Posts by DMR

That log looks clean to me; let's see if crunchie seconds my option on that.

COuld it be the crlf32.exe or the kalvkyr32.exe file?

Yes, those are two of your problems. Also, you still have some "nasties" running from within your C:\documents and settings\gavzya\local settings\temp folder. Did you fully follow caperjack's instructions regarding deleting all of the files in that folder?

1. Use your Add/Remove Programs control panel to remove the "Download Accelerator Plus" program, it is adware ("Flashget" is ad-driven also).

2. Have HijackThis fix the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {F8178FB3-8D25-D7C4-86A7-8FA8F80D9D53} - C:\WINDOWS\netay32.dll
O4 - HKLM\..\Run: [crlf32.exe] C:\WINDOWS\system32\crlf32.exe
O4 - HKLM\..\Run: [vRIONrM.exe] C:\documents and settings\gavzya\local settings\temp\vRIONrM.exe
O4 - HKLM\..\Run: [Ejt9.exe] C:\documents and settings\gavzya\local settings\temp\Ejt9.exe
O4 - HKLM\..\Run: [lcusqjkfyk] C:\WINDOWS\System32\osprpl.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvkyr32.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.frame.crazywinnings.com

Again- you're welcome. Now let's hope it worked...

The kalvxyz32.dll bit seems like it might be related to the EliteToolbar pest that's making the rounds, but there isn't really a heck of a lot of definitive info available on the beast; I was only able to confirm the (psuedo-random) pattern of the filename change yesterday or the day before.

Let us know if it crops up again please.

Crud- I missed one in my earlier post...

1. Have HJT fix the following:

" O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe"

2. Although the actual filename has morphed slightly (in your last log it was named "kalvdme32.exe"), this gremlin is still present:

O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvxxv32.exe

** Note: That file may change its name slightly again, but this particular infection has a pattern: the filename will always be kalvxyz32.exe, where xyz are the only letters of the name which change.

Have HJT fix that entry, reboot into Safe Mode, delete wuclient.exe and kalv(whatever)32.dll, and empty your trash.

Glad we could help! :)

To lessen your chances of reinfection, you should probably download and install SpywareBlaster and SpywareGuard as a measure of protection. I'd also suggest that you use SpyBot Search & Destroy in conjunction with Ad Aware. SpyBot is very similar in function to Ad Aware, but will sometimes catch things that Ad Aware misses; using the two programs together is a Good Idea.

Download links for a three of the above utilities are in my sig file below.

OK, here we go...

1. SpyKiller, BestPopUpKiller, and SpyHunter all fall into the category of "dubious" programs, in that they are unreliable and at the very least return "false positive" findings as a way of enticing users to buy the commercial versions of the programs. You should uninstall them and use the trusted, recommended (and free) alternatives instead. For more information on bogus vs. legit "spyware" utilities, please visit this site:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Links to some of the reputable programs (of which Lavasoft's Ad Aware is one) can be found in my sig below.

2. " C:\Program Files\Internet Explorer\IEXPLORE.EXE"

That entry in your HJT log indicates that you had at least on instance of Internet Explorer running when you ran HijackThis. HJT cannot fully perform its fixes unless all instances of your web browsers are closed. Please make sure that is the case before proceeding.

* -> Before doing the following, you should probably disable XP's System Restore function. Instructions for doing so (and an explanation of why you should) can be found here.

3. Once you have closed all instances of all web browsers, have HijackThis fix:

O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvdme32.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [E981F653] C:\WINDOWS\system32\ctLinra.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [FDBF3A4E] C:\WINDOWS\system32\dsntcer.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKCU\..\Run: [kbdsw] C:\WINDOWS\System32\kbdsw.exe
…

Is dis gonna affect the effectiveness of the rest?

It should be OK; not all of the .dlls listed in antioed's solution will be present on every Windows installation. In the particular case of msjava.dll, if you have Sun's version of Java installed (instead of Microsoft's), msjava.dll probably isn't registered on your system.

Hi Smith555,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

1. Your version (1.97.7) of HijackThis is out of date; please download the latest version (1.98.2), run it, and post the log from that version.

2. You should take caperjack's advice and run Ad Aware before you post the new log; Ad Aware will be able to clean out some of the infections indicated in your HijackThis log. Along with Ad Aware you should also run SpyBot (download link in my sig below); it's a good compliment to Ad Aware. Run them consecutively (the order doesn't matter); rebooting after each has finished its fixes.

