Posts by DMR

Hi dominomack,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforu...b_faq#faq_rules

Thanks for understanding.

Good thing is was hoppin' in California, sorry you all missed it. :)

Hmm, so that begs the question- where exactly in California are you? Curiousity only; I'm in Marin county.

Do I need to start a log in the security section for this????

Yup- your infested with malware, which could definitely be the root of your problems.

I'll move this entire thread to the Security forum now. Buckle up....

Cool. Again- glad we could help!

BTW,

Grinler- glad to have you on board. I know you're active on at least a couple of other support/security sites; thanks for helping out here as well. :)

Just fix this entry:

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.8.cab

Other than that you look clean.

Well, sort of clean... ;) :

O9 - Extra button: Erotic - {8E65B894-C2E9-11D5-BCD3-00E018987517} - C:\akilogos299ie\akilogos299ie.exe (file missing)

Have HJT fix that entry as well.

Once you've finished the online scans, do the ping test as bentkey suggested. When you post the results of trying the pings, please be very specific as to what happened.

In the mean time, you might also want to have a read through many of the threads in our Security forum to familiarize yourself with the issues revolving around spyware/adware/etc. Those malicious programs can play holy hell with your network connectivity (among other things), and might very well be the root of your problem.

Sounds like you got reinfected. Did Ad Aware remove it for you?

Features shouldn't have been stripped, but depending on what installation mode you used, many of the server functions may not have been installed by default.

Sorry I can't post more right now, but it's time to start dinner, so I have to log off.

Erm- your HJT log didn't seem to make it into your post... try again?

In what capacity (PDC, file server, web server, etc.); and in what network environmment?

Give us more specific info concerning the role the Mandy 10 machine will play, and in what network environment it will be doing so

dont need your help anymore

Could you tell us why? That info could help others in the future.

Thanks.

Mike is right about Spy Assassin; read more about the scam here:

http://www.netrn.net/archives2/000495.html

I had thought spy assasin was from adaware? In fact I went to that site to download it.

The URL for the real Ad Aware is www.lavasoftusa.com.

Also check out the full list of suspect/bogus vs. legit spyware utility list here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

CRC errors are usually indicative of corrupt files or corrupt media. With what machines and media are you trying to do the import/export? Give us a few more specifics of your setup.

OK, first of all:

1. You are running an older version of HJT. Please get the newest (1.98.2) version.

2. You are running HijackThis from a Temp directory, which is not recommended. When you download the new HJT version, create a separate new folder for it (some thing like C:\HijackThis or C:\downloads\HijackThis). When HJT runs, it creates backup files before it fixes anything, just in case you "fixed" the wrong thing. By putting HJT in its own folder, you'll have those files available in that folder should you need them.

Post the log from version 1.98.2 and we'll take it from there. You might also want to run the utilities Ad Aware and SpyBot before running HJT; they will detect and remove a lot of the parasites from your system. Links to those programs are in my sig below.

Hi franco802,

As noted in the announcement at the top of each main forum page, HijackThis logs are only to be posted in the Security forum. Given that, I'm moving your thread to Security now.

Hello Tay,

Please give us more details, such as a better description of the network setup/configuration, the exact version of Windows each computer is running, and a descripition of any possible changes made to the network just prior to this happening.

The error you're getting is a standard Windows networking error, indicating exactly what it says. Even if you don't think anyone else is connected, the computer seems to think they are. Remember that the Pro versions of Windows have a limit of 10 incomming connections, while XP Home only allows 5.

You're welcome, we're alwways glad to help!

I made a very thorough search of my system for the existence of those two files (svspack2.exe & quicktime.exe), but I was not able to locate them.

You're not the first member to report that happening, but not having being able to physically sit at anyone's machine, I've never found an explanation for that.

The messages that I received from ZoneAlarm firewall led me to believe that these two files are activated from somewhere in the network, not from my system. They were caught and blocked from accessing the internet by the firewall.

If you had entries for the files in the Run section of your Registry and HJT reported them as processes running from a local directory, they were definitely running from your machine.

Before fixing these two entries using HJT, they could be seen running under PROCESSES of the TASK MANAGER. This probably explains why I could not remove them in my first Scan & Fix using HJT.

Hence, I ended these two processes and then carried out the second HJT Scan & Fix. The result? They are no longer in my registry as you can see from my latest HJT log.

Right- HJT removes the run entries in the registry, which keeps the programs from loading on subsequent bootups. However, if the malicious programs are already loaded when you run detection/removal utiities, they can be harder to "kill".

Cool. You managed to delete them manually, yes? If so, you look all clear.

