Posts by DMR

Trust me you will want to type you want to clean and you love everything for a good 4 hours.

Man, ain't that the truth Jimmy! :mrgreen:

1. Obtain a legitimate copy of Windows XP

Um, yes. From our Posting Rules:

"Keep it legal
Keep it clean and do not post pornographic material or link to it. In addition, do not post anything warez relaetd or related to other illegal acts. This includes tech support troubleshooting pirated software or P2P programs (i.e. Gnutella, Kazaa) used to obtain pirated software."

The first thing you should do is try to narrow things down. If possible, try another monitor and ideally, also put your monitor on another computer. That will at least tell you if the problem lies with the monitor or not.

Yeah, true. I don't even know why I posted that answer- not enough coffee I guess...

'Bout time! :mrgreen:

Welcome aboard Chris!

:)

In Windows Explorer (not Internet Explorer):

In the top menu bar, go to Tools->Folder Options..., File Types. Select ZIP from the list of registered filetypes and then click Advanced.

Hi lynxmc, welcome to TechTalk! :)

As a new member, I would ask you to read our posting guidelines, especially the "Post in the correct place" section. For reasons of clarity, we ask that members not post their question in a thread started by another member. When multiple questions from multiple members are being asked and answered within a single thread, it can quickly become difficult to discern exactly which answers relate ot which question.

With that in mind, I'll ask that you post your question in its own thread; once you've done I'll delete this one.

Thanks for understanding,

-Dave

The bridge.dll problem is definitely spyware related.

I'm moving this to the Security forum, as that is where we deal with spyware, virus, etc. issues.

Read through many of the previous posts in Security to find the solution to the bridge.dll error and many other spyware-related problems.

:)

Moving to Security...

Is that causing you problems? If so, please give us a detailed description of those problems.

I've seen different solutions posted for problem of those files being missing; read the links in the following Google search for some of those solutions:

http://www.google.com/search?q=iecont.dll&hl=en&lr=&ie=UTF-8&start=10&sa=N

The Linux Documentation Project is great place to start. They have online guides, HOW-TOs, and other reference material for all things Linux, including networking topics such as firewalling.

:)

Tabascoman4 please do the following ,and after you do start you own thread...

Tabascoman4,

caperjack is right- you need to post your question in its own thread. Please read my comments (and crunchie's) earlier in this thread concerning our reason for requesting that members do so.

Thanks :)

Borrow another keyboard from someone and see if the problem still occurs; that will at least narrow things down a bit.

1. What operating system?

2. Is the OS install fresh, or are you using a drive that already had Windows on it?

3. Do the problems occur when you boot into safe mode?

Skip House Call and do the rest of what crunchie suggested.

No, you didn't do anything wrong- why do you ask?

You do have a lot of problems there; follow these instructions posted one of our HJT/spyware specialists (crunchie):

Download & instal Adaware from here
& update it B4 scanning.
In settings under 'scanning,' have it set to
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
In 'tweaks' under 'scanning engine' set it to 'unload recognised processes during scanning.'
Also in 'tweaks' under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.'
Select 'activate in-depth scan' before starting scan.
When the scan is finished select 'next.'
Remove what it finds by placing a check in the box to the left of the object. Reboot

Download & instal Spybot S&D from here Update it B4 scanning. Go into settings & have it check for Beta releases also & download if available.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot

…

You've got quite a few nasties in that log. First, have HJT fix the items in red below. The other items are suspect, but I can't positively say they should be deleted:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL
O4 - HKLM\..\Run: [dHSNaq] c:\documents and settings\georgia bohlmann\local settings\temp\dHSNaq.exe
O4 - HKLM\..\Run: [5ZLTPEP2Z#AKLA] C:\WINDOWS\System32\FebU6s.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [CDLoader] C:\Program Files\ExploreAnywhere\hypertime2\sb32mon.exe
O4 - HKCU\..\Run: [WNST] C:\WINDOWS\System32\wnsapicc.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\georgia bohlmann\HXIUL.EXE
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O9 - Extra button: RealGuide (HKLM)
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.pbcprc.com/CFIDE/classes/CFJava.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.exe
(Pixami Image Editor Control) - http://www.imagestation.com/common/classes/BPImageEditor.cab?ver=1,1,0,30
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21b0ab1be176afefb701/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

1. Download and run Ad Aware and SpyBot; let them fix whatever nasties they find.

2. Do the same with CWShredder. You can get CWShredder from the guy who makes HJT.

If they don't fix the problem, run HJT again and post a fresh log.

