correct place" section. For reasons of clarity, we ask that members not post their question in a thread started by another member, regardless of how similar the two problems might seem. When multiple questions from multiple members are being asked and answered within a single thread, it can quickly become difficult to discern exactly which answers relate ot which question. It also takes the focus of the thread away from the original poster's problem.

With that in mind, I'll ask that you post your question in its own thread; once you've done I'll delete this one.

Thanks for understanding,

-Dave
__________________

Most of those search results will tell you simply how to manually synchronise the clock.

Umm... ???

Many of those links describe how to do what you suggested earlier:

"Are you using Windows XP with broadband Internet, marceta? If so it is possible to alter settings so that Windows synchronises with an online atomic clock at frequent intervals."

yes i have a cable connection, how do i do this?

Instructions can be found in these links:

http://www.google.com/search?hl=en&ie=UTF-8&q=clock+synchronize+%22windows+XP%22&spell=1

I'm new here so please excuse my mistakes here !

No mistakes made; nothing to worry about there. :)

From what you describe, it does sound as though you might have gotten infested with spyware and the like. Read through the threads in our Security forum for ways to find out if that's truly the problem, and if so, how to resolve the issues. Read this thread in particular:

http://www.daniweb.com/techtalkforums/thread5690.html

I'm closing this thread because it was essentially dead-

Until yesterday it hadn't had a response in about 8 months, which means the original poster has solved their problem long ago or has just decided not to return to our site- No need to bring this one back from the grave.

As the original problem in this thread has been solved, this thread is essentially closed.

Members who might be experiencing similar problems should start their own thread and state their questions there.

shortone,

Being new to this site I'm sure you aren't aware of this, but we do ask that members start their own thread when they have a question rather than "piggybacking" the question onto a thread previously started by another member (regardless of how similar the 2 problems might seem).

For one thing, the piggybacking diverts the focus of the thread away from the original poster's problem, and for another, your question won't get the attention that it would if it were in its own thread.

With that in mind, please post your question in its own thread, and try to provide as much detailed info as possible when you do (the exact text of error messages, your version of Windows and the program(s) you're having trouble with, etc.)

Thanks for understanding.

15 gig was the size of the new one and it was 8.5 gig that it read. the one that went to hell was a 40 gig

Hmm...

8.5G is the limit that existed before the implementation of Extended INT13 BIOS calls. Did you accidentally change any of your drive-related BIOS settings?

Sorry for the delay- the rest of the week just got very crazy.

Ok- you have a handful of nasty trojan/backdoor infections as well as a couple of bits of spyware.

I see that you're running both AVG and Norton; you should only use one AV program at a time. I'd highly suggest making sure your virus definitions are up to date and running a full system scan with one of those utilities. Additionally, you should probably do one of the free online virus scans:

http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.ravantivirus.com/scan/

-------------------------------------------
In HJT, check and fix the following:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [W1N32.DLL] C:\WINNT\WINLOGON�*.exe
O4 - HKLM\..\Run: [NAV Live Update] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lknqXXX.exe
O4 - HKLM\..\Run: [Windows Explorer] Explorer�*.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\cab\back32.exe C:\WINNT\system32\cab\service.exe
O4 - HKLM\..\Run: [Norton AntiVirus] C:\WINNT\SYSTEM32\fqqe.exe
O4 - HKLM\..\Run: [msupdate32] c:\winnt\system32\vga.exe
O4 - HKLM\..\Run: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\Run: [gqegbvqvc] C:\WINNT\SYSTEM32\fqecvs.exe
O4 - HKLM\..\Run: [vaxxa] C:\WINNT\SYSTEM32\vdars.exe
O4 - HKLM\..\Run: [davadqqec] C:\WINNT\SYSTEM32\fdfdq.exe
O4 - HKLM\..\Run: [Ssdqwa] bgdw.exe
O4 - HKLM\..\Run: [vdata] C:\WINNT\SYSTEM32\fqecs.exe
O4 - HKLM\..\Run: [sghvvnra] rFeaturePres
O4 - HKLM\..\Run: [bsfqwa] ggwdw.exe
O4 - HKLM\..\Run: [gvrcub] C:\WINNT\mymw.exe
O4 - HKLM\..\Run: [BDDVK] C:\WINNT\system32\BDDVK.exe
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINNT\Temp\RECOVE~1.EXE
O4 - HKLM\..\RunServices: [Windows Explorer] Explorer�*.exe
O4 - HKLM\..\RunServices: [Microsoft Netview] gesfm32.exe
O4 - HKLM\..\RunServices: [Ssdqwa] bgdw.exe