Hmm, we might want to take a closer look at the actual response and just confirm that:

" I have fixed the following using HijackThis as advised:

O4 - HKLM\..\Run: [svspack2.exe] svspack2.exe
O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe
O4 - HKLM\..\RunServices: [svspack2.exe] svspack2.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] quicktime.exe
O4 - HKCU\..\Run: [svspack2.exe] svspack2.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] quicktime.exe

I could find no trace of them in my latest HijackThis log..."

alantanel,

(As crunchie got me hip to some time ago; credit where credit is due): once you had HJT fix those entries, you still need to search your system for those files and delete them manually. HJT fixes the Registry entries which reference the files, but HJT does not delete the files themselves. In order to see/find the files, you might have to set Windows Explorer's Tools->Folder Options->View settings to ""Show hidden files and folders"

that is for linux...

I haven't used it myself, but their website does say:

"SOT Office is a free productivity suite for Windows and Linux."

Alright- keep us posted either way. Can you tell us what exact settings you changed that (hopefully) fixed teh problem? If you can post that info here it couldl help others who might be having similar problems.

Thanks.

Sorry- I should have asked this before: are you assigning your IP info to each of your machines manually, or do you have a device (a router perhaps) acting as a DHCP server for your network? Issues of hostname problems vary depending on which addressing scheme you use.

Glad you got it sorted out. :)

If you're sure that the driver did the job, could you let us know so that we can mark this thread as solved please?

Thanks.

First- the easy one:

There are many utilities which you can use to manipulate your partitions; most cost $$, but you can find free or trial versions of some. Have a look at these links for more info:

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=partitions+merge+windows+ntfs+&btnG=Search

OK, SCSI- some pros and cons:

Like IDE/ATA, SCSI is indeed a technology for connecting storage devices, but it is an entirely different beast altogether. There are many benefits to SCSI, but quite honestly your average user isn't going to notice them; in fact, for the tasks that a normal user asks of their computer, IDE/ATA can actually be faster. When it comes to higher-end systems such as heavy-load servers or digital multimedia workstations however, SCSI is the way to go. *Note that the advent of Serial ATA (SATA) shrinks the performance gap between ATA and SCSI technologies.

- IDE/ATA technology only allows for 2 devices (master and slave) on a given channel. SCSI allows up to 15 devices per channel (16 technically, but the SCSI controller itself counts as one of the devices).

- The maximum length of standard ATA (PATA) ribbon cable is 18", the max length of a SATA cable is 1 meter, but the maximum length of a SCSI chain is 12 meters (and can be extended with repeaters). This makes SCSI really the only option for external "drive farm" racks (such as those produced by Rorke Data) used on large servers or audio/video workstations.

- …

Have you tried simply booting from the ME installation disk and starting the install, or is ME having trouble installing over the existing XP partition?

i just found this thread and site through a google.com search....your solution (DMR) worked beautifully and i was able to recover what data i really needed....

Glad we could help! :)

bentkey is the member who posted some troubleshooting steps a few posts above this one.

Try this: Instead of having the router dynamically assign your IP/DNS info, set the IPs statically instead and turn off DHCP in the router. For the DNS entries, use the IPs of your ISP's DNS servers; you can probably get that info from their website. Unless you've got a large network, DHCP isn't necessary, and in this case it might be the root of your problem.

It's rather obscene, in my view, for a vendor to include a trial version of Office.

Agreed, but unfortunately vendors are indeed starting to do that. It's all about cost-cutting and "carrot dangling".

OK- try this:

Open your /etc/hosts file in a text editor and do the following:

Change the line that reads something similar to:

127.0.0.1 localhost.localdomain localhost

to:

127.0.0.1 localhost.localdomain localhost put_your_new_hostname_here

For example, if you chose a hostname of "linuxbox", the entry would read:

127.0.0.1 localhost.localdomain localhost linuxbox

well you said he choose minimal install. and with a minimal isntall that doesnt include gui. it only leaves the basic stuff. so have him reinstall but this time dont choose minimal

Woops, missed that- you're right; a minimal install doesn't include the GUI packages.

What I have in physical order:
509M who knows - I think I created it for grub or lilo
11G for Linux
103M not sure

Judging from the sizes, I'd guess the 509M partition was created for swap (virtual memory), the 103M partition looks more like the one created for /boot (where, among other things, the Grub or Lilo files would live). The 11G is obviously for the main Linux / (root) partition.

During the Red Hat install, Grub should have detected your Windows install and properly configured itself to dual-boot if you chose to install Grub in the Master Boot Record (MBR), although this doesn't always go the way it should.

If you think Linux actually got installed correctly but just needs to be "fixed", you can boot into rescue mode from the first RH install CD to access Linux. See the following section of Red Hat's Customization Guide for more information:

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/ch-rescuemode.html

Once you've booted into rescue mode and done the "chroot /mnt/sysimage" dance described in the guide, view the contents of your Grub config file and post the contents here:

less /boot/grub/grub.conf

It would also be very helpful to post the output of this command:

fdisk -l

As kc0arf said, the system is booting into the command shell (basically the equivalent of booting into DOS in a Windows environment).

