Posts by DMR

The following command would not not open the file in the DOS editor?:

edit C:\config.sys

"Please download and run HijackThis; you can download the program from this location".

:mrgreen:

I've seen this before:

O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL

It's part of some nasty, or at least, some on other forums have indicated so, might be worth taking a look into. One thing I know about this is that the filename isn't always the same. Hope this helps one of the experts get you squared away. :)

Thanks DuncanIdaho, I totally missed that one- I guess that's what I get for posting at 1:30 AM. [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/sleep.gif[/img]

You're right- that entry should be fixed by HJT, and then the ATPART~1.dll file should be deleted if it still exists after the HJT fix and a reboot.

SolitaryIvy1,

The "~1" in the filename is a truncation, so ATPART~1.dll will not be the file's real, full name. In the Folder Options under the Tools menu of Windows Explorer, select "Show hidden files and folders", deselect "Hide protected operating system files, and then look in your C:\WINDOWS\System32 folder for the file whose name begins with ATPART. Delete that file if you find it.

Usually the inability to ping indicates something lower-level than a browser problem, but in this case, since you've said that Netscape works fine, my guess is that ping requests to/from the "outside world" are probably just being blocked by your school's IT dept. for security reaons.

everything else is fuctioning other than the internet explorer itself.

Unfortunatley, everything else isn't functioning if you can't even ping. :sad:

- Try to ping the IP of your own machine.

- Try these two pings and post the results:

ping localhost
ping 127.0.0.1

Also- post the output of the following command:

route print

Can you post the contents of your config.sys file please?

OK- your log is much cleaner now. Only two things bother me:

1. This isn't good, but I don't know where it's coming from; I'll need to research it further:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cxhmluqhbc.com/sdZCTnEPn.../V2ZsHDgls.html

2. This indicates that you are, or were, infected by a variant of the Trojan.Win32.dialer trojan:

O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll (file missing)

More info on that here:

http://www.pestpatrol.com/pestinfo/t/trojan_win32_dialer_bi.asp

If you haven't already, make sure your version of Norton anti-virus is using the absolute latest virus definition update and run a full system scan.

You should probably also download and install SpywareBlaster and Spywareguard; they'll protect your system from many malicious programs. You can download both from http://www.javacoolsoftware.com.

Your HJT log doesn't report any evidence of a broken or corrupted TCP/IP stack, so...

How are you connected to the Internet (cable, DSL, Dial-up, etc.), and what hardware is involved?

If you have cable or DSL, are you using a broadband router or do you connect directly to the modem? If you use a router, can you ping the IP of the router (usually 192.168.0.1 or 192.168.1.1)?

If you use broadband and connect directly to the modem, is the connection USB or Ethernet?

Your log file is pretty clean; are you sure you don't have a DNS issue instead?

Try reaching a website by its IP address instead of its URL. Using Google as an example, in Internet Exploder's location bar, type the following:

http://64.233.167.99

Does that take you to Google?

Also try opening a DOS box and typing the following commands. Tell us the results of each:

ping www.google.com

ping 64.233.167.99

1. Have HJT fix the following entries:

   R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-websearch.com/
   R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
   R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
   R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/
   R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cknngbjfxemnxguswksvmkd....q/V2ZsHDgls.jsp
   R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://super-websearch.com/
   N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.ybqwppoymawzbswhtg.uk/sdZCTnEPnHjV0XIKW2rke/ig8aboOBpSJeupFGWeawI.htm");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ksr5z8uk.slt\prefs.js)
   O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll (file missing)
   O2 - BHO: (no name) - {A63A9964-F360-E762-CA30-29EF6A52695B} - C:\PROGRA~1\INSIDE~1\bait enc.exe
   O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
   O4 - HKLM..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
   O4 - HKLM..\Run: [zczqtqx] C:\WINDOWS\zczqtqx.exe
   O4 - HKLM..\Run: [modedate] C:\PROGRA~1\BOOBAR~1\Exit Global.exe
   O4 - HKLM..\Run: [morewindowmpegbrowse] C:\Documents and Settings\All Users\Application Data\Aim close more window\Dent4.exe
   O4 - HKCU..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe
   O4 - HKCU..\Run: [key] C:\WINDOWS\System32\winxp.exe
   O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
   O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
   O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com...19106/flash.cab
   O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
   O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://directplugin.com/tl4000.dll

Then:

• Reboot into safe mode (hit the F8 key as your computer is rebooting; before Windows starts) and, for every user account listed under …

...can i move memory from the full one to the empty one...

There's no such thing as "memory" on a hard drive (unless you're talking about the virtual memory swapfile). With that in mind, could you more clearly explain what you mean in your quote above?

How exactly did you password protect the drive? That is, what program/process did you use?

