Posts by DMR

You said that you swapped RAM already; have you also tried removing non-critical components (CD-ROM, network card, etc.)? If that doesn't yield any positive results I'd suspect a motherboard problem or a weak power supply.

Try a BIOS reset. There should be a reset jumper somewhere on the mobo; check the mobo's documentation for specifics. You can also force a reset by unplugging the computer and removing the CMOS battery on the mobo. Leave the battery out for 15 minutes or more before replacing it; it can take a while for the residual charge to dissipate.

Hi Artemi,

I'm not as much of an expert on spyware as some of our other members, but these are the problems I see right off the bat:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.znext.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eem.hotbox.ru/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.znext.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.znext.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.znext.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.znext.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchwww.com/search.cgi?s=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Сылки
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://shell.windows.com/fileassoc/fileassoc.asp?LangID=0419&Ext=pf
R3 - URLSearchHook: (no name) - _{341FB59F-3507-443b-8147-423B4E3B2B15} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.eem.hotbox.ru"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll (file missing)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\Program Files\Common Files\OE\toolbar.dll
O2 - BHO: (no name) - {D48F2E28-68E2-4920-9848-D6E6C7AB3EB7} - C:\Program Files\Common …

gamekiller,

Please don't "piggyback" your question onto a thread started by someone else, regardless of how similar your problem might seem to that of the original poster.

Also- notice that your stop error code is actually different than the one originally posted. Go to www.google.com and put the following (include the quotes" in the search text box to find more info on your particular error:

Windows "STOP 0x0000004E"

You're welcome :)

...and can't see to disable it in device manager

You don't usually get that option for onboard devices through Device Manager- check your BIOS to see if it can be disabled from there.

That domain is associated with the CoolWebSearch malware (and perhaps others).

Please check out the information in the links given in caperjacks' sig: Read the documentation on the recommended removal tools, download them, install them, and run them. Also read through previous posts in our Security forum for more background and helpful information on these types of intrusive programs and ways to remove them.

If you have any questions or problems when/after trying the removal tools, let us know and we'll take it from there.

Since this is a spyware/malware issue, fasten your seatbelts- we're moving this thread to the Security forum in T minus 3 seconds...

:D

There could be a number of reasons for that particular stop error. Look through the links from the following Google search, epecially the first link (from microsoft):

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=windows+%22STOP%3A+0X0000000A%22&btnG=Google+Search

The "&gt" tag is the HTML code for the ">" symbol. In email replies or forwards, it is common for each line of the original text to be prefixed with > to differentiate it from any text you add to the message before you reply/forward. Further replies/forwards will append further ">" symbols in a nested fashion.

Just a guess (I don't use Hotmail), but one reason you might be experiencing this now (when you weren't before) is that you switched your preferences from composing emails in HTML format to composing them in text format.

Any idea what the actual problem turned out to be?

If you found out, please let us know- that info could help others here who might be experiencing the same problem. :)

Hello,

To follow up with DMR, yes it is possible. You should be even able to mirror the two drives together if you tried.

Service packs are also very important. Back in the days of NT 4, there were drives that were larger than what NT 4 could work with, and unless you had SP2 (I think) installed, your larger hard drive would be reported as a much smaller volume and cause other headaches.

SP2 rings a bell, yes. IIRC there was also an issue with Ultra 2 drives as a whole which was addressed in SP2 as well.

Can the 2 even work together on the same computer !
Everything i read talks about one or the other.

Yes, you can use the two together. In a PC you usually do this by adding a PCI SCSI adapter card.

rahimc,

1. Make sure your system has the most current service pack installed.

2. What's the make/model of SCSI card?

Thread closed, as requested.

:)

Wouldn't be the first time. :cheesy:

Nor mine, my friend- trust me... :mrgreen:

lol. Note to self: "Do not post until at least one full pot of coffee is circulating in body."