I am worried about wuauclt.exe, DWR said its probably an indication of a trojan infection. I got the latest virus definition for Norton anti virus and ran a full system scan. No infected files were found except for Ad-ware files that will not delete. I followed the removal instructions in the link given be DMR but I could not find any of the files they said to delete. What do I do now?

The file is legit then; leave it. It seems that it is used in other Windows versions besides ME, and from more careful reading on the virus issue I found that the virus will create wuauclt.exe, but in folders other than C:\WINDOWS\System32\.

:)

Since you said Mozilla was slow too, reinstalling IE probably won't help, but it won't hurt either.

After you run SpyBot, reboot and then run Ad Aware; one of those programs will often catch something that the other didn't detect. Tell us what happens after that.

Well why didn't you tell us about the error in the first place?!?!? :mrgreen:

Right-click on My Computer, choose Proprties, and go to Device Manager. Are there any devices with a red X or yellow exclamation sign next to them? Expand the "Sound, video, and game controllers" section; what devices do you have listed there?

As I asked before- have you checked all of the possible programs/places where volume settings might be adjusted or affected? When you've got multiple sounds apps installed, they can sometimes interact with each other in strange ways. Settings can also get whacked when you upgrade drivers or the programs themselves; is there any documentation for the drivers on Creative's support site which might give some clues?

I'm moving this to the Networking forum; you'll get some network-savy eyeballs on your question faster there.

As far as mapping goes, there are a few products mentioned here (although I don't know if any of them can pull the AD data in the way that you describe):

http://www.pcquest.com/content/networking/2004/104040704.asp

Wow, that's about the shortest HJT log I've ever seen. Buuuutttt... there's still a piece of spyware stuck in beteen your teeth. :mrgreen:

"DownLoadPlus" needs to go- it's a porn pop-up program. Have HJT fix FIx this entry:
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Lapeyre\Application Data\DownloadPlus.exe

and then follow the manual removal instructions in the link below to make sure you've removed it completely:
http://www.spyany.com/program/article_spy_rm_DownloadPlus.html

I'm assuming the bridge.dll message is gone now, yes?h

Perhaps you could put a sticky up in this forum regarding the bridge.dll problem. It seems to be quite common.

Yeah, I really do want to get to that, and more- I'd like to gather together a lot of the most commonly posted information/instuctions/fixes into one fairly comprehensive FAQ-ish type sticky thread. Unfortunately, my job entails a lot of "after-hours" online research, I moderate another support forum in addition to this one, and for some strange reason my fiancee actually wants me to spend at least a bit of my free time away from the computer. :mrgreen:

As for the HJT logs, it's true- they are for the most part quite machine specific, although some things such as fixing the bridge.dll entry do apply across the board. Apologies though- I spend so much time trying to familiarize my self with all the HJT log entry possibilities that I often forget that to most people the stuff is pretty cryptic and certainly not obvious.

Please look in all of the other bridge.dll threads in this forum- the answer has been posted in them many times before.

Please have a read through the previous threads here- the bridge.dll question has been answered many times here in the recent past.

You've got more going on than that, though. Some of these are just suspicious or unnecessary, but some just outright have to go:

C:\Documents and Settings\Lapeyre\Application Data\ooau.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_42.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/ins...ll/pinstall.cab
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

(OK, I give in- Checking the box next to the last one and letting HJT fix it will rid you of the bridge.dll error)

!! Before you have HJT fix anything else though, look in the other threads for previously-posted instructions on installing and using Ad Aware, SpyBot, and CWShredder. Run those programs and let them fix everything they find. After that run HJT again, post the fresh log, and we'll see if you're clean.

:)

You could still have any number of spyware/adware/hijackware programs (or at least pieces of them) still in your system.

I'm moving this to the Security forum- read through the posts there to learn how use not only Ad Aware, but SpyBot, CWShredder, HijackThis, and a few of the other free and effective detection and removal tools that are available for download.

Run Ad Aware, SpyBot, and CWShredder one right after the other and allow them to fix everything they find. Also- it's a good idea to reboot after running each program. See if they clear things up.

If not, run HijackThis according to the instructions crunchie has posted in numerous threads but just do a scan and post the results. DOn't have it fix anything yet!!

