Posts by DMR

OK- yeah, you've got quite a few nasties there.

In conjunction with Ad Aware, also run SpyBot (link to download is in my sig below); one of those programs will often catch somehting the other missed. Make sure you have the latest versions and the most current updates for these utilities; new updates can be published almost daily.

Do that and post a fresh log. I've got to log off for a bit, but I or another member will give you more direction shortly.

Whoops! sorry, Caperjack, i've butted in by accident.

Yeah, and you dug up a 4 month old thread just to do it... :mrgreen:

Erm- strange.

Do you have any Internet-related software running (a pop-up blocker for example) which might be using the bubble sound as an audible alert?

Moving to the Security forum, fasten your seatbelts...

:)

" C:\Program Files\Internet Explorer\iexplore.exe"

Looks like you still had IE running when you ran HJT. It's recommended that you fully quit your browser before doing the HJT scan, but other than that it looks quite clean.

Did that banish your Gremlins, or do you still feel something lurking?

I agree with what Dani is alluding too- if it had this problem "right out of the box", you may have a diffective or misconfigured machine.

Check Task Manager to see what applications and processes you have running, and see if you can determine if any of those might be "hogging" system resources. You may also have services running which you don't even need; disabling those can speed up your system (and also make it more secure).

Those Who like it like it alot

Them folks is just plain loco is all. :mrgreen:

no keyboard can handle 4 buttons at once, can it????

You've never worked on a Mac I take it, eh? :mrgreen:

Erm, yeah- you don't really want to stick with ME for too long. It's sort of a bastard/stepchild OS with a lot of problems.

heh heh........ :)

Ta

Don't sweat it- I've been more than a bit scattered myself recently...

:)

knaiad,

If you felt like you were being brushed off, I'd like to offer an apology.

We're a relatively new (and relatively small) support site, those of us who moderate and/or provide advice do so on our free time and on a strictly volunteer basis, and to be quite honest, this "spyware" epidemic has overwhelmed us a bit.

Our membership has grown from about 6,000 members to nearly 10,000 members in less than a month, and the vast majority of those new members have joined because they're having spyware-related problems. Put simply, the number of people seeking/needing help has far outstripped the number of member who have the expertise to answer the questions.

Also- because the spyware/adware/hijackware programs are morphing and multiplying almost daily, it takes a lot of time and research on our parts to ensure that we're giving correct advice in terms of solutions. Due to that fact we will sometimes ask that members try previously-suggested solutions first (and will provide the links/resources for them to do so); it's simply a question of not having the time and/or "peoplepower" to address every one of these problems on an individual, case-by-case basis.

Again- our apologies, but I hope my explanation makes things a bit more understandable.

- Dave (DMR)

Yeah, that would be the better way to go IMHO.

Hi moxin,

I'm moving this to our new (or perhaps not-so-new by now) Security forum; that's where we're now concentrating spyware-related troubleshoots.

:)

When you say that you "can't stay on line", what exactly do you mean, and what type of Internet connection do you have?

By the way, this looks a bit odd:

"[rundll32.exe] C:\WINDOWS\System32\rundll32.exe.exe".

Does that entry really have a double ".exe" extension?

Anything in your log files which might point to the source of the problem? Look in "Event Viewer" in your Administrative Tools menu and see if there are any messages or errors which occur right around the time of the freezes.

So it's going to be an ad hoc network, right? That is- no WAP, just the two machines directly connected via wifi with the XP box acting as your Internet gateway. If that's the case, you'll need to configure Internet Connection Sharing (ICS) on the XP box; many tutorials for doing so can be found online.

There's a lot of useful info concerning OS X -> Win XP networking/filesharing in some of the links returned by the following Google search:

http://www.google.com/search?hl=en&ie=UTF-8&q=%22file+sharing%22+Mac+%22windows+xp%22+%22os+x%22&btnG=Google+Search

It's weird, but I've seen this exact problem reported in a few different places lately. It does seem like there's something flaky in one of Norton's recent updates, but I haven't been able to find anything that can verify that, nor have a seen a definitive fix. Some users have solved the slowdown by upgrading, some by downgrading, and some by removing Norton altogether and using other AV software.

Strange.... I confoozed

Make sure you have applied the latest security patches and bug fixes from Microsoft. depending on the exact exploit, they may have published a fix for it.

If not, tell us what specific info SpyBot reports about the exploit and we'll see if we can find a manual fix.