Please read the announcement concerning HijackThis logs at the top this forum's main page. HJT logs are only to be posted in our Security forum, as that is where we concentrate on Spyware, virus, etc. issues.

If you do decide to post your log there, please post the entire log; yours is missing some crucial header information. To get the full contents of the log, choose the "Save log" option after you scan and save it someplace convenient. That will create a text file called hijackthis.log which you can open in Windows Notepad; cut and paste the entire contents of that file into your post.

well first i installed windows xp and then i installed suse linux on my computer.
for windows xp -cdrive ,d drive ,e drive
for linux i made a seperate partition
to reinstall the linux it encounters the problem!!!.

To try to answer your question though-

- On which drive are you trying to install SuSE, and how is that drive partitioned.

- When you say "it encounters the problem", what is the exact error message concerning the partition table?

- What program/utility are you using to partition the drives?

No, my request was not rude; trust me- you would have gotten a much more pointed response on some of the other tech support forums out there.

On any support site it is considered impolite to wait less than 18 hours after asking your question before demanding that members "come up with some solution as early as possible!!!!".

If we're dealing with a language difference (that is, English is not your primary language), then I apologize for my possible misinterpretation of the tone of your post. If the way your post reads is exatcly the way you meant it to read however, I stand by what I've told you.

If you have further questions as to my posts, please contact me via the forum's Private Message function; the forums themselves are not a venue for arguments or disagreements.

Thank you.

when I open a new web page, it also just sits there, I have to hit stop and refresh for it to load.

Yes, your TCP/IP software has been corrupted; that's what the following entries in your log are indicating:

O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing

Also, you are running HJT from within a Temp directory. You need to create a separate folder for HJT (like C:\HijackThis or C:\Spyware Tools\HijackThis) and run it from there. Do that, and repost your log.

To get rid of the Bridge.dll error, have HJT fix fix the following entry:

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

Hi

First you need to download, update and run both Adaware and Spybot S&D, both free.

then you need to unzip HijackThis.exe into a permanent folder of its own, this is so you dont lose any backups.

Run a HJT scan and post the log

Yes- HJT will create backup files which you can use to recover from having HJT "Fix" something it shouldn't have. However, HJT cannot create these backups when it is run from inside any Temp/Temporary folder. Creatre a folder such as C:\HijackThis or C:\Spyware Tools\HijackThis and then do as p3-450 suggested.

no replys till now !!!!!
why
help me its important as i need linux on my computer urgently, come up with some solution as early as possible!!!!

Please do not post such a demand here again- it is simply rude.

Everyone's problem here is urgent, and your's is no more urgent than any other. Also keep in mind that we volunteer our time here, and are under no obligation to do so other than our desire to help. Believe me, if our members have a choice between answering a politely-asked request for assistance and a demand such as yours, the politely-asked question will get the attention.

Moving this to the Security forum now...

scot_wil,

Please don't post your logs as attachments; repost, and just cut and paste the contents of the entire log into your post. Also- HJT logs are only to be posted in the Security forum.

Thanks.

...and try copy it from windows folder to the config.sys file.

Um, I'm not sure what you're trying to say there, but you can't copy himem.sys to config.sys. I'm sure you mean something else.

- If you have a boot floppy, boot from that and try the following command at the A:> prompt:

copy himem.sys C:\winodows

If you get a prompt saying that himem.sys already exists, choose to overwrite the existing file.

If you don't have a boot floppy, try the following suggestions:

"To install a fresh copy of the himem.sys, you will require the Windows setup CD or a copy of the setup .cab files, specifically you will be requiring the base4.cab file. If you have a boot disk, please start the system with it, otherwise start the computer and press F8 function key to bring up the safe mode menu and select the MS Dos mode. Once in the MS Dos prompt, go to the location where the setup .cab files are and run the command "extract /a /y /e /l c:\windows base4.cab himem.sys". This will extract a fresh copy of himem.sys file to c:\windows. You can find the setup .cab files in any of the following locations:

1) If you have an OEM installation you will find the Windows 98 installation .cab file in c:\window\Options\cabs.

2) If you have taken a copy of the \win98 folder from the installation disk to any of your drives i.e. c:\win98 etc, then run …

First of all- what processor is in the computer, what is the speed, and how much RAM does it have. If you have an old, slow processor and a relatively small amount of RAM, there's only so much you can do to get any measurable performance boost out of the beast.

One thing to do is to make sure that you aren't starting up any programs that you don't absolutely need. A lot of programs (AIM, MSN messenger, multimedia programs, etc.) will set themselves to automatically run when Windows starts, and even if you aren't actively using them, they're still idling in the background chewing up memory and other system resources.

