Posts by DMR

Or perhaps I could be excused for suggesting you need this keyboard...

Oh yes, I do need that keyboard. That function key looks like it would work with my Windows machines and my Linux boxen! A cross-platform detonator! Where do I order?

There are many reasons aside from malicious infections for system slowdowns, but HJT isn't meant as a tool for diagnosing those sorts of general peformance issues. However, your log does show that you have a few programs set to automatically run when Windows starts, but not all of them necessarily need to be running all of the time. The choice is yours, but choosing not to have them auto-run should at least speed up your startup time a bit:

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Some routine cleanup never hurts either:

- Delete the contents of your Cookies, Temp, and Temporary Internet Files folders.

- Use the Add/Remove Programs control panel to uninstall any programs that you don't need or never use.

- Run scandisk and defrag.

Option one:

Get a new keyboard.

Definitely. This keyboard is the only model I know of which is 100% compatible with Windows operating Systems:

[img]http://www.stevewolfonline.com/Downloads/DMR/LNO%20Pics/WinKybd.jpg[/img]

:mrgreen:

1. Can you tell us what exact problems you are having? I don't see anything obviously "nasty" in your log.

2. You should move HijackThis into it's own separate folder. A folder like C:\HijackThis or C:\downloads\HijackThis will be fine.
HJT creates backup recovery files when it runs, and if you run it from your desktop folder , "My documents" folder, or some other such general folder (like "My Received Files", in your case) the backup files will be scattered all over the folder and possibly even accidentally deleted.

There's a free Linux GUI utility called "LinNeighborhood" which acts much like Windows' Network Neighborhood/My Network Places. You can learn more about it here:

http://www.bnro.de/~schmidjo/index.html

1. This line in your log shows a leftover from GhostSurf:

"R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212"

The explanation is here:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212

Basically, you want to uncheck two "proxy server" settings mentioned in the above article.

2. You have P2P networking installed. You should remove it (via the Add/Remove Programs control panel), as almost all Peer-to-Peer file-sharing programs present spyware/adware risks.

3. After removing P2P Networking, run HJT and have it fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

4. Are the nameserver IP below your correct DNS server IPs (as given by your Internet Service Provider)?:

O17 - HKLM\System\CCS\Services\Tcpip\..\{880C560B-77B7-460D-BF28-FED9170178E0}: NameServer = 195.93.51.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD7428D7-9065-494B-8C86-08CAF0F16327}: NameServer = 152.163.0.26 205.188.64.153

Sure, we could. Um... but you would have to post it, first. :mrgreen:

By the way- what the heck is this doing in the "Spyware" forum?

Moving to Win 2000/XP/Bla....

I think the choice should depend upon the user's level of proficiency. If a person is learning to configure their system, then msconfig is certainly the appropriate tool to use. Changes made can be easily reversed.

Once a user is well into the level where you could claim them to be an 'intermediate' user, or beginning to be an 'advanced' user, then using other tools is definitely more appropriate. But before using tools such as you describe, a user needs to be able to distinguish what actually is a 'service' and what is not.

I agree. The Services tool gives you finer control, but you do need to know what you're doing. Try disabling the RPC service, for example, if you want some fun.

... not that I ever personally... um, well, I mean... not on purpose anyway... :p

If it's an option, download the file to another computer, burn it to CD, and see if you can install it on your machine that way.

Also- you can get free online virus scans at these two anti-virus sites; you might want to give them a shot first:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://housecall.trendmicro.com/housecall/start_corp.asp

Sorry for editing out that URL, but we don't link to sites know to be associated with "Spyware", and that site was definitely one. :eek:

SP2 makes some changes to IE's security settings; have you tried altering any of those in your Internet Options control panel? Compare your settings with the ones on the "working" computer.

Also- since you used a site known to be linked to spyware in your example of unreachable sites, have you installed any anti-spyware type utilities which might be (rightfully) blocking those sites?

Some specifics would help us to narrow things it down most quickly:

1. What version of Windows are you using?

2. What type of Internet connection do you have (cable, DSL, dial-up, etc.)?

3. Does your computer connect directly to the Internet, or do you go through a router/hub/switch?

4. Give us some history as to when the problem started to occur. Did anything else else that might relate to the problem happen to the computer at about that time?

5. You said you can't even open the browser; what exactly happens when you try?

6. Have you scanned your system for virus/spyware/adware infections yet?

When did the problems start happening, and had you added/removed/upgraded any software at around that point? At least part of what you've described can be caused by improperly-performed updates to certain windows components. There are a number of possible causes, though; try some of solutions in the following links and see if they help at all:

1. msoe.dll errors:

http://www.google.com/search?hl=en&q=msoe.dll&btnG=Google+Search

2.inetcomm.dll errors:

http://www.google.com/search?hl=en&q=inetcomm.dll+%22page+fault%22&btnG=Google+Search

Can you tell us what you did? Posting that info could help others in the future.

