i would try reformatting the computer.. there are instructions in dell support/solutions/reinstall guide.. it is easy to reinstall win xp, but it is time consuming.. you need to save anything that you want to save before reformatting the harddrive, like "favorites", pictures, documents, etc. at the same time, i would be careful about what files you save, since you could mistakenly save malware and then reintroduce it to the computer after you have reformatted..
the first thing is to adjust the bios settings moving the cd-rom drive up to "first boot deivce"
after moving the cd-rom drive up to "first boot device" in the bios settings, put the win xp cd in the cd-rom drive, and reboot the computer.. you may see a message on the screen that says "press any key to boot from the cd".. "press any key to boot from the cd".. the computer will boot from the win xp cd.. then follow the simple prompts to reinstall win xp, deleting the partitions, and then "creating" a partition..
after reinstalling windows xp, you need to have a firewall running before reconnecting to the internet.. i have the kerio 2.15 firewall split onto 2 floppy disks.. you could try using the win xp "icf" firewall, but it is not compatible with AOL. if you are using AOL and you do not have a firewall saved to disks, in that case i would use the aol browser (not internet explorer) to go to a website where you can download a firewall, install the firewall, then install windows updates.. after installing win xp, you need to install your "chipset drivers" first, off of the dell "drivers and utilities" resource cd..
sometimes, i am too quick in posting replies.. you could look in the event viewer to see if you see any "errors" listed there.. you could look in the task manager to see if there are any strange processes running.. (maybe you have some "trojan" running that doesn't like being shut down).. you could download and run "hijackthis", posting your results in the "virus" forum..
How does your computer freeze when connected? We have been having the same problem for months and cannot seem to resolve it. We can go to certain sites then (for no reason or pattern we can determine), it pops up a message saying "server busy -- program cannot be performed because the other program (or program manager) is not responding. Choose "switch to" to end the program". The screend freezes and we have to ctrl/alt/del to logout of the program. It always happens when trying to get to a site like az lyrics but will happend spontaeously other times.
We have tried everything and cannot resolve the problem. This started happening around the same time the two following programs started saying they couldn't shut down whenever we turned the computer off and we have to manually shut them down -- rundll32.exe and wupdater. I think they're connected somehow but am computer illiterate when it comes to this stuff.
We may try to completely reinstall windows xp. We've been having the net problems as well as our computer running extremely slowly.
I'm interested in what anyone thinks and Lin, what your freeze problems are and if you've been able to come up with anything to fix it.
There seems to be no real reason for the freeze. When it does freeze, it is very difficult to get off. I usually have to use the task manager to end any open programs.
I am going to attemp to use the kidnapthis program to post what processes are running and hopefully someone will recognize one that is "suspicious".
"wupdater.exe" is a known spyware component. In addition to scanning your machine with an up-to-date virus scanner, download, install, update and run Ad-Aware and Spybot as described in
this article by ChrisRLG. If you continue to experience problems, the next step is to download HijackThis, a malware analysis and removal tool, install it as described ChrisRLG's article, and submit a log to the good folks in the
Virus Information and Removal board for review. Be sure to post the log in a new message, and describe the problem you're experiencing.
I ran the kidnap this and saved the log file, not really sure how to relay the infor here, so I hope by copying and pasting. Some sense will come of it all. I also noticed that I am running 45 tasks, and some seem to be duplicates ***sigh*** TYVM
Logfile of HijackThis v1.97.7 Scan saved at 3:50:25 PM, on 6/13/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
The "copy and paste" worked fine, except that your log needs to be posted as a
new message in the Virus Information and Removal board. Be sure to include a description of the problems you've been experiencing, and the steps you've already tried.
You should also create a folder called
c:\hjt, move HijackThis.exe to that folder, and run it from there before you post your log in the Virus Information and Removal board.
Did you download, update, and run Ad-Aware and Spybot as described
here?
(edit to provide direct link to Spybot/Ad-Aware instructions)
redwolfe_98
2 Intern
•
1.3K Posts
0
June 12th, 2004 17:00
i would try reformatting the computer.. there are instructions in dell support/solutions/reinstall guide.. it is easy to reinstall win xp, but it is time consuming.. you need to save anything that you want to save before reformatting the harddrive, like "favorites", pictures, documents, etc. at the same time, i would be careful about what files you save, since you could mistakenly save malware and then reintroduce it to the computer after you have reformatted..
the first thing is to adjust the bios settings moving the cd-rom drive up to "first boot deivce"
http://support.dell.com/us/en/kb/document.asp?DN=1080487#BIOS
i would also use dell's harddrive "debug" (before installing windows xp)
http://support.dell.com/us/en/kb/document.asp?dn=1011054
after moving the cd-rom drive up to "first boot device" in the bios settings, put the win xp cd in the cd-rom drive, and reboot the computer.. you may see a message on the screen that says "press any key to boot from the cd".. "press any key to boot from the cd".. the computer will boot from the win xp cd.. then follow the simple prompts to reinstall win xp, deleting the partitions, and then "creating" a partition..
