Posts by DMR

Hi dominomack,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforu...b_faq#faq_rules

Thanks for understanding.

Sounds like you got reinfected. Did Ad Aware remove it for you?

Alright- keep us posted either way. Can you tell us what exact settings you changed that (hopefully) fixed teh problem? If you can post that info here it couldl help others who might be having similar problems.

Thanks.

Glad you got it sorted out. :)

If you're sure that the driver did the job, could you let us know so that we can mark this thread as solved please?

Thanks.

Try this: Instead of having the router dynamically assign your IP/DNS info, set the IPs statically instead and turn off DHCP in the router. For the DNS entries, use the IPs of your ISP's DNS servers; you can probably get that info from their website. Unless you've got a large network, DHCP isn't necessary, and in this case it might be the root of your problem.

guess there can't be any rogue programmes doing bad stuff if spybot etc doesn't detect them ?

Unfortunately, that's definitely not true- there is no single utility which can reliably detect and remove all of the malware out there. At the very least, you should run Ad Aware in conjunction with SpyBot.

Given what you've told us, it really does sound like a DNS problem. Have you contacted your ISP to see if they know of any problems with their DNS servers? The problem might be on their end; can't hurt to check the possibility...

Hi Matt- welcome to the site!

- Can you find websites by their IP address as opposed to URL? For instance (using Google as an example): if you enter http://64.233.167.99 into IE's address bar instead of http://www.google.com, can you reach the site?

- When IE craps out, can you still ping sites either by IP or URL? Again using Google, open a DOS box and try the following two commands:

ping 64.233.167.99
ping www.google.com

- Also ping the IP of your router.

- "Have run spybot and ad-aware and have nothing that could seem to cause probs..." Are you positive about that? I'm assuming the programs did find and fix some things, yes?

My problem is when every I want to open this browser it close in by itself in a without warning.

Scan your system for viruses, spyware, and other infections; malicious programs can seriously alter and damage IE. Read the threads in our Security forum for more information on how to detect and remove the "nasties". If you find that you're infected, please start a separate thread in the Security forum and post your info/questions there- we don't deal with those sorts of problems in any other forum but Security.

It definitely sound like a driver issue. What's the make/model of video card, and what driver does Device Manager indicate that the system is using for it?

You're welcome, glad we could help! :)

OK- you've got a number of things going on (and going wrong); one of the indications of that is that you have programs running from your C:\Documents and Settings\ashleyorlib\Local Settings\Temp directory. Legit programs are never run from Temp directories.

Before you do any thing else:

- Reboot into safe mode and, for every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Find and delete the following files:

C:\WINDOWS\System32\MtyJ62F.exe
C:\WINDOWS\System32\dp-him.exe
C:\WINDOWS\System32\SearchBar.htm
rpcend.exe
msrrv.exe

- Also delete the entire content of your C:\Windows\Temp folder.
- Empty your Recycle Bin.
- Reboot normally.

If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. The same goes for any messages concerning .exe files- those are the files you want to delete.

After rebooting, rerun HJT and have it fix any of these entries if it finds them:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

Any HJT entries which indicate "(file missing)" or (no file)

O4 - HKLM\..\Run: [BQW] C:\documents and settings\ashleyorlib\local settings\temp\BQW.exe
O4 - HKLM\..\Run: [ML] C:\documents and settings\ashleyorlib\local settings\temp\ML.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\MtyJ62F.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [A] C:\documents and settings\ashleyorlib\local …

Thanks for that Ashley.

Now that we can see the full info though- I see that you're not using the latest version of HJT. Sorry to say this, but you need to download the latest (1.98.2) version and post the contents of the logfile that that version generates.

I have downloaded Spy Sweeper and the problem has gone.

adria

Glad that worked for you. Traditional anti-virus programs don't do a very good job of detecting "spyware", so you do need to run anti-spyware utilities in conjunction with your AV utility

Hi Ashley,

The contents of the logs you posted are incomplete- please run HJT again and choose the option to save the logfile once the scan is done. Once you've saved the logfile you should be able to open it Windows Notepad; select all of the contents of the file from there and paste it here.

Please post more specific info on the exact text of the error messages if possible; we'll be able to get you a solution more quickly that way.

camelNotation:

In your post you stated: "I was asked to read and post in this thread", but I think you misunderstood; what I had asked you to do was to read the suggestions in caperjack's post in this thread, not to put your own post here.