You can see (and alter) what programs are set to run at system startup by choosing the "Run..." option under your start menu and typing the following command in the resulting dialog box:

msconfig

Here's a short tutorial on msconfig:

http://netsquirrel.com/msconfig/

Just FYI-

Recycler is a hidden system folder. To make it visible, open Windows Explorer, click on the Tools menu, and choose Folder Options. Under the View tab of the Folder Options box, uncheck the "Hide protected operating sytem files" option. Close Explorer and reopen it; the Recycler folder will be visible.

- What version of Windows?

- Exactly where is the drive "not showing up"? On the desktop? In Device Manager? In My Computer? In the Disk Management section of your Computer Management Administrative Tool.

I don't know if this will cure the problem, but it might:

Click on the "Run..." option under your Start menu; in the resulting dialog box, type:

services.msc

- Right-click on the Secondary Logon service and choose Properties.

- In the General tab of the Properties window, click the Stop button to shut
down the service.

- In the Startup Type drop-down menu, choose "Disabled".

- Click OK and close the Services window.

It would really help to know why the second drive is raw to begin with. Was it ever formatted?

...though I didn't find it surprising.

Yeah- I don't think any of us will find it surprising, but just think of the miilions of users who will swallow MS's advertising hype, install SP2, and compute happily ever after because SP2 is keeping them safe and sound. :mrgreen:

Glad we could help muddle things...er, I mean- clear things up. :p

There are a few devices available which will allow you connect two keyboards to one keyboard port on the computer, but the problem is that the devices can only accept input from one keyboard at a time; input from the other keyboard is blocked until input from the active keyboard ceases. So- while you can have two keyboards connected simultaneously, they can't be used simultaneously. This isn't surprising really, because PC architecture doesn't natively support more than one local keyboard.

And in terms of SP2's supposed "security enhancements", you might want to have a read of this:

http://www.theregister.co.uk/2004/09/02/winxpsp2_security_review/

This made me ask about the possibility of another network interface/connection:

PPP adapter {81909DBB-C61F-4B2B-9240-EB4F4D03A990}:
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Inte
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.166.181.160
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 172.166.181.160
DNS Servers . . . . . . . . . . . : 205.188.146.146
NetBIOS over Tcpip. . . . . . . . : Disabled

That entry isn't normal for a machine which only has an Ethernet or Wireless connection to a broadband router.

You might try disabling the DHCP server function of your router and just manually set your IP info in your network connection's TCP/IP properties. With only one (or a few) machines on a network, connectivity is often more reliable that way. Here's a description of how to do that:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_tcpip_pro_manualconfig.mspx

When following the above instructions, these are the values you should use:

IP Address: 192.168.0.3
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1
DNS Server: 205.188.146.146

As for your HJT log, it looks like SpyBot and Ad Aware zapped everything but WeatherBug; remove the program using the Add/Remove …

Sorry again- my "real life" job hasn't left me much free time to devote the forum- I will run through your log in a couple of hours.

Techs and instructors often don't have all of the knowledge they should, but unfortunately- most of them aren't going to let you know that. :mrgreen:

In terms of deleting the Linux partition, try the instructions in this article from Microsoft:

http://support.microsoft.com/default.aspx?scid=kb;en-us;314458

Thanks- I'll move you to the XP/2000/2003 forum now...

OK- ipconfig indicates that you have two active network adapters, the first (the Wireless) apparently hooked to a local router, and the second (PPP/SLIP) apparently connected directly to an DSL broadband modem. Is the router on the local (192.168.) network connected to the Net as well?

Can you verify this and give us as much specific information as possible conncering your network/Internet connection setup, and let us know which connection is giving you the problems?

Looks fine to me, I see nothing there that looks suspicious.

What kind of 'wierd activity' are you experiencing?

Ditto here.

This is a Windows Explorer issue, not an Internet Explorer issue. Please tell me which version of Windows you use and I'll move this to the correct forum.

Thanks.

For the Outlook problem, many different possible causes for, and solutions to, an 0x800CCC0F error can be foung here:

http://www.google.com/search?hl=en&ie=UTF-8&q=outlook+error+0x800CCC0F&btnG=Google+Search

Hopefully some of the info in those links might shed some light on your other email problems as well.

Honestly- not to be rude, but please be sure you know the facts before misadvising someone else; you've gotten a lot wrong here:

Linux systems don't create partitions

Of course Linux systems create partitions. Linux has a version of fdisk, as well as a few other partitioning utilities.

in order to have partitions, and boot different OS's from them, Windows needs to be installed first.

No, but it does make life easier. Windows cannot recognise a Linux installation, and therefore cannot configure it's bootloader to boot an existing Linux installation; you have to manual configure your boot.ini after you install Windows if you want it to boot Linux also. A Linux installation, on the other hand, can detect your existing Windows install and configure that in the Linux bootloader (usually Lilo or Grub).

