Posts by DMR

Congratulations, you've got spyware! :mad:

That file is part of the WinTools spyware package. Links in the following Google search for " WTOOLSA.EXE" will give you more information and removal instructions:

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=WTOOLSA.EXE+wintools&btnG=Search

I'm moving this to our Security forum. Read through the post there to learn even more about spyware/adware/hijack problems and how to rid yourself of them.

Could be a few things:

- Do you get a display if you remove the newly-installed drive?

- Did you make sure that you didn't jostle/loosen any component or cables while you were installing the drive? Recheck you cable connections, make sure all of your cards/RAM sticks are firmly seated, etc.

- You say that both the drive and the monitor are new; have you tried the monitor on another system to ensure that the monitor is functioning?

- Do you get any error beeps when the system boots? If so, how many?

how do i post a message on here, i need help desperatly!?
amanda

Hi Mandy,

I've sent you a personal message which hopefully answers your question. To read it, go to the Quick Links menu option at the top the page and click Private Messages under the Miscellaneous section.

:)

" O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load"

Having HJT fix the above entry should get rid of the error message, but if you haven't done the following yet, you should do so and then post a fresh HJT log:

1. Download and run Ad Aware and SpyBot; let them fix whatever nasties they find.

2. Do the same with CWShredder.

3. Run a full virus scan on your system, making sure that your anti-virus program is using the latest virus definitions.

By the way- the general concensus is that the free version of the GetRight software you have does contain spyware, or at least did at some point.

Knowing your operating system version, version of IE, and method of connecting to the Net could help us.

Does this only happen in circumstances where you're trying to submit data (username and password, for example), or does it happen frequently just in general browsing? For that matter, does it only happen with Yahoo or perhaps a small number of specific sites?

Hi, Judie, you need to direct your question to a new thread.

True- We ask that members abide by our "one member's question per thread" rule. New members should read the "Forum rules when posting" announcement at the top of each forum's main page for more info on our posting guidelines.

Judie,

Please post your question in its own separate thread, and when you do, try to be as specific as possible and include as much information as you can. From what you have described, it does sound like A) you don't have the proper plug-in to process the contents of the "X"ed links, or B) the content linked to simply isn't available for some reason at the time you're trying to view it. The later would be a problem on the website's side; not much you can do about that.

* Marking this thread as solved, as the original poster's problem appears to be fixed now.

CRIS_650510,

We ask that members not tag their questions on to a thread already started by another member. When multiple questions start getting asked within a single thread it can quickly get confusing to follow which answers relate to which question. This is known as "thread hijacking", and it isn't really fair to the original thread-starter, as it take the focus away from his/her question.

You need to start your own thread for your question here in the security forum.

Thanks for understanding... :)

- Dave

By the way: when you do post your new thread, please give us as much information as possible concerning the nature of the problem or problems and what fixes you've tried so far. That will help us get you a solution more quickly.

A few of our members have had similar problems in the past. Look through the threads in the link below for possible solutions:

http://www.daniweb.com/techtalkforums/search.php?searchid=67005

Also, your problem could be caused by a spyware/Hijackware program or other similar malicious software. Read through the threads in our Security forum for suggestions on how to check your system for these infections and remove them if they exist.

Tell me exactly what didn't work and I'll see if I can fix it.

Currently RH 7.3, RH 9.0, and Mandy 8.0.

(But who knows- that could change tomorrow... :mrgreen: )

BTW: If you install Linux on a system which already runs some version of Windows, it's a good idea to make a separate FAT32-formatted partition for data storage. Since both Linux and Windows can read and write to FAT32, you'll have full access to the data stored on that partition from both OSes. :)

Hey, sometimes the "shotgun" approach to troubleshooting is the way to go... :mrgreen:

Glad you got it sorted!

* Marking this as solved.

Welcome to TechTalk!

I'm moving this to our new Security forum, as that's where we're dealing with all of these spyware/virus/etc. problems now.

Have a read through the other posts in Security; solutions to the dreaded "bridge.dll" error and many other problems caused by malicious programs have been posted there quite often recently.

:)

just checked on JL: wow you actually know my "joining year" better than me - you're scary! :eek: I'm starting to wonder if I'm really the stalker here...

I've got your IP too. We mods have ways of knowing these things... [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/possessed.gif[/img]

Yeah, it's good to see you here as well. I was just joking with ya'- I figured you'd take it in good humor.

BTW- it's that alc6379 guy's fault that I'm here too... :mrgreen:

I see a few things:

- wuauclt.exe: on Windows ME this can be a valid system file, but on other version of Windows it's prbably indicative of a trojan infection. Get the latest virus definitions for your anti-virus program and do a full system scan. More info on the trojan here:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.clt.html

- wcmdmgrl.exe: this is a component of the Wild Tangent spyware. More info and removal instructions here:
http://www.pestpatrol.com/PestInfo/w/wildtangent.asp

- O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load: this is responsible for your bridge.dll error message; have HJT fix that entry.