Option one:

Get a new keyboard.

Definitely. This keyboard is the only model I know of which is 100% compatible with Windows operating Systems:

[img]http://www.stevewolfonline.com/Downloads/DMR/LNO%20Pics/WinKybd.jpg[/img]

:mrgreen:

Hi Greg,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

If the picture of the connector in the link I posted looks like the right one for the monitors that you have; that's the type you need. It converts older Mac monitors' 2-row, 15-pin video connectors to the PC/VGA standard 3-row, 15-pin connectors. The only thing to keep in mind "sex-wise" is that you are going from a Mac monitor to a PC/VGA video card. Adapters which let you connect a PC/VGA monitor to a Mac computer are of the opposite sex.

I'm not sure why you're having trouble finding the adapter, but some of the links here might help:

http://www.google.com/search?hl=en&lr=&q=Mac+monitor+pc+vga+adapter&btnG=Search

You're welcome. :)

I only posted that particular link because it had a good visual description of the adapter. You can find the beasties all over the place, so I'm sure it will be no problem for you to source one from somewhere more local to you.

Important though (and no punny/funny intended): Make sure you get the sex right!

Those adapters come in both the MAC monitor->PC video card and PC monitor->Mac video card flavors; you need the one which is female (socketed) on the 2-row side and male (pinned) on the 3-row side.

If you're describing the old Mac-standard 15-pin "D" connectors, you need a DB15 female -> HDB15 Male adapter like the one shown here:

http://www.pccables.com/70023.htm

OK- judging from your initial HJT log, I didn't think that spyware/etc. would be the root of the problem, but it's good to get possibility out of the way. If none of our other members repond to you before tomorrow, I'll do so then.

At the very least, have HJT fix the following entry, and then reboot into safe mode and delete the entire C:\Program Files\WildTangent folder:

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

Also have HJT fix these:

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

- Has this been happening ever since you built the computer, or did the problem start occuring at some later point?

- Are you directly connected to the modem, or is there a broadband router in the equation?

- Are you absolutely sure the firewall software was completely disabled? I've had a couple of instances where just choosing the "disable" option in some firewall software doesn't totally do the trick; I've had to choose not to have the program run at startup and then reboot.

- You said you can ping DNS servers; can you ping web sites by URL? For that matter, can you reach web sites through your browser if you do it by IP instead of URL? Try to hit Google by putting its IP in your browser's location bar:

http://64.233.167.99

C:\Program Files\Internet Explorer\iexplore.exe

The above would seem to indicate that you still had one instance of Internet Explorer running when you ran the HJT scan. HJT can't perform all of its fixes when IE is open/running, so it's advised that you verify that all instances of IE are closed before asking HJT to fix things.

Other than that though, the log is clean. Let us know if more problems crop up.

The following thread has info and links concerning ways that you can keep yourself protected in the future:

http://www.daniweb.com/techtalkforums/thread5690.html

Well, gee.

For once, Google's no help. I tried searching, and this is the only thread that came up!!! :o

Alex, sometimes ya just gotta be more creative in your Googling... :p

The "Dreaded German Error Message" seems to indicate problems with one or more Windows files related to Rich Text editing/manipulation.

Here's the result of the whole Google search:

http://www.google.com/search?hl=en&q=richedit+spybot+error&btnG=Google+Search

And here are a few of the links which relate specifically to our problem:

http://forums.techguy.org/archive/index.php/t-187967.html
http://www.lavasoftsupport.com/index.php?showtopic=46113&st=0 <-- skip to the end of this thread; most of the middle is just whining
http://www.computing.net/windowsme/wwwboard/forum/40717.html

Hope this helps; let us know if it doesn't.

rundll.exe is a Windows system program which is responsible for loading/handling a number of Windows library files (.dlls). Given that, the error could actually be being caused by one of the dlls, but it's impossible to say which one.

- Had you installed/modified/upgraded/deleted any programs, device drivers or other software just prior to this happening?

- Does this happen when you're booted into Safe Mode?

- Do you notice any other strange behaviour or get any other errors? If so, knowing what thye are could help us pinpoint the culprit.

- Exit/close all unnecessary programs (including those running in the tray on your taskbar) and see if the problem persists. If not, reactivate the programs one at a time to see if you can find the one that causes the error.

Hang in there- I remember running across this exact problem/message about 2 months ago, but I won't be able to dig back for the information until tomorrow.

I'll post here when I find it.