Oh, they do- trust me. :)

I'm suspicious of the entries that have "blcorp" in them, as well as the viewpoint/viewbar.dll stuff, but I can't find enough info on them to feel comfortable telling you to go any further at this point.

Better hang in there until crunchie or one of our other security experts can take a look at your log.

:)

Yeah, I'd give your system a look-over for "unwanted guests" before you do anything else.

Do the following so that we see if this really an issue of being infected:

Download HijackThis from here & unzip it into it's own permanent folder (not into a temporary/temp directory, and not directly into your C:\ directory or your desktop ). Creating a folder such as C:\hijackthis or C:\downloads\hijack this will be fine.

Start HJT & with all browser windows closed, press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file, copy the entire contents of the text file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is harmless & even necessary to the running of your system.

To do Linux Properly (in my humble opinion)

/
swap
/usr
/home
/var
/temp
/internet

and I build them on 10 GB disks...

lol.
Christian- that's almost exactly how I prefer to do my builds. Using a multi-partition scheme definitely has it's benefits (but it isn't something I usually recommend to someone who's new to Linux and/or its filesystem structure).

:)

Quarantine just puts them aside for analysis later, dont bother, just tick the lot and click next. When you are asked if you want to remove them, click OK.

Agreed, I've never personally had Ad Aware detect a "false positive", and I've never had it delete something it shouldn't.

lola,

In the case of your particular log, I don't see anthing questionable- looks like it all needs to go.

What program did you use to remove the "nastyware"?

Can you boot in safe mode? If so, try this:

Have a look in threads in our security forum for instructions on how to download and run HijackThis, Ad Aware, SpyBot, and CWShredder.
Download those programs on a working computer and burn them to CD. Start your duff machine in safe mode, and run the utilities from there to see if that clears things up.

Since you mention that you've already been infected, I'll move this to the Security forum...

Does this happen regardless of what format of audio file you're trying to play?

I know it's obvious, but have you checked all of the places where volume/mixer settings could be adjusted? Sometimes it's just a question of your sound input/output settings getting a glitch and muting itself.

Sounds like you may have Sasser Virus

I'll second that possiblility. Get the most current updates for your anti-virus program, restart in Safe mode, and do a full system scan.

You could be infected by hijackware/spyware/etc., especially if you use Internet Exploder as your Web browser. If this only happens when you search, but not in normal browsing, this could very well be the case.

Do you get the error if you just type a URL into your location bar, click on a Favorites link, etc.?

Glad you got it sorted :)

- Marking as solved

Yeah, 5G should do for any version of Linux if your just starting to experiment. Another option is to put another small, cheap drive in your system and install Linux on that. Linux isn't fussy about what drive, partition, or even kind of partition (Primary/Logical) it's installed on. As I said though, because Linux doesn't (reliably) support writing to NTFS-formatted partitions, you should create a small FAT32 partition where you can store data that you want to share between both operating systems; it does come in handy.

Also, unless you choose to do some custom partitioning when you install Linux, it will by default create two or three partitions:

A / (root) partition - equivalent to "C:\" in Windows. This will be your main (and largest) partition.

A Swap partition - equivalent to Windows' virtual memory swap file. This needent be larger than 2x your amount of physical RAM.

Possibly a /boot partition - this is where the kernel and some other critical startup files will live. If a separate /boot partition isn't created, /boot will be a subdirectory of /.

Whichever way you go, install Windows first; Linux should detect the Win partition during its installation process and in most cases will automatically configure its bootloader (Grub or Lilo) to give you a choice of which OS you want to load when you boot your system.

Thanks buddy that sorted out the problem for me

More than glad to help- I can't even begin to tell you how much this spyware $#%$ royally #%$^%es me off!

Don't know why i didn't realise that myself

Don't sweat it; I don't think any of us expected to have to learn the deep dark secrets of Windows' inner workings to this extent just to be able to use our computers in peace...

