Posts by DMR

I would just pick up a 4 port hub and then jack each machine into the hub
then out to the net....

Catnip is right:

When using a hub or switch (instead of a router) for that sort of configuration, you need to check with your Internet service provider first.

If the ISP only allocates 1 IP to your account, uses the MAC address of the connected computer as part of your account/connection validation, or uses any other methods which would disallow concurrent logons from multiple computers, a hub or switch won't do the trick. Many ISP do have limit like this, and the choices in that scenario are either to see if the ISP allows you to purchase additional IP addresses, or to use a router instead of a hub.

A) Broadband routers use NAT (Network Address Translation) to allow multiple computers to share a single connection (without your ISP knowing that you have more than one machine connected). Hubs cannot do this.

B) Broadband routers can be configured (via port-forwarding) to allow computers on the LAN (your internal network) to act as Web, FTP, game, etc. servers to the outside world, while still providing some measures of security for those machines. Hubs cannot do this either.

This is just a theory, so if anyone knows whether or not this is possible, please let me know...

Ah, right- Brazinha did say that the problem occurs at startup (a key point, and one which I missed before), so what you suggest could be exactly what's going on.

If you've got a lot of programs firing off auto-start components at bootup, it can take a loooong time for everything to initialize, even if you can't see anything going on. For example, I have definitely noticed a very marked increase in the time it takes a system to "settle down" after installing both McAfee's Security packages on some systems (Norton's equivalent package is no start-up speed demon either). Those two products definitely do connect to the Internet to do their auto-update thing, and other programs (which you may not even know you have running) will do the same.

There's not much you can do about it if it's something like Norton or McAfee causing the delay; you need those programs, so you just have to deal with it. What you probably don't need though, is programs like Quicktime or RealPlayer running their auto-start components; you can often shave some time off the start-up process by not having such programs set to automatically start when Windows starts.

Great, glad we could help :)

Have a read through the following thread for some suggestions on how to protect yourself from infections in the future:

http://www.daniweb.com/techtalkforums/thread5690.html

Also- make sure to use Windows' Automatic Update feature to keep your system current with the lastest Microsoft critical fixes/security updates.

If you really wanted to solve your problem, you would have put Linux on the box. :mrgreen:

The "about:blank:" listed in HJT's options shouldn't be confused with the infamous about:blank hijack. "about:blank" can be a valid home page setting; it corresponds to the "Use Blank" option in the Home Page settings section of your Internet Options control panel, which just sets your default home page to a blank page.

As far as your log goes- you can have HJT clean up this one last loose end, but otherwise you're clean:

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

(You can always have HJT fix entries which indicate "file missing" or "no file"; HJT is basically telling you that those entries are just "broken pointers" to a file which no longer exists on your system.)

Bummer- I hope it's not a hardware problem, but you seem to have covered all the software angles that I can think of...

If you really wanted to solve your problem, you would have put Linux on the box. :mrgreen:

If you really wanted to solve your problem, you would have put Linux on the box. :mrgreen:

OK- let us know what happens. If it doesn't work, there are other possible fixes, but let's first see if replacing the library file works.

OK- judging from your initial HJT log, I didn't think that spyware/etc. would be the root of the problem, but it's good to get possibility out of the way. If none of our other members repond to you before tomorrow, I'll do so then.

From what I've read, it can apparently be gotten from places other than porn sites; it can come from sites/companies that partner with PurityScan and all that.

Time for you to post a HijackThis log....

Hang in there- it's dinner time in my end of the world, so I do really need to log off now. However, some of our other security responders (crunchie, dlh6213, caperjack) live in different time zones, and should therefore be able to pick up on this before I get back online tomorrow AM.

Sorry gbear- I know this is all a PITA, but for the reason described in this excerpt from our Posting Guidelines, we don't respond to problems "off-forum" (that is- via email, chat, etc.):

Keep it on the site
Please do not post asking for an answer to be sent to you via email. Problems and their responses assist others who read them. Please refrain from responding to people's questions via email for the same reason...

We're going to have to work through this one here in this thread.

It's like the mystery of the invisible file or something.

Perhaps, but did you do this before hunting for the culprit?:

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files".

Might also be time for you to post a HijackThis log; read through other threads in this forum for instructions on how to do that.