You should also check the Hardware Compatibility List on Red Hat's support site. While your model of lappy will certainly run Linux, RH 8.0 is a bit old, and there might be some "gotchas" with your hardware and that particular version.

Red Hat also is no longer supporting that version, so a newer distro is probably the way to go.

[img]http://www.pumpkinridgecrafts.com/images/jam.jpg[/img] I seriously like jam

WTF??

The jams are revolting! ;)

also, another quick question, is hijacking illegal?

Currently no, at least not in the US.

However, there is legislation being developed at both state and federal levels which, if passed, would make some or all of the tactics used by spyware distributors illegal. Do a Google search on the following terms to find out more about what's going on and how you might be able to help:

spyware illegal

Hi motopsycho, welcome to TechTalk! :)

Could you post your log and the description of your problem in a new thread in our Security forum please? Due to recent (and extreme) rise in spyware/malware posts, we're currently trying to concentrate HJT log analysis in that forum.

Thanks,

-DMR

... I'll move it there...

Um... I think you forgot a small little something there Terri. :mrgreen:

(I moved it for you) :)

Yes, it's pretty much just a question of setting the sharing properties for any folder whose contents you wish to share. The exact procedure differs a bit between XP and 98, partially because XP has more security features than 98 does. With XP you have more control over the permissions a given user (or group) has in terms of their ability to read, write, delete, etc. file and folders. The permission and security settings are all in the "Sharing and Security..." setup window, which you access by right-clicking on any folder you want to share; you should find the options fairly intuitive.

In terms of sharing documents stored directly on the desktop, it's probably better to store the actual items in a folder of their own (which you would share, of course) and make shortcuts to those items on the desktop. It isn't really a great idea to share system folders such as the folder where your desktop items are stored.

Do you know what this is ,its suspisous because its running from a temp folder ???
O4 - HKLM\..\Run: [5Pd] C:\Documents and Settings\Penn Bullock\Local Settings\Temp\5Pd.exe

Whack it.

A) It isn't a legit Windows program AFAICT.
B) It is running from a temp folder, which in of of itself should raise an eyebrow or two.

Marking this as solved for now (and hopefull forever).

:)

You're fairly well infested from the looks of your HJT log. Download and run the removal tools in my sig file, let them fix everything they find, and repost a fresh HJT log after that.

What- you mean I have to start drinking twice as much coffee now??
Aw man....

Oh well- I'm in the middle of moving right now, so life is a bit crazed. Just don't listen to anything I have to say for about a week or so and everything will be alright. :mrgreen:

Glad we could help you get it sorted out tetsuo. Let us know if you have any further problems :)

Actually, you can try running both Ad Aware and SpyBot in safe mode- might help.

OK- some of your log entries definitely need fixing, but some of them might also relate to legit programs on your particular system. If you know that any of the files/folders referenced in your log relate to programs that you know you need, don't touch those entries. Otherwise, here's what I'd get rid of:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.pcfl.net/
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O4 - HKLM\..\Run: [jxdvsgvd] C:\WINDOWS\edpbldeo.exe
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [fqeiqxnx] C:\WINDOWS\begpdjif.exe
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [5qo] C:\documents and settings\mary\local settings\temp\5qo.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [toapnxlghgfty] C:\WINDOWS\System32\abqxyer.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [x73i38O] mstprop.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Mary\Application Data\DownloadPlus.exe
O8 - Extra context menu item: Boxtop - file://C:\Program Files\BoxTopsShoppingReminder\System\Temp\boxtopgmills_script0.htm
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) -

Oh!lets have a look with hijackthis.

AAAAAIIIIIIEEEE!!!! NOooooooo....!!!!!

:mrgreen:

What distro are you trying to install?

Yes, and the specific version of the distro as well.

A couple of questions:

1. Have you created a partition or at least free space on the hard drive where you want to install Linux?

2. Are you booting you system directly from the Linux installation CD, or are you trying to do the install while booted into another operating system?

Yeah, some of this stuff can be a real bear to remove.

Make sure you've done a Windows Update to get current with the patches, and then post a new HJT log and we'll take it from there.

BTW- have you made sure to get teh latest reference files for Ad Aware as well? If not, do so and rerun the program before posting a new log.

Have merged your two threads. Please stay with this one until your issue is resolved.

Hey Chris-

I axed the duplicate post as well.

Try installing the latest security patches and bug fixes from Microsoft; they might have published a fix for the DSO exploit in question.