I've split your post into its thread located here:
http://www.daniweb.com/techtalkforums/showthread.php?t=9286

Yes- POP seems to be some sort of online dating crud. It is an indication of a malware infection, and could certainly be connected to your Internet Exploder problems. I'm moving this to our Security forum so that our experts there can offer their advice.

Could you give us more specific information on exactly what problems you're having with IE? Having that information could help us more quickly pinpoint the culprit.

Webhancer had been previously removed through the add/remove programs, but had apparently left some pieces of itself behind.

Yes- the WebHancer uninstaller is bogus; it does leave pieces of itself on your system.

One question remains: Should I let HJT fix
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank ??

It would be safe to do that, yes.

Is the pattern of the beeps always consistent? If so, what is the pattern/duration and how many times does it repeat? For example: one lonng beep-two short beeps- two long beeps.

Sorry- don't have much time to reply right now, but have HJT fix these for starters:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/26606925564226...ip/RdxIE601.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://www.plaxo.com/activex/PlaxoInstall.cab
O18 - Filter: text/html - {70A3F011-A9C0-4929-A84E-CC1C6B92FEE6} - C:\WINDOWS\SYSTEM\FBP.DLL
O18 - Filter: text/plain - {70A3F011-A9C0-4929-A84E-CC1C6B92FEE6} - C:\WINDOWS\SYSTEM\FBP.DLL

Delete the contents of all Temp, Temporary Internet Files, and Cookie folders. Empty your recycle bin. reboot.

also... u might want to try and update ur hijack this becuase ur thing didnt find the 018 files like mine did...

Good catch Silent; thanks. Yes- HJT is currently at version 1.98.

LSchwartz0,

Download and run the latest version of HJT and post a fresh log so that we can verify that you're clean; a lot of these nasties will pop back to life if you haven't removed every single bit of them.

#1- Uninstall NoAdware; the program is bogus. More on the reasons why here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

You're fairly well infested; I'm moving this to our Security forum so that our virus/spyware experts can look through your log. (By the way, just for future reference you should be aware that the Security forum is the only forum on this site where HJT logs should be posted).

Right then, thanks for the follow-up!

delete it from ur registry and reinstall or if your system restore goes back to when u didnt have this problem then do that

More info on that can found in the links returned from this Google search:

http://www.google.com/search?hl=en&ie=UTF-8&q=%22internet+explorer%22+reinstall+registry&btnG=Google+Search

Have you checked your system for Adware/Spyware infections? They can cause the type of problems you describe, and it would be good to determine if they play a part in your problems.

Have a read through the posts in our Security forum for information about how to get and use most-often recommended (and free) program that you can run to detect and remove any malicious pests that might have infested your system. Links to some of the utilities are are also in my sig file below.

*Note that if you do find Spyware/Adware/etc. to be part of the issue, please start a separate thread in the Security forum which details what you've found; we really want to keep "malware"-related questions concentrated in that forum rather than have them spread throughout the other forums.

You're welcome- glad we could help. :)

Are you sure that did the trick? If so, we'll mark this thread as "solved"

Hey again,

Have a look through the threads in the Security forum (and the links in my sig file below as well) for info on downloading and using the "Spyware" detection and removal tools we recommend.

Your HJT log does indicate that you have a few "unwanted guests" on your system, but it's dinner time in my end of the world, so I'll leave the log analysis to crunchie; he should be online in a few hours.

Hi cannonfire- welcome to TechTalk :)

Your problem is most likely spyware related, but we deal with those issues in our Security forum, so I'm moving this thread there now so that our security experts can examine your HJT log.

What make/model of sound card do you have? You might be able to download the software for it from the manufacturer's website.

Right-click on My Computer and in the menu that pops up go to Properties->Hardware->Device Manager. Do you see any red "X"s or yellow exclamation points next to any of your sound devices?

But I found XoftSpy via a link from this site so that gave me the little extra nudge of encouragement...

If you're talking about that recent post (I can't remember which one) where a user said XoftSpy fixed things that Ad aware, SpyBot, etc. couldn't- beware. We don't verify, audit, or edit user comments on a particular program; just because "someone" said it works, don't bite that worm without checking it out yourself.