Hi Annoyed,

crunchie is offline right now, but let me follow up a bit for you on your first question until he gets back. I only have a short amount of time before I need to log off as well, so:

Read through this thread for answers to your questions concerning which programs you should use, and other tips to keep you protected:

http://www.daniweb.com/techtalkforums/thread5690.html

I don't think the program called SpywareGuard is mentioned/linked to in the above thread, but it's a good one to have as well. Most, if not all of the utilities referenced in the link (as well as others) can be found here:

http://www.majorgeeks.com/downloads31.html

At the very least, have HJT fix the following entry, and then reboot into safe mode and delete the entire C:\Program Files\WildTangent folder:

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

Also have HJT fix these:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

and when i go into the folder where it was found, I can't find it to delete it manually!

For starters- Tell us the exact name of the folder where the file resides please.

ok, thanks for the suggestions. I moved HJT to C:\

Nope- something didn't quite work there. It's still running from a Temp dir according to this entry:

C:\Documents and Settings\Gena\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

Once you've (really) moved HJT to its own folder, run it again and have it fix the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {8C97F441-EEA6-43B1-970F-537F5A6E59AC} - C:\WINDOWS\System32\fgjep.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O18 - Filter: text/html - {E963234D-35E7-4B6F-95EF-52084C584200} - C:\WINDOWS\System32\fgjep.dll
O18 - Filter: text/plain - {E963234D-35E7-4B6F-95EF-52084C584200} - C:\WINDOWS\System32\fgjep.dll

After HJT has completed its fixes, do the following:

- Reboot into safe mode

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files".

- Delete the entire C:\Program Files\WildTangent folder.

- Delete the C:\WINDOWS\System32\fgjep.dll file.

- For every user account listed under C:\Documents …

Curiousity question: Did you install or uninstall any software just prior to this happening? Sometimes system files like msvcrt.dll (Microsoft Visual C runtime library file) get replaced/overwritten/corrupted in the process of doing so.

MS has an article which describes a situation very similar to yours, and describes how to replace your current msvcrt.dll with a fresh copy from your Win XP disk; it might help in this case (and I doubt it will hurt to try):

http://support.microsoft.com/default.aspx?scid=kb;EN-US;324762

I would check NVidia's website to see if they have any updated drivers for the card; download and install those if they exist. You should read any documentation that comes with the driver software to see if there are any specific steps you should take during the install.

If need be, you can download a new copy of HJT from this site:

http://www.majorgeeks.com/download3155.html

Also- two things:

1. You are running an older version of HijackThis; please download and run the latest version (1.98.2) and post the new log it generates.

2. You are running HJT while Internet Explorer is still running. Close all instances of any browser programs before running HijackThis; HJT cannot perform all of its fixes while browsers are running.

Also have a read through these previous threads on the problem:

http://www.daniweb.com/techtalkforums/search.php?searchid=205309

Grrr... this DXSETU.EXE/WINSOCK.SCR thing seems to be the "Nasty of the Week", but unfortunately there doesn't seem to be a heck of a lot of info about it on the Net yet.

I was advised to check the dxsetu and winsock on hijackthis but it keeps coming back.

Did you manually delete those two files after having HJT remove their entries? HJT can remove the "04" entries from your registry, but it will not physically delete the actual files referenced in those entries; you need to do that yourself.

Have HJT fix:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?ap...ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.isearch.com/index.php?ap...ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.isearch.com/index.php?ap...ODQ6NTo5&Terms=
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O4 - HKLM\..\Run: [dxset.exe] C:\WINDOWS\dxsetu.exe
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab

After HJT has finished with the fixes:

- Reboot into safe mode

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files".

- Locate and delete dxsetu.exe and winsock.scr

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Delete the entire content of your C:\Windows\Temp folder.

Yup- mxtarget is gone; good job. :)

1.

You are still running hijackthis from a temporary folder....be sure to put it in its own permanent folder so it can make the backups in case you need them. :)

Yes- your log indicates the following:

C:\DOCUME~1\DEANNA~1\LOCALS~1\Temp\HijackThis.exe

Create a folder directly under C: called Hijackthis, move HijackThis to that folder, and run it from there from now on.

2. Did you do everything that I suggested earlier? Your new log indicates that you either missed a few steps, or that some of the nasties have recreated themselves (which is entirely possible).