Yes, the _restore folders under your C:\System Volume Information directory are indeed when the System Restore backups are stored, and they are protected systems folders which even anti-virus programs don't have permissions to modify.

One of our members had a similar situation only two days ago; read through that thread for more info and (hopefully) a solution:

http://www.daniweb.com/techtalkforums/thread13142-restore+system.html

Also keep in mind that any anti-virus program is only truly effecitive if you keep it updated with the most current virus definitions. Most AV programs have an option to install those updates automatically, but many will only give you a limited free subscription to those updates. If your subscription has expired, you do need to renew it (even though it will cost $$).

(The monitor I was using was one not being used at my husband's office.....I guess I killed it)

Could well be; hooking it up to another computer when you get a chance will give you a better idea of that, though.

I was then able to type "rstrui.exe". I then received the following message: "rstrui.exe - Entry Point Not Found"....."The procedure entry point SHRegGetValueW could not be located in the dynamic link library SHLWAPI.dll."

Now what do I try?

{I'm still searching for my Windows CD.....grrr} :sad:

If you're lucky, it may only be your shlwapi.dll file that's corrupt. If so, it can be replaced, but you're going to need to find/get a proper/correct version of that file somehow and copy it into your C:\windows\system32 folder.

Something that would be good for us to know if possible:

In your first post you said: "I realized that an update was being downloaded to my computer". Do you know exactly what update was being performed? That is, was it a Windows Update that was happening, or was it an update initiated by some other program?

In this window type: C:\Windows\system32\Restore

That command should have been "cd C:\windows\system32\restore"; that's why you got the "not recognized" error.

The original "entry point" error is an indication that something went wrong during the update, and one or more of your system files are now corrupt or out of sync ("out of sync" meaning that not all of the files which should have been updated actually were updated; this can cause version conflicts/incompatiblity between the older components and the newer updated components).

A system restore might work, but it isn't guaranteed. If it doesn't, you'll have to find your installation CDs so that you can try a repair from the Recovery Console.

In terms of the "popping" noise, that probably (and hopefully) means that some software component related to your video card or monitor has now been corrupted as well. Let's hope so, because the sort of popping and associated flashing of indicator lights can also be the sign of a dead video card or monitor. If you have (or can get) access to another computer, try switching monitors between the two; that will at least tell you if the display problem lies with the monitor or with the computer.

Ok- a couple of quick things I'd try, given that it's only your current account that's having problems:

1. Log in as an administrator, create a new user account, log out of the administrator account, and:

a) log in to the new account and verify that all of your programs (including Internet Explorer, obviously) work properly. If they do:

b) Log out of that account, log back in under an administrator account, and copy the contents of your C:\Documents and Settings\Old_Username folder to your C:\Documents and Settings\New_Username folder (instructions for doing so are here). If you get prompts asking if you want to overwrite existing files/folders in the New_Username folder, click Yes.

c) Repeat step "a)".

If all seems to be well you can delete the old account, although I'd leave it in place for a while just in case.

Whenever I attempt to boot it up, it freezes on the Windows 98 logo, but with two "static-like" lines going through it.

Possibly an issue with your video circuitry or driver; can you boot into safe mode?

it works on every other desktop on this computer but not mine.

Do you mean that IE is broken under your user account, but works with all other accounts on the system? If so, what happens if you create a new user account and try to use IE from there?

Have Hijackthis fix these as well:

O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svhost.exe -sr -0
O16 - DPF: {10000000-0000-0000-0000-000000000000} - http://213.159.118.226/x/x.exe

Once done, delete the C:\WINDOWS\svhost.exe file.

Also- FlashGet is Adware; you should remove it. Have HJT fix all entries related to Flashget and delete any FlashGet folders/files that you find on your system.

Some infected files cannot be removed if they live in certain Windows folders such as system restore folders. Did your AV program indicate the location of the files it was unable to delete? If so, give us that info.

Also- run HijackThis and post the full contents of the log file it generates; the information in that log can tell us a lot.

One of these suggestions should help:

http://www.annoyances.org/exec/show/article04-103

That message is indicative of a trojan/spyware infection. I'm moving your thread to our Security forum; read the other threads there to find out how to download and use recommended detection and removal tools such as Ad Aware, SpyBot Search & Destroy, and HijackThis. Also run a full system scan with your anti-virus program, making sure that you install the lastest virus definition updates for the program before running it.Read the following thread for more information and suggestions:

http://www.daniweb.com/techtalkforums/thread5690.html

Cool- in that case, I'll mark this thread as solved.