after reinstalling windows xp, you need to have a firewall running before reconnecting to the internet.. i have the kerio 2.15 firewall split onto 2 floppy disks.. you could try using the win xp "icf" firewall, but it is not compatible with AOL. if you are using AOL and you do not have a firewall saved to disks, in that case i would use the aol browser (not internet explorer) to go to a website where you can download a firewall, install the firewall, then install windows updates.. after installing win xp, you need to install your "chipset drivers" first, off of the dell "drivers and utilities" resource cd..
http://eu.download.kerio.com/dwn/kpf/kpf2-en-win.exe
Message Edited by redwolfe_98 on 06-12-2004 03:09 PM
NVRambo
1.9K Posts
0
June 12th, 2004 17:00
Message Edited by NVRambo on 06-12-2004 01:53 PM
redwolfe_98
2 Intern
•
1.3K Posts
0
June 12th, 2004 18:00
sometimes, i am too quick in posting replies.. you could look in the event viewer to see if you see any "errors" listed there.. you could look in the task manager to see if there are any strange processes running.. (maybe you have some "trojan" running that doesn't like being shut down)..
you could download and run "hijackthis", posting your results in the "virus" forum..
http://www.spywareinfo.com/~merijn/files/HijackThis.exe
http://forums.us.dell.com/supportforums/board?board.id=si_virus
bat29
2 Posts
0
June 13th, 2004 19:00
How does your computer freeze when connected? We have been having the same problem for months and cannot seem to resolve it. We can go to certain sites then (for no reason or pattern we can determine), it pops up a message saying "server busy -- program cannot be performed because the other program (or program manager) is not responding. Choose "switch to" to end the program". The screend freezes and we have to ctrl/alt/del to logout of the program. It always happens when trying to get to a site like az lyrics but will happend spontaeously other times.
We have tried everything and cannot resolve the problem. This started happening around the same time the two following programs started saying they couldn't shut down whenever we turned the computer off and we have to manually shut them down -- rundll32.exe and wupdater. I think they're connected somehow but am computer illiterate when it comes to this stuff.
We may try to completely reinstall windows xp. We've been having the net problems as well as our computer running extremely slowly.
I'm interested in what anyone thinks and Lin, what your freeze problems are and if you've been able to come up with anything to fix it.
thanks.
Jo
Linderloo
6 Posts
0
June 13th, 2004 21:00
There seems to be no real reason for the freeze. When it does freeze, it is very difficult to get off. I usually have to use the task manager to end any open programs.
I am going to attemp to use the kidnapthis program to post what processes are running and hopefully someone will recognize one that is "suspicious".
Thanks!
jwatt
4.4K Posts
0
June 13th, 2004 21:00
"wupdater.exe" is a known spyware component. In addition to scanning your machine with an up-to-date virus scanner, download, install, update and run Ad-Aware and Spybot as described in this article by ChrisRLG. If you continue to experience problems, the next step is to download HijackThis, a malware analysis and removal tool, install it as described ChrisRLG's article, and submit a log to the good folks in the Virus Information and Removal board for review. Be sure to post the log in a new message, and describe the problem you're experiencing.
Jim
Linderloo
6 Posts
0
June 13th, 2004 21:00
Linderloo
6 Posts
0
June 13th, 2004 21:00
I ran the kidnap this and saved the log file, not really sure how to relay the infor here, so I hope by copying and pasting. Some sense will come of it all. I also noticed that I am running 45 tasks, and some seem to be duplicates ***sigh*** TYVM
Logfile of HijackThis v1.97.7
Scan saved at 3:50:25 PM, on 6/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\REGSDE~1\remote skip.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Support\bin\ClientApplicationFramework.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lin\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.html?http://my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://yahoo.sbc.com/dsl
O2 - BHO: (no name) - {00ED7FCC-56E2-175C-B2EB-D73ACA5D8E2B} - C:\PROGRA~1\COPYON~1\Mpeg that.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_19_0.dll
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: bone ping dent - {4FCF19F8-5817-567A-29E9-B51FA630E0D5} - C:\PROGRA~1\COPYON~1\Mpeg that.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [byte dash] C:\PROGRA~1\REGSDE~1\remote skip.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunServices: [soundtask] soundtask.exe
O4 - HKLM\..\RunServices: [soundcontrl] soundcontrl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [Q814995] rundll32.exe apphelp.dll,ShimFlushCache
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1086991810203
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/14dc5ed8ba0cb8ccd202/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} (RegConfig Class) - http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38114.6646412037
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53E7A5D5-A6BE-464B-A239-BAC97C4533FB}: NameServer = 64.164.99.50 206.13.30.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{53E7A5D5-A6BE-464B-A239-BAC97C4533FB}: NameServer = 64.164.99.50 206.13.30.12
jwatt
4.4K Posts
0
June 14th, 2004 03:00
The "copy and paste" worked fine, except that your log needs to be posted as a new message in the Virus Information and Removal board. Be sure to include a description of the problems you've been experiencing, and the steps you've already tried.
You should also create a folder called c:\hjt, move HijackThis.exe to that folder, and run it from there before you post your log in the Virus Information and Removal board.
Did you download, update, and run Ad-Aware and Spybot as described here?
(edit to provide direct link to Spybot/Ad-Aware instructions)
Jim
Message Edited by jimw on 06-13-2004 09:39 PM