The new log also still shows an instance of Internet Explorer (iexplore.exe) running.

3. Once you move HJT to a proper folder, run it again and have it fix the following (make absolutely sure "iexplore.exe" is not listed as a running process):

O4 - HKLM\..\Run: [4k.exe] C:\documents and settings\deanna arceneaux\local settings\temp\4k.exe
O4 - HKLM\..\Run: [OPo.exe] C:\documents and settings\deanna arceneaux\local settings\temp\OPo.exe
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/...IL/PhPSetup.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/24a8ceaaf39a50...ip/RdxIE601.cab

The following entries are not malicious, but they're not necessary either; have HJT fix them if you want:

O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

4. Once HJT has completed its fixes, reboot into safe …

Doesent make sence ,,
A CD music disk works ok in the DVD drive and a DVD disk doesn't !!

Actually, it does make some sense if you consider that CD audio and DVD audio are different formats, and within the DVD drive itself the encoding/decoding processes for each are even handled by different lasers.

marceta-

1. Have you tried entirely uninstalling the current drivers for the card and reinstalling drivers from scratch? Your currently-installed drivers may be corrupt. Download the most recent drivers for the sound card and use those if possible.

2. Just a thought, but is it possible that some other running programs/processes are interfering with the playback process? Due to its higher quality (higher bitrate and sample rate), DVD audio playback can be a bit more taxing on your system than CD audio playback. Shut down as many non-critical programs and background processes as possible and see if that makes a difference; your playback software might just need a bit more "breathing room" in terms of system resources.

3. Last but not least, unfortunately: your DVD drive could be failing.

Not sure what was up with the Netscape and Opera installs, but since Firefox works, I'd guess your IE install got corrupted somehow. If a fresh reinstall is no big deal at this point, go for it; at least you'll know you're starting with a clean slate...

I click some icons offline like My Documents or My Computer and open one or two of its folders. Only after doing this I click on the icon to connect to the internet and everything starts working normally.

That is really strange...

Try what we've suggested so far and see if you notice any change in the problem.

I have a Nvidia Gforce 5700 ultra video card, which I have re-inserted

Have you also tried reinstalling your video driver software; it could be corrupt?

Also- do you get the same problem when you boot into Safe Mode?

Background info and specifics would help us; your OS or browser may not be part of the problem at all:

- What exact type of network/Internet connection do you have, and at what speed does your ISP indicate that the connection should operate?

- What is the exact make/model of network interface in your computer?

- Does your network setup include any other devices (hub, switch, router, etc.) which might be part of the problem?

- Is this a new problem, or has your connection speed always been low?

- When indicating connection speeds and file sizes, please pay attention to the use of capitalization; there's an big difference between Kb / Mb and KB / MB.

"Entry point not found" errors aren't specific to a single program or fault; they can be caused by a variety of things. Usually there's more to the error message than just "entry point not found", and that additional text should give more descriptive info on the given fault.

If the message you get has such information in it, please post the exact text.

Also- at what exact point in the boot process do you get the error?

Did you try one of the other browsers I linked to? If so, does it exhibit the same sort of problem?

And I don't know about this ope1C3.exe file, but I couldn't find anything about it in the net...

Nor could I. Quite often not finding any information on a file is as telling as finding information on it. ;)

I'd have HJT fix that entry; if doing so doesn't seem to break any of your legit programs, I'd delete the file.

I believe lummy's problem was not exactly the same as mine

Not exatly perhaps, but quite close- your log does have entries for dxsetu.exe and winsock.scr, which means that those files were on your system at some point, even if (for some reason) they really aren't there now.

Yes- mxtarget.dll is an adware/spyware component from Twain-Tech.

Have HJT fix that entry, reboot, and run HJT again to make sure the dll entry doesn't return.

I have ATI's HDTV WONDER, and since installing it, an error message comes up everytime the computer is rebooted saying that "Run a DLL as an APP has encountered a problem....

The "Run a DLL as an APP" error can have many causes. For starters, can you please tell us exactly which version of Windows you are running?

Also- letting us know exactly what make/model/version of sound card or sound chipset you have (as well as what sound drivers your system is currently using) would help.

I know this post seems erratic...