i can not ping other computers on the network
i can ping the net

Are we talking about pinging the LAN computers by URL or computer ("NetBIOS") name, or by IP? Same question for sites you can ping on the Net.

Alex, the full link you gave me seems to not work or be expired; it just takes me to the main http://support.dell.com/index.aspx page. I did try cutting and pasting the link as well with the same result.

What you might want to try is doing it in a different order. Remove the Winsock stuff, then restart. Then, reinstall TCP/IP on one of the interfaces, then restart.

Sorry, I did so much with this box that I forgot to mention that I tried that as well.

After that, run netsh int ip reset log.txt. That's worked wonders on a lot of systems I've had to fool with. Also, it wouldn't hurt running ipconfig /flushdns.

Sorry again- but as above; I just spaced on mentioning that I tried those as well. Didn't do the trick.

Other than that, I'd suggest either running sfc /scannow, a repair reinstallation, or the big one-- an OS reinstall. I'd say about 6 out of 10 of these issues I've encountered have resulted in an OS reinstall.

Yeah, sfc is next; haven't had a chance to do that yet. As far as the reinstall, I'm ready for that too but was just hoping to avoid it. Hmm... I wonder how he'd feel if I installed that "real" OS that we deal with instead of XP Home? ;)

Thanks for the input Alex; I'm off to check out the link you provided right now.

-Dave

try going to 192.168.1.1 where you can edit your linksys router settings it is the same place you would go for port forwarding and that sort of stuff. there you should be able to fix any problems with tcp/ip stack. if not go to network connections and try and reinstall the tcp/ip protocol if that does not work than i have no idea

Hi mikeandike22,

Thanks for the input, but as I said- this issue is not related to the router in any way. My laptop and his other machine work fine on his network, and his problematic machine exhibits the same symptoms on the network at my office. This problem is local to the machine.
As I also said in my first post, I have tried the stack fixes and reinstalls.

Thanks anyway though,

Dave

Win 2000 should also give you the option of totally reformatting your existing partition when you install it.

Letting us know a few things would help:

- The name of your ISP

- Is the Linksys router acting as the DHCP server for the machins on your LAN?

- Once you did the restore, did you reverify/re-enter your TCP/IP settings as required by your ISP?

- You mentioned DSL; does your ISP require that you have PPoE or PPPoA software installed and configured? If so, is it?

- Can you ping the router by its IP? The BEFSR41 default IP is 192.168.1.1.

- Can you ping other computers on your LAN either by their "computer" name or by their IP address?

- Can you ping sites on the Net by their IP or URL?

For example, open a DOS box and try the following commands. Let us know the results:

ping 192.168.1.1
ping www.google.com
ping 64.233.167.99 (Google's IP address)

Erp?!

You edited your post while I was responding- does that mean you nailed the problem?

Hi babycakes, welcome to TechTalk!

I'm moving this to our Security forum, as that's where we concentrate on spyware and virus related problems.

The bridge.dll problem is quite common, and we've addressed it here many times before. Have a read of this post by one of our moderators; it has a bit of info on the problem, and a link to a good description of how to get rid of it.

:)

Hey all,

A friend of mine's kid got a bad load of malware and viruses into his network. I cleared everything out as far as I can tell and repaired one machine, but I think one of the nasties stomped on the TCP/IP stack of the other box pretty hard. I think I've covered all the bases and am now looking at a reinstall of the OS, but I thought I'd see if anyone else has run across this before I do that.

LAN setup:
- Comcast cable modem (motorola); Linksys BEFSR41 router; Linksys WAP11 into one of the Ethernet ports on the router. Router acts as DHCP server to LAN.