(Unless, of course, the answer is something like: "I hummed the whole blasted thing out of a second-story window".)

:mrgreen:

It would help if you gave us specific details about your hardware setup; as it stands right now, we don't even really know if you're dealing with IDE drives or SATA drives.

In general though (and assuming IDE drives):

- If the computer won't work with a single drive now, but did work before you started changing drives, I'd hold off on flashing the BIOS until you've triple-checked your connection scheme. A BIOS update can alleviate certain problems, but if done incorrectly it can also render your system useless.

- As others have mentioned, it really does sound like an issue with connectors, jumpers, etc.:

1. Open the computer back up and very carefully re-examine your cabling again to make sure that there are no mis-seated connectors or bent connector pins.

2. Install only one of the previously-bootable drives on the Primary IDE channel.

3. Set the drive's Master/Slave/Cable Select jumpers to the Master position.

4. If the drive uses an ultra ata cable (80-wire/40-pin), make sure that cable is oriented correctly. Although both ends of that types of cable may look the same from the outside, there's a certain end (often marked or color-coded) which needs to be plugged into the motherboard in order for things to function properly and reliably.

5. Disconnect any other IDE devices (CD, DVD, etc.) from the motherboard temporarilly, boot the machine, and see if the single drive is recognized.

Hi Greg,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

... can you right-click on it and get the Properties for it? That's the only questionable thing I see.

Agreed- langwrbk.dll is a valid Microsoft file in some Windows versions, but I can't find any info on langwrbk.exe.

flowerman,

In the Properties window of the C:\WINDOWS\System32\langwrbk.exe file, check not only the info under the "General" tab, but also see what's listed under the "Version" tab as well.

Other than that, the log looks clean.

OK-

1. I believe the searchportal hijack is related to the CoolWebSearch (CWS) family of hijackers. Please download the CWShredder utility from here. Open the program and click the "Fix" button; it will scan your system and automatically fix any CWS infections it finds. *Note that some of the CWS variants are extremely difficult to remove though, so CWShredder might not do the trick entirely.

2. You are running an old version of HijackThis. Please download the latest version (1.98.2) from here, run the program, and post the log from that version.

When you download and run HijackThis, please keep the following in mind:

Create a separate, new folder for it somewhere on you hard drive (something like C:\hijackthis or C:\downloads\hijackthis will do). This will allow HJT to create a backup file in this folder, which you can use to restore your settings if you have HJT “fix something that it shouldn’t have. Don’t run HJT directly from your C:\ folder, your desktop, or from any Temporary, Temporary Internet, or Temp folder.

Yes- the log is cleaner now, but:

1. VBouncer and AdControl are bogus, irreputable programs; you need to uninstall them. Remove Viewpoint as well.

2. You have the RapidBlaster infection. Go here for more info, including links to removal tools. Using one or more of the utilities mentioned, remove the infection.

3. After doing the above, have HJT fix the following:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL (file missing)
O2 - BHO: SDWin32 Class - {40A8A6E7-D7D0-4166-885F-C5E946E4941C} - C:\WINDOWS\SYSTEM\RRUIG.DLL
O4 - HKLM\..\Run: [rb32 ml806e] "C:\Program Files\RapidBlaster\rb32.exe"
O4 - HKLM\..\Run: [nbdeefxu] C:\WINDOWS\funvdujl.exe
O4 - HKLM\..\Run: [R9BCCAM] C:\WINDOWS\TEMP\R9BCCAM.EXE
O4 - HKLM\..\Run: [spcwdotd] C:\WINDOWS\SYSTEM\lcgdsmih.exe
O4 - HKLM\..\Run: [shorqder] C:\WINDOWS\shorqder.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [pmrcr] C:\WINDOWS\pmrcr.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [r83R36X] EPSERT2.EXE
O4 - Startup: Download Plus.lnk = C:\WINDOWS\Application Data\DownloadPlus.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/203e2150afcacc...ip/RdxIE601.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.com...ebio5_1_6_0.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) -

Hey again gbear,

I think some of us might have already responded to the "teenage son" issue, but basically: that problem really is up to you and he to sort out; technology doesn't have the Ultimate Answer there. You can certainly install all sorts of different software "solutions", but any teenager worth his/her weight is going to be able to bypass most of it unless you're very dilligent about things.

Also keep in mind that it doesn't take going to "questionable" websites to get infected with adware/spyware/etc. anymore; I have single, 50+ year-old clients who have no "bad" surfing habits at all, but due to not taking some basic precautions, even they get infected.

As for selling him goes- I can tell from experience that you can often pawn teenagers off to the Bedouins, but as they barter primarilly in camels, you need a heck of a lot of real estate available if you want to cinch the deal. :mrgreen:

Any suggestions?