If the "startx" command does work, you can set the system to automatically go directly into the GUI at bootup by opening the /etc/inittab file in any text editor and (for Red Hat) changing the following line:

id:3:initdefault:

to:

id:5:initdefault

If typing the "startx" command doesn't get him into the GUI (and the line in /etc/inittab already reads "id:5:initdefault"), there's a problem with the video/X server configuration. If this is the case, you can run Red Hat's X configuration utility from the command line by entering the following command:

redhat-config-xfree86

From there you should be able to verify and/or alter different facets of your GUI setup. If you can't resolve the problem and have any further questions, please post the full hardware specifications of the box, as well as the full contents of the /etc/X11/XF86Config file.

Basically, you need to create a folder on the machine you want to back up to, share the folder, and give "everyone" write permissions to the folder. You should then be able to see the shared folder on the backup machine under Network Neighborhood on your machine and copy your data to that folder. The process is a bit more seamless if you add your computer to the Workgroup in which the backup computer resides.

The specific steps of setting up sharing vary between different versions of Windows- what version is the target (backup) machine running, and how is it currently networked?

My next question is why doesn't my WS_ftp95LE program work no more...

What exactly doesn't work? Do you get any specific errors? Giving us as much information as possible will help us get you sorted most quickly.

but was just wondering if this mp3 player has that option???

Not sure about the MOS player in particular, but in general, mp3 devices don't include the option to do that digitally due to #$!@ing RIAA/DMCA copyright restrictions... Grr!!

By the way the_don101, we have a policy against members adding their questions to another member's thread- if you have further questions, please start your own thread and post them there.

Thanks.

it sounds more like it is an oem copy that hasn't been activated. There should be a phone number to ring or a website to visit in order to activate it.

Yeah, that's why I suggested that travman double-check the stuff that came with the computer. It's a bit of a pain the way a lot of machines come configured- you get 8 million pre-installed apps, but since you rarely get CDs for those apps (which is where you'd normally find the product key stamped), you have to snuffle through a pile of booklets, leaflets, and whatnot to find all the keys, or log onto a bunch of sites and go through the online registration processes. Bit of a bummer in my book...

Unfortunately, it could very well be a hardware problem, especially since you mentioned a power surge. Bad RAM is one hardware component that will cause the error you're getting.

Was there any more info in the error message, such as a "STOP" code? If so, knowing that would help us narrow things down.

wardsb,

Please post your question in it's own thread; we have a policy against members posting their questions in another member's thread.

Thanks.

Are you absolutely sure that you didn't get a product key somewhere in the paperwork that came with the computer?

If the Office package was truly a trial version, and the trial time has expired, you will have to pay to either get a key to unlock your version or get a fully-functional version.

If you have no key and are asking for one, mikenandike22 already answered that question- we don't allow any discussion of hacks, cracks, or warez here.

guess there can't be any rogue programmes doing bad stuff if spybot etc doesn't detect them ?

Unfortunately, that's definitely not true- there is no single utility which can reliably detect and remove all of the malware out there. At the very least, you should run Ad Aware in conjunction with SpyBot.

O4 - HKLM\..\Run: [ioroxxo microsoft sux] quicktime.exe

I think that pretty much answers the QuickTime question, eh? :mrgreen:

Very cool- glad we could help :)

Hello help, welcome to the TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need. Please start your own thread and post your log there.

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforu...b_faq#faq_rules

Thanks for understanding.

Also,

Have HijackThis fix all entries that contain "(no file)" and/or "(File missing)".
Fix these entries as well:

O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O9 - Extra button: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O9 - Extra 'Tools' menuitem: ¤¤¤å°ì¦W - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINDOWS\SYSTEM\CDNIEHLP.DLL
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://cdn2.cnnic.cn/ad/china/cdn.cab

And if 4.2.2.1 is not the address of your DNS server, delete:

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.1

* If the C:\Program Files\NewDotNet folder still exists, delete it entirely.

OK-

It looks like SpyBot wasn't able to fix your "010" error, which is why you can't browse. The newdotnet infection has mangled a portion of your system's networking software; the TCP/IP software will either need to be repaired or reinstalled.

Instructions for reinstalling your TCP/IP software in Windows 95/98/ME can be found here:

http://www.compu-docs.com/winsock9x.htm

Alternatively, you can try a repair utility called LSPFix.exe. You can download the utility here:

http://www.cexx.org/lspfix.htm

Have you gotten a chance to try bentkey's suggestions yet?

To set the machine's host name in Redhat, you can do one of two things:

A) In the /etc directory you might find a file named HOSTNAME (if you don't, just create the file). It should contain a single line containing the hostname.

B) In your /etc/sysconfig/network file, enter the hostname after the equal sign on the "HOSTNAME=" line.

Hi gtbriscoe, welcome to the site.

Please see my previous post in this thread regarding our policy of not having members post their questions in another member's thread. You should start your own thread and post your question there.

Thanks for understanding.

Given what you've told us, it really does sound like a DNS problem. Have you contacted your ISP to see if they know of any problems with their DNS servers? The problem might be on their end; can't hurt to check the possibility...