:mrgreen:

Ceilidh,

Can't figure out why it doesn't recognize the whole 200 unless it was the fact that I had to FDISK the big drive to even get it to boot.

That's probably where you got stuck with the 137G. What version of fdisk did you use? Most versions floating around out there have problems with disks over 64G. This article sheds a little light.

Smileys? What smileys, Christian? :cheesy:

(I fixed it for you)

It's the combination of the ":" and ")" characters; they get parsed into the :) smiley. Try ":" and "D"; they'll turn into :D

On the reply page there's an option check-box below the text entry box where you can disable smileys on a per-post basis.

Sorry DMR, but I have to contradict you here. The CLSID comes before the random letters of the dll.
HKEY_CLASSES_ROOT\CLSID\{Xxxxxxxxxxxxx}< the xxx's will appear as fjsyrv.dll or along those random lines.

No, I understand that the dll itself will have a random name, but I was referring to this part of the article:

HKEY_CLASSES_ROOT\CLSID\{Xxxxxxxxxxxxx}
.
.
Where "xxxxxxxxx" represents the folder
containning the
random dll file.

I thought that part was referring to the long string name of the CLSID entries; perhaps I was mistaken.

:)

Well- Linux is all about choice, right?

I like to keep a 40G drive in one of my systems just for distro testing. I whack it into a few 10G partitions to hold a few different distros or versions so that I can try them out simultaneously. When I get tired of one distro, I just wipe its partition and install another. Aside from a possible tweek to my bootloader's config file, it's: "Which OS do you want to use today, Mr. Gates?".

If you're not sure which distro you want to try, I'd suggest installing Slack and Red Hat and explore them both. You'd basically experience both ends of the spectrum that way, as Red Hat is very "Windows-like" and Slack is more "build-it-yourself-from-scratch". Slack is also structured slightly differently than Red Hat in that it uses a BSD-style init, whereas Red Hat is System V-based. Since Mandrake and SuSE are also Sys V-based, and their underlying file structure is very similar to Red Hat's, you'll have no problem finding your way around those distros if you're comfortable with Red Hat.

... where it says xxxxxx is that just like naming a file or does that just show there is going to be random letters/numbers?

The later; registry CLSID entries consist of strings of hexidecimal numbers such as:

{15E079B0-DF30-883F-60F1-615988E969AD}

Actually, posting the full cybersitter log first would be more helpful than an HJT log. The CS log should have more detailed info which could tell us exactly what's going on.

I get and error and I have read thru other post. I have the hijack log and I am gonna post it here. Hope this is what you meant by not piggy backing.

Yes, that's exactly what I meant- thanks for understanding. :)

I've got to log off, but hang tight- I'm sure one of our HJT experts will come along soon to help you out.

Sorry, erased this and trying to figure out how to start a nw thread for my question.

Thank you, Majestic- much appreciated.

:)

Yes, There are many possible causes for a stop:0x0000007e error- please give us more information to go on:

- When did this start happening?
- Did you upgrade or install any software just prior to the occurence?
- Did you make any hardware adds/changes?
- In the box which displays the stop error and dump, are there any other details there? If so, please post them.

Also- the sequence of numbers displayed within parentheses of the stop error will vary according to your particular configuration. Look through some of the links in the following Google search (especially the one's from Microsoft's support site) to see if you can find anything that might help:

http://www.google.com/search?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&q=%22stop%3A0x0000007e%280xc0000005%22&btnG=Search

There are different reasons why you might get that error. Have a look through some of the discussions concerning the error in the link below:

http://www.google.com/search?q=%22Outlook+Express+could+not+be+started+because+MSOE.DLL+could+not%22&btnG=Search&hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8

Netscape uses a single cookie file, which can be found in the following folder:
C:\Documents and Settings\Username\Application Data\Mozilla\Profiles\default\some_random_bunch_of_characters.slt

The file is plain text.