- Old Compaq Presario desktop machine running 98SE; wired connection to router. Among other nasty deeds, the malware did the LSP Fandango on the box, but I was able to repair it. This box is fine now.

- New Dell Inspiron 8600 laptop running XP Home (the problem machine).
Laptop has:
- Broadcom 440x Ethernet
- Dell TrueMobile 1300 Wi-Fi

Known conditions:

- LAN/Internet infrastructure is working. Win 98 box and my laptop (connected by either Ethernet or wireless) function perfectly.

- Both machines can ping each other by IP, as well as the router.

- Both machines can ping Internet locations by IP.

- Laptop cannot ping by URL- ping requests time out.

- Laptop can ping the loopback device using either …

Whatever the reason for DSO exploit warning in SpyBot- from my experience in using the program, it almost always comes up, and I'm not really convinced that it indicates anything nasty in particular either. I want to research the issue further to get amore definitive answer; when I do I'll post the particulars....

Glad we could help. :)

Did that solve your problems? If so, I'll mark this thread as solved.

I remember reading someplace that when SpyBot barks about DSO exploits, it has to do with your ActiveX settings in the Internet Options cotrol panel being too "loose". However, I've also read that the DSO warning is either a bug in SpyBot itself, or is triggered by some bug in IE and/or Windows code. You can read more about it in this Google search.

Have HJT fix the following entries and see what happens:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Michael\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {E1EC2C77-DD85-4264-87BD-EFCF53BD67C5} - C:\WINDOWS\System32\eegndl.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Acti...iveLauncher.cab
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} - file://C:\install.cab

Reboot, and then:

Have the View option in Windows Explorer set to show all hidden and system files
Empty all Tempory Internet folders
Clear your cache and cookies
Find and delete the entire WildTangent folder
Find and delete the C:\install.cab file
…

Sorry, my bad- I didn't mean to say "virus" scan; just a finger-foul on the old keyboard.

:p

There are general "best practice" steps you take to lessen your chance of reinfection, and there are also a couple of programs you can download which will actively block some spyware activity. All of this is described in the following article; give it a read:

http://www.computercops.biz/postlite7736-.html

If this seems to happen only for secure areas of sites (such as the "payment page" at ebay that you mentioned), I check through the security settings in you Internet Options control panel; something there (SSL settings perhaps) might have gotten altered somehow.

Also- can you get to Microsoft's Automatic Update site? If so, make sure you install all of the lastest patches/upgrades for IE and Windows itself.

If you can download another browser such as Netscape, Opera, or Firefox, do so and see if the problem occurs there as well.

To start with, Have HJT fix the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\wizard\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\wizard\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\wizard\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\wizard\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\wizard\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\wizard\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll

Once done, reboot into safe mode and delete all of the files referenced in the above log entries. You might have to set WIndows Explorer's "View" options to show all files and folders, show hidden and system files, etc.

You might also want to have HJT whack these as well:

O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

Once all of that is done, purge your cookies, Temporary Internet FIles, and History. Empty your Recycle Bin after that.

Understood- HJT logs can be very specific.

If you haven't already, please use Windows' Automatic Update facility to make sure that your system has all of the lastest critical security patches and bug fixes installed; that may very well solve the Data Source Object (DSO) exploit issue.

Have you checked your system for viruses, spyware, adware, and the like? Those programs can often cause such unexpected behaviour in IE. Have a read through some of the threads in our Security forum suggestions on free detection/removal tools you can use to scan your system.

Can you tell exactly which USB devices are giving you trouble, and what exact errors or symptoms you get when trying these devices?

Also tell us which version of Windows you're using, including Service Packs.

Although unlikely, you would have to tell exactly how your drive is partitioned in order for us to see if that's an issue.

I'm with Alex (alc6379) on this one though- it does sound as though some other running process is keeping the virus scan from doing its job. Can you run a sucessful scan if you boot into Safe Mode?