That's probably not all, but I don't have time to look in to it further right now. Hopefully someone else will come along soon and give you a hand.

Did you also run SpyBot as crunchie suggested? If not, do so and then post a fresh HJT log; SpyBot might catch something that Ad Aware missed.

One of my clients' drives recently went south in that sort of way. No Windows-based solutions would let me access the drive in any way, even in two of my Windows machines.

The only way I was able to salvage her data and save the drive was by putting it one of my Linux boxen. From there I was finally able to mount the partition and copy her data to one of my drives. I also had to use Linux's version of fdisk to write a new, blank DOS partition table to the drive before Windows would let me reinstall.

One wrinkle after that was that because the drive was formatted as NTFS I could not simply copy her data from my Linux drive back to her drive due to Linux's lack of full write support for NTFS. The solution was simple though; I just put the drive back in her machine, slapped the machine on my network, and mounted her drive as an smb mount on my Linux box. Voila-instant network file copy!

The actulice pop-up is a bit tricky. The beastie responsible for it seems to come in a few different flavors, with different users reporting different filenames for the culprit and, correspondingly, different fixes.

Have a close read through thread I've linked to below; the different solutions posted there seem to have worked for many people:

http://www.computing.net/security/wwwboard/forum/11720.html

Rakesh,

We ask that members start their own thread when they have a question, as opposed to tagging their question onto a thread started by another member. This helps reduce confusion and keeps the troubleshoots more focussed.

I have split your question into its own separte thread; please follow your troubleshoot in the new thread located here:

http://www.daniweb.com/techtalkforums/thread6276.html

Thanks for understanding. :)

leinad_1414,

We ask that members not tag their question onto an existing thread, but start one of their own instead.

Threads get very cluttered when multiple posters are asking and answering different questions within the same thread.

Unfortunately, this thread is a pretty good example of that. :(

It's perfect when downloading or using downloading programs such as Kazaa.

Umm... Kazaa, huh? Methinks you've answered your own question right there. :mrgreen:

Kazaa and other filesharing programs are chock full of all sorts of spyware nasties, many of which attack and modify IE. As Dani suggested, try Mozilla, firefox, or Opera as an alternative to IE; those browsers aren't prone to much of the "malware" that infects IE.

If you can't pinpoint the slowdown, I'd suggest running SpyBot, Ad Aware, and HijackThis to check your system for malware. These programs are free to download, and they work well:

SpyBot: http://www.safer-networking.org/
Ad Aware: http://www.lavasoftusa.com/
HijackThis and CWShredder: http://www.spywareinfo.com/~merijn/downloads.html

Read through the theads in our Security forum for more information on spyware issues and their solutions.

I think you're good now. There are a couple of things in the log that I don't recognise, but they seem to be related to gaming so they're probably OK. The Winsock/ua_lsp.dll entries are definitely related to Ulimate Arena (XFire).

naturalbornham,

Please read the two posts directly above yours concerning the "piggybacking" of questions onto someone else's thread. As mentioned, it just gets too confusing to have multiple questions being asked and answered in a single thread. You need to post your question in its own thread, and when you do, post it in the new Security forum that we've created specifically for these spyware/hijackware/etc problems.

Thanks for understanding... :)

Dementia,

I've split your question into its own thread, which is located here:

http://www.daniweb.com/techtalkforums/showthread.php?t=6266

We do ask that members not "tag" their questions on to a thread started by a member, but instead start their own thread- it makes things less confusing that way.

Thanks for understanding :)

Dani,

I'm sure your brain isn't feeble by any stretch of the imagination, but yeah- Ludootje has been a JL member since 2001 or so and also hangs out at a couple of other Linux-oriented sites IIRC.

:)

I believe the general concensus here is that "Bridge" is related in some way or other to spyware...

Yeah, it definitely is. It's at least related to the Golden Palace/Gold Casino" malware packages, might be a component of other malicious programs as well.

Moving to the Security forum- you'll find the fix for the bridge.dll problem in many of the threads there.

Ludootje??

Just can't get away from you, can I? :mrgreen:

I am a goose: entered this thread in MAC forum by accident: every body will think (and know) I am a goose.

I deleted that other thread for you, Mr. Goose.

(Honk!Honk! :mrgreen: )

When crunchie said: "not directly on your hard drive", he meant not in the root (C:) directory. Create a C:\HijackThis folder or something like that and save HJT there.

The FAT/FAT32 filesystems automatically create a backup File Allocation Table in case the primary FAT gets corrupted. Of course, as you're seeing, the implementaion isn't entirely perfect.