Linux cannot read Windows and vice-versa, that is why each OS can only see the drive associated with that particular OS.

Not true at all. Windows does not support any foriegn filesystems, incuding those used in the UNIX world, without installing third-party utilities. Linux, however, can natively read from and write to many different filesystems, including Window's FAT and FAT32; it has full read support for NTFS, and some write support (currently). One reason that a Windows partition might not automagically show up under Linux is that the option to mount the Win partition at bootup was chosen during the Linux installation. Any Windows partition can be configured to auto-mount under Linux by modifying …

As far as the problem with downloading, you haven't told us anything about what happened when you tried the suggestions we gave you links to, or even if you have tried them. Please give us specific details about what you've tried and what the exact results were.

I heard that it's a kind of algorithm that checks whether the data read from a media is actually read correctly or not

That's it basically, yes. CRC (Cyclical Redundancy Check) errors don't necesarilly mean that the source media or files themselves are corrupt, but the errors do mean the data in the copied/tranfered/converted/whatever versions of the files does not exactly (bit-for-bit or Byte-for-Byte) match the data in original. Anything involved in the chain of the copy process could be responsible for the errors; bad media, faulty drive-controller circuitry, bad RAM are all possible culprits.

Hello Redek,

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, also post the contents of your grub.conf file and a full description of your disk and partition layouts; we'll need that info in order to help you most quickly

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforu...b_faq#faq_rules

Thanks for understanding.

Hello nived32, welcome to the TechTalk!

As deonnanicole mentioned, we ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need. Please start your own thread and post your log there.

Given that your HJT log doesn't show anything suspicious (at least not that I can see), I would suggest you start your new thread in this forum, but please don't include a HJT log- those do belong in our security forum only.

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforu...b_faq#faq_rules

Thanks for understanding.

Logfile of HijackThis v1.97.7

You ran an older version of HJT this time for some reason; run version 1.98.2 and post the log.

Also- open a command prompt window as bentkey described earlier, but this time, type in the following command and post the full, enitre results here:

ipconfig /all

Sorry I don't have the time to go through your whole HJT log right now, but in terms of the specific files Norton flags but can't delete, try this:

- Reboot into safe mode and, for every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Also delete the entire content of your C:\Windows\Temp folder.
- Empty your Recycle Bin.
- Reboot normally.
- Rerun HJT and post a fresh log.

Thanks for the confirmation- marking as solved...

No problem. I hope you can spend a bit more time here; our member crunchie has been eating, living, and breathing HJT logs for months. I'm sure he'll welcome the help. :)

OS - Operating System. In other words, what exact version of Windows?

IE - Internet Explorer.

OK- thanks for that info.

- Have you checked with AOL just to make sure that they aren't having problems with the DNS servers you are using?

- Try the ping by IP address instead of URL and tell us what happens:

ping 207.68.172.246

- Reboot into safe mode and, for every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Also delete the entire content of your C:\Windows\Temp folder.
- Empty your Recycle Bin.
- Reboot normally.

- Download SpyBot, Ad Aware, and CWShredder (links are in my sig below). Run the programs and have them fix everything they find.

- Run HJT again and post a fresh log.

First of all, you need to update your version of HJT to the current (1.98.2) version; the new version can detect and fix much more than previous versions could.

Secondly, you're currently running HJT from your TEMP directory; this is not advised. When you download the newest version please create a separate folder to save it in (and run it from) such as C:\HijackThis or C:\Downloads\HijackThis. Once you scan with the updated version, please post the new log.

Also- although your current log does show infections, can you give us any more specific information concerning the actual problems you're experiencing? HijackThis is not by far the definitive tool for removing spyware, so anything more you can tell us will help.

Hi Omni,

To answer your question in general- yes.

A few things:

- SpywareBlaster is not a detection/removal utility; it's a preventative tool. In other words, it (like SpywareGuard) locks down areas of your system so that spyware can't install itself in the first place.

- Ad Aware and SpyBot are definitely the two most-used general detection and removal tools, although they won't catch everything and you need need to configure them and keep them as up-to-date as possible in order for them to most efficiently clean your system.

- Due to the extremely wide variety of malicious programs out there, there is also a wide range of utilities available to fight them. Which utilities might be useful in your particular situation would depend on your particular infection. Please post as much specific information as possible regarding what Norton reports about your infections.

- Also, download the utility called HijackThis (the download link is in my sig below). Follow the instructions below when you run it (do not ask HJT to fix anything yet; only have it scan!)

* When you download HijackThis, create a separate new folder for it somewhere on you hard drive. (something like C:\hijackthis or C:\downloads\hijackthis will do). This will allow HJT to create a backup file in this folder, which you can use to restore your settings if you have HJT “fix something that it shouldn’t have. Don’t run HJT directly from your C:\ folder or from any …