There are some known issues and gotchas with the "read-only" attribute setting in different versions of Windows. Maybe some of the results from the following Google search will help shed some light:

http://www.google.com/search?hl=en&ie=UTF-8&q=windows+attribute+%22read-only%22+&btnG=Google+Search

OK- just got back from my girlfriend's kid's birthday dinner, and I'm off to bed soon. If no one picks up on this before tomorrow morning I'll get back to you then. Your log shows some obvious "nasties" in it, but it also has some suspicious looking stuff in it that I'm not sure about and just don't have the time to research tonight.

I know, Terry- just joking a bit; your advice is actually on the mark.

eerrr..... uummmmmm.........

Make sure when you're removing those add-in cards that you don't remove the display card. A PC will not boot without a display card, so if an add-in card is all you've got, then you need to leave it in there!

True, but sorry- I thought that one would land well on the obvious side of the fence... :p

You might want to post your HJT log and a description of your problem in a thread in our Security forum just so that we can see if the log still indicates any "nasties".

Permissions for a file (or folder) can be "inherited" from the permissions set on the folder into which you move them. Check the permissions on the files themselves and also on the folders that contain them by right-clicking on them and choosing "Properties". In the resulting Window, look through the settings in the General, Sharing, and Security tabs. Info in those tabs will show you the permissions and attributes ("read-only" is an attribute) for the given file or folder. Clicking the Advanced button in the Security tab will show you whether or not a given item is inheriting its permissions from those set on the enclosing (parent) folder.

Also remove any PCI cards and all but 1 stick of (known to be good) RAM; you may have only fried a peripheral component and not the entire mobo.

Do Ad Aware and/or SpyBot actually find anything? If they do, you can safely have them fix what they've found (do not fix anything with HJT for now!).

Does this perhaps have something to do with file/folder permissions? The reason I ask is that you describe different behaviours when copying files as opposed to moving them, and tranfer/inheritance of file permissions does differ between the two operations.

Also:

- when you say that you can't open files, do you get an error message when you try? If so, what is the exact error?

- If you're trying to open the files just by clicking on them, can you instead open them from the File/Open menu within a suitable application?

To get rid of the specific BRIDGE.DLL error, have HJT fix the following entry:

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

You have a lot of other problems as well; please download and run Ad Aware and SpyBot (instructions in my sig below). Let those programs fix what they find and then post a fresh HJT log.

Also- delete all of the contents of your Temorary Internet folder, the contents of your Recycle Bin, and your cookies.

Glad we could help.

In terms of your Winamp question- yes, we probably can help you. Since you're using Win 2K I'd suggest starting a new thread on that question in our Windows Nt, 2000, XP, eTc forum. When you do, please give us much exact info as to any error messages or the like that you get when trying the install.

HI mcclausky, welcome to TechTalk :)

This being your first post I'm sure that you aren't aware of our posting guidelines, but we do ask that members not tag their questions on to a thread previously started by another member. Answering multiple members' problems in a single thread can quickly get quite confusing.

Please post this question in its own thread.

Thanks,

-DMR

Have HJT fix the following entry; that will eliminate the error message:

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\system32\bridge.dll",Load

Also-
I'm moving this to the Security fourm; that's where we deal with HJT log analysis and "spyware" issues in general...

So if you just need fast help how come you didn't post your log in you own thread yet .

Oh, come on cj- go easy on the newbies... :mrgreen:

EvilSp0rk-

In all seriousness, what cj is alluding to is correct- all of the people who post here need fast help, and the best way for them to get that is to start their own thread. By doing so yourself you'll get more expert "eyeballs" focussed on your particular problem.

thanks guys but it was a regristry thing. I had to delete files in ie browser helps. I am okay for now, opened, surfed, checked mail accounts, played games, and then able to close, on five attempts it worked!

Does the above mean that you've solved the problem? If so, I'll mark this thread as solved.

goose88,

First of all- Welcome to TechTalk. :)

As you're a new member I'm sure you aren't aware of this, but we do ask that people abide by our "one member's question per thread" policy for reasons of clarity (among other things), regardless of how similar you problem might seem to one that has already been posted.

Please start your own thread and ask your question there. When you do, also try to give us as much information as possible concerning your particular problem. In your case this might include specifics such as your version of Windows, the make of your modem, the name of ISP, etc.

Being a new member, you should probably also have a read of our posting guidelines in general:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.