Yup. Since you have the SearchPortal hijack, you probably have other nasties as well. Let's do some general cleanup:

A) Run a full anti-virus scan, making sure that your anti-virus program is using the most current virus definition updates.

B) Download and run Ad Aware and SpyBot Search & Destroy (links are in my sig below).

Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard …

1. To start with, have HJT fix the following (close all browser/explorer windows before you do):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O4 - HKCU\..\Run: [WNSI] C:\WINDOWS\System32\wnscptr.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe <- This program is bogus
O4 - HKCU\..\Run: [bwwmRTH4W] dbndexnt.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/mini...ransporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab
O16 - DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} (NetCamPlayerWeb11g Control) - http://192.168.2.177/img/NetCamPlayerWeb11g.ocx

2. Reboot into safe mode and:

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files".

- Delete these folders entirely:

C:\Program Files\AWS
C:\Program Files\Privacy Champion

- Delete these files:

C:\WINDOWS\System32\wnscptr.exe
dbndexnt.exe

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Delete the entire content of your C:\Windows\Temp folder.

(If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed.)

- Empty your …

Hi db_york,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

Look in your event logs to see if any more specific/descriptive info is given there. If so, post the exact and entire contents.

- A "not ready for access" message is often indicative of a timing error caused by hardware faults/confilicts. Carefully check your cabling, termination, etc. Has anyone made any physical changes to the system lately?

- The error could also be driver-related. Have any driver updates/changes been applied to devices in the system around the time this began to happen?

- It's possible that the device itself (cpqfcalm1) is starting to fail; do you have a replacement you can try?

You have been hit rather hard, Txsupra.

Take caperjack's advice:

1. Download HJT version 1.98.2, but don't run it and post a new log until doing these:

2. Run the online virus scans he suggested.

3. Run the utilities he mentioned, including Ad Aware and SpyBot, while booted into Safe Mode.

4. Once you've done #2 and 3, run your new version of HijackThis and post a the log. We'll stiil have work to do from there...

OK- Post the HJT 1.98.2 log when you can. However, also take your own advice ASAP:

I am moving to Firefox to perhaps avoid some of this stuff

Moving to Firefox, Opera, or Netscape will greatly reduce your chances of getting infected by these nasties; there honestly isn't any "perhaps" about it.

Thanks for the quick follow-up Chris. :)

As far as I can see there's nothing "nasty" in the new log.

Wait for crunchie, dlh6213, or caperjack to give your log a second review before we sign off on it, though.

Are you still experiencing the problems you noted before? As I said earlier, "nasties" aren't the only reasons that your system can feel slow or sluggish.

Sorry marceta, but the screenie has to be (at least) one layer deeper in order for us to see which exact codecs you have installed for each category... :(

The specific codecs that you have installed will be listed under the general (Audio, Video, etc.) headings that your current screenshot shows.

You can also view your installed codecs this way:

In you System control panel, go to the Hardware tab and click on the Device Manager button. In the resulting list of components, you'll find all of your installed codecs under the Sound, Video, and Game Controllers section.

This message has been deleted by caperjack.

Tee-hee! (damn you're quick!)

Win 98 on fat32 will not see hd formated in ntfs!

No, it definitely won't, but rhino said (and the HJT log verifies):

I have a Win XP

incredible amount of support...

We try.. :)

Repost if you have any further questions, or problems sourcing the right adapter.

If I have the wrong forumn, please excuse me & could someone direct me to the proper one.

Hi,

You have the right forum for your problem, but this isn't the forum in which to post HiajckThis logs; those belong in our "Spyware, viruses, and other nasties" forum. Although your HJT log does show a couple of possibly "unwanted guests", they most likely are not the root of your problem.

Sorry for the short response on my part, but hang in there- we'll get back to this with more info.

If the picture of the connector in the link I posted looks like the right one for the monitors that you have; that's the type you need. It converts older Mac monitors' 2-row, 15-pin video connectors to the PC/VGA standard 3-row, 15-pin connectors. The only thing to keep in mind "sex-wise" is that you are going from a Mac monitor to a PC/VGA video card. Adapters which let you connect a PC/VGA monitor to a Mac computer are of the opposite sex.

I'm not sure why you're having trouble finding the adapter, but some of the links here might help:

http://www.google.com/search?hl=en&lr=&q=Mac+monitor+pc+vga+adapter&btnG=Search

You're welcome. :)

I only posted that particular link because it had a good visual description of the adapter. You can find the beasties all over the place, so I'm sure it will be no problem for you to source one from somewhere more local to you.

Important though (and no punny/funny intended): Make sure you get the sex right!

Those adapters come in both the MAC monitor->PC video card and PC monitor->Mac video card flavors; you need the one which is female (socketed) on the 2-row side and male (pinned) on the 3-row side.

Hi fpteixeir, welcome to TechTalk.