For the BlazeFind and TSCash problems, check these out:

BlazeFind
TSCash

For the "possible hijacker", click on the "+" box to expand that entry; there's more info in there whiuch might tell us exactly what the suspect item is.

sorry about posting my log on that other thread...im new to this game...I appologize for the inconvienience.

Thanks for understanding :)

If IE is open, close it. Rerun HJT and have it fix the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://yellow-pages.ws/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
F0 - system.ini: Shell=Explorer.exe svchosd.exe
F2 - REG:system.ini: Shell=Explorer.exe svchosd.exe
O4 - HKLM\..\Run: [win32.exe] C:\WINDOWS\win32.exe
O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\sb.exe
O4 - HKLM\..\Run: [Aplune Service] svchosd.exe
O15 - Trusted Zone: *.flingstone.com

Also- you should download and run the other spyware tools listed in my sig below; they'll detect and remove a lot of the "nasties".

Oh man, that's a bit of a mess... :sad:

Please download and run Ad Aware, SpyBot, and CWShredder (links are in my sig below). Those programs will detect and remove most if not all of what you've been infected with. It's probably a good idea tio run a full virus scan of your system as well.

For all of the above, make sure you check online for the lastest updates to the programs- new spyware programs and viruses are dicovered almost daily, so you want to be up to date on the removal tools.

No problem. I saw that this was your first post here; figured you weren't aware of our posting policy.

Thanks again :)

You've got more than the worm going on there as well (all of that MyWay/MySearch stuff needs to go). Please download and run the following spyware removal tools, letting them fix anything they find:

Ad Aware

SpyBot Search & Destroy

tetsuo,

You need to start your own thread for your question. When multiple people start posting questions in a thread started by someone else, it can quickly become difficult to keep track of which answers relate to which question. That is why we ask our members to adhere to our policy of "one member's question per thread".

Thanks for understanding :)

You've definitely got some problems there. Download and run the following spyware removal tools to clean the nasties out of your system (you should also run a full virus scan as well):

Ad Aware

SpyBot Search & Destroy

CWShredder

The filesystem type won't have anything to do with your browser's ability to connect or display web pages.

The error could be caused by a few things; does this happen every time you connect? Once you get the error, can you then go to other sites and have them display correctly?

(if it happens again ill just pull and ol'yeller on this comp and take it out back if ya know what i mean ;))

Arf!Arf!... BANG!...

:mrgreen:

Strange- the link worked when I posted it. Let me see if I can find the info again and get back to you with it.

Hey K_T,

If you can, try the new monitor for a couple of days or so. If you don't experience the problem, it might very well be an issue with the moni itself. As I said, trying yuor problematic monitor on another system will pretty much tell you for sure.

Well I agree :),you allready told him to do that no need me repeating it !

Careful there cj- any more attentiveness to this site and we'll make you a moderator as well... :mrgreen:

I'm no electronics technician, mate, but it definitely sounds like a dying monitor to me. And I'd hazard a guess that it's because the monitor has been used at further than its recommended settings.

Hey CW-

Actually, I am a degreed ET, and I agree with you- that's why I suggested the monitor switch as the first point of action. From the description K_T posted, it does sound as though the electronics in the monitor are failing.

I'll post more info tomorrow, but at the moment dinner calls in my end of the world, so logging off I must...

:)

Definitely follow caperjack's advice concerning the the Spyware/hijackware removal utilities he mentioned.

In terms of restoring the IE icon on your desktop: open Window's Explorer (not Internet Explorer) and navigate to your Program Files->Internet Explorer folder. Right-click on the IEXPLORE.EXE file, go to "send to", and choose the "Desktop (as shortcut)" option. That will put a new IE icon on your desktop; click it and see if IE fires up from there.

I'm moving this to our Security forum; that's where we concentrate on HijackThis log analysis and other "malware"-related problems.

:)

You might want to check your system for "hijackware". These are malicious programs that can get installed on your system simply from visiting certain websites, especially if you visit gaming and filesharing sites. The programs can seriously alter your browser's functionality, especially if you use IE.

Read through some of the posts in our Security forum for instructions on how to download and use Ad Aware and SpyBot. Those two (free) removal utilities can scan your system for Spyware, hijackware and adware and fix it for you.

How much memory (physical RAM, not virtual memory) do you have? Unless you have only a very small amount of RAM, the problem is probably elsewhere.

Has this always been a problem, or did it just happen suddenly? If the later, were you changing anything on your system around the time the problem first appeared (think carefully...)?