If a reformat didn't clear things up:

1. Get a bootable floppy with fdisk on it.
2. Boot from that and use fdisk to delete the existing partition entirely.
3. Reboot to write the changes to the partition table(s).
4. Use fdisk again to create a new partition.
5. Reboot again, reinstall the OS, and see if the problem is gone.

I've seen a few reports of that exact error by others who had just installed SP4, but no definitive fixes unfortunately. Uninstalling SP4 was the only solution that anyone found. :(

I repost if I can find any more info.

You need to give us more information:

- What are the exact errors?

- What version of IE?

- What version of Windows?

- Do print errors only occur in IE?

Check your logs in Event Viewer (under Administrative Tools) for possible clues.

Any chance of trying a different NIC just to make sure your current one isn't faulty?

What about using the "Add new hardware" wizard? Maybe you can force the driver on that way...

Glad we could help. :)

Just remember to keep your anti-virus and anti-spyware programs up to date, and scan your system on a regular basis.

Oh- and don't forget to brush after every meal, too. :mrgreen:

it gives me error 28 or something like that.

Giving us the exact text of the error would be a Good Thing.

- Is it possible that the NIC is faulty?

- You might have a resource (IRQ and/or I/O address) conflict. Try moving the NIC to another PCI slot, especially if the card is plugged into the PCI slot closest to the AGP (video) slot.

Yes, makes sense- apologies for my "brain-fade".

:)

Jim,

We ask that members not "tag" their questions onto a thread started by another member- please post your question in its own separate thread. It just gets too confusing when multiple questions are being asked and answered in a single thread.

For more info on our general posting guidelines, please read the following:

http://www.daniweb.com/techtalkforums/announcement.php?f=64&announcementid=1

Thanks,

-DMR

Please run Ad Aware, SpyBot, CWShredder, and a full anti-virus scan if you haven't already. Let the utilities I just mentioned fix whatever they find and post a fresh HJT log after that. Instructions for downloading, installing, and running the utilities can be found in many of the past threads here.

Have you not read through some of the other threads in this forum? The bridge.dll problem has been asked and answered many times here before.

Please have a look through the threads, use the suggestions offered in them, and then post back if they don't work.

dofml,

This being your first post I'm sure that you aren't aware of our posting guidelines, but we do ask that members not tag their questions on to a thread previously started by another member. Answering multiple members' problems in a single thread can quickly get quite confusing.

Please post this question in its own thread, and have a read through the "Forum rules when posting" announcement at the top of each forum's main page for more info on our general guidelines for using this forum.

Thanks,

-DMR

You gave us a link to the product description, not the drivers themselves; I thought you might have missed that. Also, this was a bit unclear:

"I found everything I think I need for the board and the nic. I don't know what to do."

If you say that you've got the drivers, telling us exactly what doesn't work when you tried to install them would really help. Did you get any error messages or the like which might help us narrow things down?

it was 29 but since I got rid of it, I got rid of 26.

Huh? 29/26 whats?

Sorry- it's been a busy day here; apologize if I missed something...

:?:

cookies can always be deleted, and it's a good idea to do so.
I'd get rid of that "golden era" beast too if you don't know what it is- it just looks suspicious.

Sorry- I'm late for an appointment so I hve to log off now. I'll be back later if no one else picks up on this in the mean time..

OK, gotta run now now but:

Did you do a full virus scan, and do have any idea what the "HE GOLDEN ERAT.EXE" program is? I couldn't find anything on it..

" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.165.195.2:8000"

What the heck is that still doing there? Did it come back, or did HJT not fix it?

@DMR: No.. that is really weird, I'm at UC Davis, using UCD T-1 connecting at the dorms.

Davis, eh? I'm down in San Rafael- drop in for a beer some time... :)

Have HJT fix that entry then- it can't be right.
<update>
I just called the computer person at that school and they said they're having blacklisting issues with that address- hmm... wonder why?
</update>

@caperjack: Would it be bad if I leave them unfixed? Are they doing something to my computer if I leave them be? Cause I'm afraid of messing things up again if I remove them, thanks!

If that URL doesn't look familiar to your, it shouldn't be there- fix them.

Thinking about getting a Mac instead!!

Bah! - just install Linux on your PC. :mrgreen:

Actually, just switching to a browser other than IE will protect you from a lot of this stuff if you need to stick with Windows.

It seems as if the problems go away, and come back when I turn my back

Ah...fnargle! Sorry- I forgot to mention that you might want to turn off XP's System Restore function before doing some of this stuff. If your system was infected when XP took its last restore "snapshot", XP itself could unwittingly be bringing some of the fixed problems back to life. An explanation of the process can be found here:

http://www.pchell.com/virus/systemrestore.shtml

This:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.165.195.2:8000

Would indicate that you're using one of the United Community School District's proxy servers in Boone, Iowa. Is that the case?