(Your history file is in there too)

SL4C|<\/\/4R3 RU|3Z!!!!!

J/K- All I meant was that they are as many recommendations out there as there are distros, and some people have an almost religious affinity for their particular choice. :)

The sequence of the beeps is important; each particular beep sequence is a BIOS POST error code which points to a specific problem (bad ram, faulty drive, etc.).

We can tell you what the error code means if you can tell us the make and version of your BIOS, and descibe the beep code (for example: one long beep-two short beeps-one long beep).

cwelu,

This is definitely an old thread, and we ask that members who have a problem (regardless of how similar it might seem to be to another member's previously-posted question) start their own thread rather than "piggybacking" their question onto an already-existing thread.

Please delete your post here and create your own thread. When you do so, please try to include as much specific information concerning the problem as possible.

Thanks for understanding,

- DMR

...she was right that there's gonna be a lot of different opinions from the members...

lol.

Welcome to what we penguinistas affectionately call "The Distro Wars"!

(And watch out for those Slackware folks; die-hard Mac zealots have nothing on them... :D )

Moving to the security forum, as this is almost cetainly a spyware-type problem. :)

BTW- the font resizing might be a separate problem; that will become clearer once you've run a few spyware removal utilities.

Moved this to the new Security forum, as that is where we are now concentrating virus/spyware/etc. questions.

:)

Just a thought, but:

Compare the settings in the Advanced tab of your Internet Options cotrol panel with the settings on one of the normally-functioning machines. You may have turned off one of the options related to handling online media files.

Also, what sort of options do you get when you right-click on an mpg link?

Check the battery itself and the jumper setings.

Yes. The fact that you just bought the battery does not necessarily mean that it's good. CR2032s are mass-produced by the millions, so don't rule out the possibility that the particular battery you purchased was a bad one that slipped by quality control. ;)

Ah, so I wasn't crazy- one of my posts really did get eaten.
No biggie though, could have been worse! :)

Sorry you had to spend your weekend that way Dani. It really is frustrating to deal with a situation like that, especially when you can't go to the site personally to analyze the situation.

It really does amaze me how stubborn some of these technical service providers can be; I've spent days wrestling with cable/DSL providers and hosting services. They invariably instist that everything is working perfectly on their end, and they are invariably wrong. Grrrr!!

Instructions for removing the beast (from another site; should work):

http://www.computercops.biz/modules.php?name=Forums&file=viewtopic&p=156237

Let us know if it doesn't.

<edit>

Walked away from the 'puter for a few minutes and crunchie squeaked a reply in as well- try his/her suggestions as well.

</edit>

Moving to the new Security forum; that's where questions concerning hacks, spyware, hijackware, and other such issues should go from now on. :)

Much information on svchost, the legit Windows programs that use it, viewing the programs that are using it, and how it can be compromised by a virus or other hack, can be found here:

http://ask-leo.com/archives/000105.html

:)

Follow-up:

Caperjack,

Because this thread's original question was apparently answered (by you) 2 months ago, and the thread-starter did seem to imply that your suggestions did the trick, I will mark this one as solved and lock it as well to prevent further "tagging onto".

(Dani- if you don't feel that this appropriate, please let me know ASAP)

Thew need to be some way to locking the old threads once the problem is solved . to stop the piggiebacking

There definitely is- the mods have the ability to lock threads, but the problem is that quite often the original poster's question hasn't even been answered/solved before the piggybacking happens. We don't want to lock a thread at that point because in doing so we'd also be locking the original poster out of a solution.

Don't worry though, we now have The Sacred Wet Trout:

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/fishwhack.gif[/img]

A couple of TroutSlaps, and even the most reticent members will fall in line...

:D:D:D

Do u think that a reinstallation might be good. I talked to the company that I got the computer from and they said that I may have to reinstall:sad: but I dont want to. Is there any last hope type thing I could do to try to fix this problem without having to reinstall or do a system restore?