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/HeadBash.gif[/img]

With a bit of luck, you just might be able to get a bit more out of it

Yeah, but with the symptom descibed that's probably all you'll be getting with that tweak- she's a'goin' down, captain. :mrgreen:

It will get progressively worse without a proper repair, but if the monitor has already gotten to that state, it's probably old enough that is isn't worth the $$ to have it serviced. :sad:

80 GB but only can use 32 GB, Window XP..

That would be true if you tried to format the drive as FAT32 instead of NTFS. XP and Win 2K can handle FAT32 volumes >32G, but they won't let you create a FAT32 volume >32G. Another possibility is that some drives have what is called a "32G clip" for compatibility with older systems which have a 32G drive-size limitation. The "clip" is enabled or disabled by a physical jumper setting on the drive itself.

At the very least, you have the MyWebSearch hijacker. Removal instructions are here:
http://www.free-web-browsers.com/support/remove-mysearch.shtml

Make sure that the entire C:\Program Files\MyWebSearch\bar folder is deleted. If not, do it manually.

After finishing the scan I was told that I am in medium risk of getting Worm Netsky.y. Can I get some feedback from you about this?

More information on the virus can be here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.y@mm.html

Pay attention to the "best practices" recommendation in the above link; those are general guidelines which, if followed, will minimize the likelyhood of getting infected. Using Windows' and and your anti-virus software's auto update functions to make sure that you have the latest bug fixes, security patches, and virus definitions is key here.

1. Have HJT fix this entry:

   R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
   

2. The "smartbotpro" and "default-homepage-network" entries are indicative of a CoolWebSearch infection. Follow the instructions here carefully and post a new HJT log.

Moved to the Security forum...

I have read about updating bios and info from the device viewer, but I am unable to see what I am doing.

I could be wrong, but I didn't take that to explicitly mean that he couldn't even see the BIOS info on the screen.

It's a common problem, try the steps in the link below:

http://www.spywareinfo.com/forums/index.php?showtopic=43492&st=0

If that doesn't do the trick, some of the following Google links offer more options:

http://www.google.com/search?hl=en&ie=UTF-8&q=th.msie.cc+spyware&btnG=Google+Search

Also use our own Search funtion using the phrase th.msie.cc; we've had our own fair share of posts concerning this problem in the past.

:)

From the horse's mouth

"A personal desktop installation, including a graphical desktop environment, requires at least 1.7GB of free space. Choosing both the GNOME and KDE desktop environments requires at least 1.8GB of free disk space.

A workstation installation, including a graphical desktop environment and software development tools, requires at least 2.1GB of free space. Choosing both the GNOME and KDE desktop environments requires at least 2.2GB of free disk space.

A server installation requires 850MB for a minimal installation without X (the graphical environment), at least 1.5GB of free space if all package groups other than X are installed, and at least 5.0GB to install all packages including the GNOME and KDE desktop environments.

A Custom installation requires 475MB for a minimal installation and at least 5.0GB of free space if every package is selected."

Of course, I think a full installation includes something like 4 Web Browsers, 2 or 3 office/productivity suites, 6 GUI options, 2 Web server apps, 6 text editors, an entire suite of scienticfic tools, an entire suite of programming tools, etc., etc., so you won't really need that much space for a typical install. Do make sure to leave enough breathing room to store your data and programs added post-install though, of course.

By the way- RH 9 is the last "free" version of the official "Red hat Linux"; that line has been spun off into the Fedora Project.

cisgms,

We ask that members not tag their questions on to a thread already started by another member. When multiple questions start getting asked within a single thread it can quickly get confusing to follow which answers relate to which question. This is known as "thread hijacking", and it isn't really fair to the original thread-starter, as it take the focus away from his/her question.

Please start your own thread and post your question there.

Thanks.

Can you get a screen if you start up in safe mode? If so you could be looking at a corrupted driver, as safe mode loads the generic/stock vga.sys driver instead of your card's driver.

Speaking of what you can't display, is it just GUI mode that isn't working, or do the monitors not display anything at all?

Under the File menu in IE, go to Import and Export. This will start the Import/Export Wizard; things should be pretty straightforward from there.

That behaviour could be caused by a few things, including software corruption, faulty hardware, and yes- viruses or spyware.

- Can you start up correctly in safe mode?

- Can any of the other 3 computers you've received calls about start in safe mode?

If so, start looking from there. Also, if you can at least boot into safe mode you should immediately check for viruses and spyware. Read through the threads in our Security forum to learn where to get and how to use Ad Aware, SpyBot, CWShredder, Hijackthis, and some of the other useful (and free) spyware detection and removal tools.

If you can't even boot in safe mode, try booting into the Recovery Console from you install CD and see if you rescue things from there.