And yes, caperjack is right- the program is, at the very least, known to give false-positives to entice you to buy the full version.

1. Quit any web browser program if open and then have HJT fix all of the entries ending in: (no file).

2. You can also kill this one:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

3. Are you behind a proxy? If not, fix these as well:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.242.16.8:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.*.*.*;<local>

4. For every user account in C:\Documents and Settings, delete the contents of the following folders:

- Cookies
- Local Settings\Temp
- Local Settings\History
- Local Settings\Temporary Internet Files

5. Empty your Recycle Bin

6. Reboot

Hey cj- glad you got it going. Don't forget to send them the bill. :mrgreen:

OK. No need to delve into it too deeply as long as you got it working- I was just curious...

Depends on exactly what you mean by domain name and where it was changed. If you mean that he changed the computer's name or the name of the workgroup it belongs to, that shouldn't have killed access to the Internet. Since the Mac address and probably the account name given by the ISP are now being "spoofed" by the router, changing computer or workgroup names on the LAN side of the router shouldn't prevent Net access.

Hmm... although, I'm assuming the router is performing NAT. It is, isn't it?

Give us your detailed system specs please

The actual makes/models of your video and audio cards would be of particular help since you've said that the power-down happened during a gaming session.

Good catch dmbfan819- let us know if the new RAM solves the problem; that could definitely be helpful information for others who might have similar problems.

Give us your detailed system specs please- this has been known to happen with certain hardware drivers Turtle Beach's Santa Cruz sound card for one).

Also- have you changed/added/removed any hardware or software just prior to this happening?

The Internet connection won't work, or is it that the wireless connection between the computers and the router can't be established at all?

1. See if the LAN-side of things is working. The D-Link is probably acting as a DHCP server, using IPs in the 192.168.0.x range; the D-Link router's default Lan-side IP is 192.168.0.1.

- On both computers, open a DOS box and do:
ipconfig /all

Are the computers obtaining valid IP, DNS, gateway, etc. info from the router? If so, note each puter's IP addy.

2. Ping each puter's IP from the other. Ping the router's IP from both machines.

3. Try to ping an Internet site by URL and by IP:
ping www.google.com
ping 64.233.167.99

4. See if the WAN side of the router id getting proper IP info from the ISP by going to the router's setup utility (if possible, of course) and checking the status page.

Great- glad you got it.

Is everything OK now? If so, we'll mark this thread as solved.

"but if you mean the bit that was entered when windows was installed it just says "a"

That is strange- "a" is definitely not a built-in Windows account. You are trying all of this while logged in as Administrator, right?

Yeah, as I said- if it's a buit-in system account you won't be able to delete it. What's the exact account name?

Catweazle- I totally understand what you're saying, but when you're helping an end-user walk through a procedure or troubleshoot remotely, you need to see through the eyes of that user. If an action they need to perform appears on-screen as "Delete", then using any other name for that option but "Delete" is what will (as was the case here) cause the confusion.

Poll closed due to the totally non-technical topic.

Still can't remove it.

You are logged on as Administrator while trying to do this, yes?
What's the name of the account? Is it just a normal user account that you created, or is it a built-in "system" account? If the later, you won't be able to delete it. Also, if the account you are trying to delete is logged on in a different session (via "fast user switching"), the delete won't work.

I'm confused about what you say about not deleting and instead "removing" ... I'm only given the option to delete the account.

In XP that is correct; the option that appears is named "Delete".

You're welcome, glad we could help :)

I think it's amazing that you share your time and knowledge so generously.

Actually, we only do it because the site admin bribes us with lots of chocolate chip cookies.

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/CookieMonster.jpg[/img]

Could you tell how you got it? Posting that information here could help others in the future.

Thanks.

Did you try step #2 of my above post? If so, did that give you the same error?

Does this behaviour still exist when logged into the Admin account in safe mode?

- When did this start happening?

- Have you verified that your Internet connection to your ISP is functioning? Try these steps and see what you get; tell us what happens for each step:

1. Open a DOS box and type the following commands (in order) at the prompt:

ping localhost
ping 127.0.0.1
ping www.google.com
ping 64.233.167.99

2. Open Internet Explorer and type the following in the Address bar:

http://64.233.167.99