A reinstall should always be your last resort- if you haven't done this already, run SpyBot again and let it fix the problems it finds. Many of the spyware removal programs will make changes to your registry, because the programs they're designed to remove altered your registry in the fist place. SpyBot does flag some things that aren't necessarilly threats (only questionable objects), but I've never had it remove something it shouldn't, and I have used it a lot.

Definitely sounds like spyware/malware. To add to TKS' suggestion:

-Read through the threads in our Security forum. Some of our members have posted a lot of great information concerning (free) utilities and procedurs to use to get rid of "hijacked" homepages, unwanted pop-ups,and the many other manifestations of rouge malware programs.

- Immediately after cleaning your system with the recommended removal utilities, run Windows' Automatic Update feature to download and install Microsoft's latest security patches and bug fixes for XP, Internet Explorer, Media Player, etc. Many of the latest patches fix some of the security holes which allow rouge programs to get into your system.

- Keep your removal utilities up to date; updates for these programs are released very frequently. Scan your system weekly (at least) with the utilities; you'll be surprised how quickly your system can get reinfected.

- Unless you absolutely can't live without IE, use another Web browsing program. IE's tight intergration with the Windows operating system itself makes it a greater risk in terms of intrusion that a non-MS browser.

Hey folks.

Please- Do not post your questions in someone else's pre-existing thread.

It becomes too confusing to keep track of which answers relate to which question. It also creates a lot of work for the moderators, as we have to weed through these "piggybacked" threads and untangle the mess by splitting out the piggybacked questions (and their answers) into separate threads.

Dani (the site Admin) has outlined our policy in the posting guidelines in the "Announcement" thread at the top of each forum. Please read those guidelines if haven't already:

"Every question or new thought should have its own thread. Replies to a previous post should be thread replies to that particular thread. Do not piggyback threads by posting your question as a reply to another question."

robinrofkar,

Please delete your post here and start your own thread.

Thanks

but it ALWAYS comes back sooned or later...

Betcha it'll go away for good if you dump IE and use another browser instead. :cheesy:

Seriously- many of these exploits are either targeted directly at IE, or use IE as a conduit to other areas of your system.

Please, ICEMAN_FIRE- I've already asked that you not piggyback your questions onto this or other pre-existing threads. We would really appreciate it if you would honor our posting policies; it just helps everybody out- posters and those responding alike.

As I asked earlier, post any further questions in the thread I set up for you, not here. The answer to origins and function of the bridge.dll file have been addressed in other threads, but I'll post the answer in your other thread ASAP (might take a bit though; it's been a busy here today, and it's getting well toward dinner time in my end of the world).

Thanks again,

- Dave

No problem, you're a new member; I'm sure it was just a case of not being familiar with our guidelines. :)

As far as what to do next goes, try to patient. Our members are pretty attentive, but we've all got real-life things like work or school to take care of. I'm sure you'll get some responses (in the new thread I created for you) shortly.

From the Posting Rules:

Threads with titles that are too broad or do not correctly describe the post may be altered with or without notification. Do not post threads with generic subjects such as "HELP ME" or "PROBLEM". Instead, clearly state a phrase describing the problem as the thread's title.

Thread renamed accordingly.

:)

Moved to the (brand spankin' new) Security forum, as that is where we're now concentrating security/spyware/adware/etc.-related threads.

:)

ICEMAN_FIRE (and others),

Please do not "piggyback" your questions onto this thread- start a new, separate thread of your own.

While your problem may be similar (or even identical) to the original poster's question, it becomes very difficult to keep track of which answers relate to which question otherwise.

Thanks for understanding. :)

ICEMAN_FIRE,

If you haven't gotten my message yet, I've split your question (and the answers it received) into their own thread, located here; please follow up with your troubleshoot in that thread.

Um, err... you just did post a thread. :D

Can you be more specific please? Your account info does show you as fully registered, so you should be able to perform those activities.