Glad we could be of assistance :)

Just curious- did deleting the "WindowsRegKey..." help anything?

Ok- given Mother Nature's activity in your area lately, it's quite possible that the tech will find something to be truly fried. Give us an update once they've visited.

You're welcome, glad we could help! :)

This sounds like the same issue.

Yes, it does. Windows is telling you that it can't negotiate with the router to obtain IP info from the router via DHCP. Doing so is called "renewing the IP lease", hence the error message.

To set IP manually in XP, go to "Network Connections", which should show up as a submenu under your Start button menus.

- Right-click on the connection you want to configure (Local Area Connection is the wired connection, Wireless Network Connection is, um... obvious).

- Choose Properties

- Under the General tab of the Properties window, scroll down to the bottom of the list of items and double-click on the Internet Protocol (TCP/IP) entry.

- In the resulting window, select "Use the following..." for IP Address and DNS server address.

- In the IP section, enter the values I posted before; for a DNS server, try 206.133.119.72.

- Click OK twice to close the properties windows.

- If you try the IPconfig /all command again, it should reflect your changes.

- Turn off the computer, the modem, and the router. Turn the equipment back on in this order, letting the router and modem go through their power-up cycle before turning on anything else:

Router, modem, computer.

If that works, you should now be able to get to the router setup page at 192.168.0.1. Make sure the router is set to provide IPs to the LAN with DHCP, and …

Sorry, my bad- you'll have to manually configure your IP settings as follows before you'll be able to try to get to the router's web config page:

IP address: 192.168.0.5
subnet mask: 255.255.255.0
gateway IP: 192.168.0.1

A reboot might be a good idea after making those changes.

Is 192.168.0.1 really the address of the router? Actiontec doesn't seem to have squazoola in terms of support info on their site.

Try deleting the "WindowsRegKey..." entry.

Thanks for understanding tggoodrich.

I know that a lot of forums have no guidelines concerning "piggybacking" onto another thread, but many do; it reduces the chaos and makes it easier to methodically work through each individual's problem. :)

Have you been able to check the router's configuration settings yet? I'm not familiar with your particular model, but there should be a way for you to verify that it is obtaining IP info from your ISP on the WAN port and serving IP addresses to the LAN via DHCP.

Also, if the wi-fi adaptor came with any configuration/diagnostic utilities, see what those have to say.

Obviously, without being able to sit in front of your computer, it's rather difficult to say if the router is actually dead or not at this point.

Hi tggoodrich,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforu...b_faq#faq_rules

Thanks for understanding.

Try booting directly to the command prompt (or booting from a rescue disk) and deleting it with the "del" command.

Hey ashagirl....be sure to start your own thread instead of asking your question in another person's thread. :) That way, you will get the help you're seeking faster than by posting in someone else's thread, no matter how similar the problem is. Someone will help you out as soon as they can I'm sure. Good luck! :)

ashagirl, deonnanicole is right. We do ask that members start their own thread as opposed to tagging their questions onto an existing thread (for exactly the reasons deonnanicole mentions). Being a new member, you might want to check out the full description of our posting guidelines at the following location:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

OK, I checked the thread in Seurity, and it's one I've been working with you on already. Sorry, but at the moment I have to start thinking about dinner, so let me review and digest all of this and get back to you tomorrow morning.

Take a good, thorough look at the router's configuration; it sounds like the router might have taken a hit in the storm. One of my client's routers does something similar during power outages in that it "forgets" its settings and resets itsaelf to its default values, which are not the values he needs to get online.

I'll check the thread in Security right now and get back to you on that.

The 169.254. IP address indicates that your computer is not communicating properly with the router (that is, it is not obtaining its IP info from the router via DHCP).

Is it just the wireless computer that's having problems, or are you unable to connect to the network from either system?

The programs you mentioned shouldn't be causing the problem.

When did the problem start, and had you made any othre changes around that time?

Have you run SpyBot and Ad Aware SE yet? If so, did they find any major nasties on your system? If so, there might be components of other malicious programs still living in the computer which are interfering with your browsing. Since most of these programs target Internet Explorer, one good way to narrow down the possibilities is to download another browser such as Netscape, Opera, or Firefox; if those browsers work, then you'r problem is most likely specififc to IE.

Thanks for the confirmation- marking as solved...

OK- thanks for that info.