Your post is an exact quote of cevans earlier post; please read my response to that post concerning the need to ask your question in a new thread of its own.

Thanks. :)

It gives me a fatal error: can not read IP

Although written specifically for Win 98/ME, this MS article sheds light on a couple of reasons for that error:

http://support.microsoft.com/default.aspx?scid=KB;en-us;286748&

Because you mentioned a "nasty case" of spyware-type infections, it's possible that your network stack was either corrupted by the infections or, as sometimes happens, corrupted as a result of their removal (specifically- the removal of a malicious LSP component).

The link above describes one possible fix; there are others, depending on your exact version of Windows and the exact root of the problem:

http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
http://support.microsoft.com/default.aspx?kbid=299357
http://support.microsoft.com/default.aspx?kbid=811259

Unfortunately, the errors you've reported so far point to various and quite different areas of possible trouble, so it's hard to say exactly what is broken.

If you're describing the old Mac-standard 15-pin "D" connectors, you need a DB15 female -> HDB15 Male adapter like the one shown here:

http://www.pccables.com/70023.htm

You should really give us a more specific descripition of your needs, but overall this question sounds more suited to the Java programming forum.

Moving there now...

Yea I'm having the same exact problem!

Hi Anonymoose,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

Windows makes extensive use of CODECS...

Hmm... yes- software codec conflicts or even corruption of a codec definitely can cause problems such as this, and perhaps even a fresh install of drivers and other software didn't go deeply enough to solve things. For that matter, as RR stated, codec conflicts can actually be caused by the installation of different/multiple multimedia programs.

It's worth looking in to before yanking the physical drive...

Given that reports thus far have indicated the problem to be with (some) emails from specific senders, it's quite possible that the problem/corruption is on the sender's end; there may not anything you can do about it.

Contact the sender and have them resend one of the garbled messages; see if the second copy appears corrupted as well.

Yikes! I wasn't aware of that, but apparently you're right- I just found a post (dated less than a month ago) by someone whose HJT scan indicated missing files in some 09 entries when the files actually did exist on his system.

Anyone have more info on this? A quick Googling didn't reveal much....

time to take the drive out and install it in another machine ...

Yeah, given the amount of software troubleshooting you've done, it's probably time to start looking at the possibility of a hardware fault. :(

Have HJT fix these:

O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_linjian123_9220 (file missing)
O9 - Extra button: Instant Messenger - {0F7DE07D-BD74-4991-9D5F-ECBB8391875D} - http://cn.rd.yahoo.com/home/messeng...nger.yahoo.com/ (file missing)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab

Aside from cthelper, you also have a few other programs starting up automatically that, while not malicious, don't need to be running all the time and using system resources. Disabling them is your choice:

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Show missed alarms] C:\Program Files\Alarm\Alarm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

A general "slow" feeling about your computer can be caused by things other than "nasties", of course. Systems do get "ragged aroung the edges" after a period of use, so it might be time for some general routine maintenance:

- Clear out the contents of your Cookies, Temp, and Temporary Internet Files folders.

- Use the Add/Remove Programs control panel to uninstall any programs that you …

Good point !

Do you remember those attacks as well? IIRC, it took Merijn's site ages to get out from under the hit he took.

Oh well- if someone like Merijn is p***ing off the marketeers that badly, we all must be doing something right here. :mrgreen:

my links go right to the maker of the software !If you can't trust them who can you trust .!:) LOL

Definitely true. I only posted the MajorGeeks link due to the fact that sometimes the maker's sites can't be always be reached. For example- do you remember those times in the past where sites like spywareinfo and computercops essentially got shut down due to DDOS attacks from the wonderful people who write the malware we're fighting? [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/angryfire.gif[/img]

Well, since the problem occurs across browsers, but does not happen in Linux, I'd suggest that you check your Win systems logs. The only problem with that is the fact that Win 9.x doesn't do much logging; it's rather limited in its ability to leave clues. Grr... :(

Are you getting a dynamically-assigned IP via DHCP, or has your ISP given you a static IP config?

When the connection gets dropped, run winipcfg and see if it has anything illuminating to report.

I have heard of and it is said to be good .
Why buy one whem Spy-bot and ad-Aware Are Free ,and do a great job of cleaning spyware from computer ,and Spy-Bots imunize keeps them away .
,and when used along with SpywareBlasters and SpyGuard and IE-Spyad, That block spyware and ActiveX and Browser hijackers . and are also Free.
This is a link from my signature to these free programs and i use all 5 ,and have no problems with spyware ,Im on Cable and its left on all day ,and night sometime downloading Movies and Stuff!!

http://subratam.org/?page=software&part=Spyware-preventions

MajorGeeks is another reputable site where you can download the (free) programs caperjack mentioned, as well as many others.

BTW caperjack: you said "SpyGuard"; I think you meant SpywareGuard, yes?