Not really, but a bit light on specifics perhaps ;)

Can you give us the exact make/model of the computer, a run-down of the hardware specs and BIOS make/version, and any other info that would help (for instance- has this been a problem since you first built the 'puter, or has it started happening more recently than that)?

OK, do that- repair/reinstall the components and let us know what happens.

Win98 and Win 2000 support the mouse differently...

Yes, but ferdina said:

Before, the mouse was ok with both operating systems

Since this thread was dug up, I thought I'd comment also...

Erm- no. Actually, you should start a new thread of your own and post your question there. Please give as many specifics concerning the problem as possible when you do.

Thanks.

Page file (swap space) usage can largely depend on how much real RAM you have installed- what's the amount of physical RAM in your system?

Also: one possibly simple way to figure out what's eating your drive space is to open Windows Explorer and have it sort your files/folders by "Date Modified" or "Date Created". If you do that, do you see any files/folders which have experienced "unusual growth" after you notice the increased disk-space usage?

You need to give us more history on this problem in order for us to help you most quickly, as your post only tells us that you have a computer who's BIOS doesn't seem to recognize the drive. Give us specific background info on the problem.

My first guess would be that since you only have one drive, it should be on the first non-raid SATA connection. As I said though- you really do need to give us a better understanding of the entire situation; at this point we don't even know if the computer has ever worked in the first place...

... Remember to go into explorer, folder options, view and uncheck "hide protected operating system files"

I could only find the winsock.dll file in my computer, out of the 5 you mentioned.

Under the "View" tab, also check "show hidden files and folders".

Am using GRUB more these days.

Agreed- I find GRUB to have some advantages over LILO: IMHO it's more flexible than LILO, you don't need to re-execute GRUB after making changes to the config file, configuration itself is more "user friendly", and it even comes with its own command shell. :)

Just to narrow things down:

1. Hook the PC up to a wired network (if you have an Ethernet NIC) and see if the problem still exists.

2. Download, install, and run a browser other than IE; see if the problem occurs with that browser (again- on a wired connection as well as a wireless if possible):

Netscape:

Opera:

FireFox:

OK- a couple of things first:

1. You are running HijackThis from within a Temp/Temporary folder. As part of the process of cleaning your infections, you are going to delete all data stored in your Temp folders (you have infections lurking in those folders), so you need to move HijackThis into its own separate folder which does not reside within a Temp folder. Put HijackThis in a new folder such as C:\HijackThis or C:\spyware tools\HijackThis.

You should also move any other data in your \Local Settings\Temporary Internet Files folder that you might want to keep into their own folders as well.

2. Your log indicates that you had an instance of Internet Explorer open/running when you ran HijackThis:

C:\Program Files\Internet Explorer\iexplore.exe

HJT cannot perform all of its fixes unless you close all instances of your web browser.

3. After moving HJT to its own folder, do the following (yes it's lengthly, but it will help):

A) Run a full anti-virus scan, making sure that your anti-virus program is using the most current virus definition updates.

B) Download and run Ad Aware and SpyBot Search & Destroy (download links are in my sig below).

Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL …

Um, yeah... looks great to me. What's the problem? :mrgreen:

That's really weird. Judging from first post I thought IE might just be displaying the underlying HTML source code of pages (instead of the proper graphical interpretation of that code), but that's not it- it looks like you've got some sort of character-encoding issue going on instead.

- Has this been happening ever since you reformatted/reinstalled, or did IE work correctly for a while before starting to do this?

- Have you tried to reinstall/repair IE yet?

Any info you can think of that might give us more clues would help.

I hope this helps...its my first ever reply to a HijackThis! log :P

And not a bad first at that :)

dragonoids- definitely do as Paddy suggested; you are pretty heavily infested. Here are some more detailed instructions for Ad Aware, SpyBot, and general clean-up measures:

A) Run a full anti-virus scan, making sure that your anti-virus program is using the most current virus definition updates.

B) Download and run Ad Aware and SpyBot Search & Destroy.

Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

2) Click on the ‘Scanning’ button on the left and select in green :

Under …

O4 - HKLM\..\Run: [kfpxhyrtmwtl] C:\WINDOWS\SYSTEM\CZYUOYP.EXE

You either missed the above entry, or it regenerated itself. Repeat crunchie's instructions above concerning its removal before posting another log.