Posts by DMR

You should definitely keep your subscription current- Symantec has put out quite a few updates lately.

Is there any pattern to the freezing? That is, does it happen at certain intervals, when you are performing certain tasks, etc.?

Ah, OK -that is a slightly different question.
Killer_Typo is right- to get to those characters, activating numlock should do you.

(By the way- The second "full stop" on the key you describe is actually a decimal point)

Yup- that's the safe way to do it.

BTW- if you use the "su" comand to become root when logged in as normal user:

The su command by itself does not give you a full root login shell (I'll skip the specifics right now- just trust me), which you will need to perform certain root-level tasks. In order to gain a full root shell without logging out and then logging back in as root, use the " - " option with the su command:

su -

You'll still be asked for the root password, but once you do that you will have full root godliness.
:)

What would happen if there was no boot.ini would windows default to some other file.

The NTLDR program is the file which is run before boot.ini during the Windows startup process. NTLDR looks for boot.ini and will process that file if found (including the multiple boot options which might be contained in boot.ini). I believe that if boot,ini really doesn't exist, ntldr may bypass it and try to boot from the active partition (I could be wrong about that though).

Do the ntldr and NTDETCT.COM files exist on you system?

The answer to your first question is something that you should be able to find as quickly as we could; as to the second:

A "runtime" environment basically refers to everything that is happening while a program/application is being executed (run). This is opposed to a "compile-time" environment, which refers to everything that is happening when a program is being compile from source code. Compiling from source is part of the process of the original creation of the program/application; it is the programming step that turns the bare program code (done in a programming language like C++) into a program which is executable (runable) by an end-user. A file with a .exe extention is an example of a compiled program.

Legit questions, yes- but definitely OT for the Security forum. ;)

Moving to the... um... where the devil does this fit?! Oh well- looks like mostly Win 95/98 stuff, so off we go...

Dump Internet Explorer if possible.

Other browsers such as Netscape, Firefox, and Opera are totally immune to the "about:blank" hijack and most of the other nasties that can infect IE.

That isn't a complete log- there should be a list of running programs/process at the beginning.

Save the log file as a text file and then open the log file in notepad. From there you see and be able to cut-n-paste the entire log.

Have you added or changed any hardware/software lately?

Also- try shutting down any unneccessary programs that might be loading; there could be something runninng in the background that's kicking in and hogging your system resources at certain intervals.

My laptop is second hand so I have no manual.

Um, yes- but neither do we... :mrgreen:

Care to at least tell us the make/model of laptop?

You don't see a ' symbol anywhere on the keyboard?? That's weird.

There seems to be a relationship between the write error and ATI video card caching/performance settings. This is one quote I found concerning the problem:

"Are you using an ATI Radeon video card?
If the Performance options under system properties advanced tab are set to
large system cache or priority for system cache on Win XP this can cause
these errors with some of the Catalyst drivers."

More related links here.

And there was much rejoicing... :)

Marking as solved.

CRC errors (and random system restarts) can be the sign of bad RAM. Download and run the following RAM-testing utility:

http://www.memtest86.com

Run the utility multiple times for a real "stress test" of your RAM. If you have multiple sticks of RAM, remove them; run memtest on each stick individually.

OK- let us know if that works.

Now I am happy to report that there is a cure:
Adware Away.

Which is, unfortunatley, only a 5-day trial; after that you have to buy it. Funny that you'll find no mention of the fact that the trial is a download unless you dig to the bottom of their FAQ... :rolleyes:

How many partitions are on the disk, and/or how many drives are in the system?
I've seen Windows install boot.ini on the wrong drive/partition in the course of a bad install.

Among other things, you seem to have a variant of the CoolWebSearch parasite. You should download and run CWShredder; see the following for more info:
http://www.daniweb.com/techtalkforums/search.php?searchid=74106

Also, have HJT fix these:

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0530095...ip/RdxIE601.cab
O16 - DPF: {8C42D15B-D8C2-40AD-9A06-3F27F58AE33E} - http://www.search-climbers.com/down...wordsUnInst.cab
O16 - DPF: {F104576A-91BA-40AD-91DE-2C2080133900} - http://www.searchclimbers.net/download/cab/ieplugin.cab

There may be more to do to, but take care of the above before posting a new HJT log.

Some info on the trojan:

http://www.google.com/search?hl=en&ie=UTF-8&q=Dyfica+Trojan&btnG=Google+Search

Note the references to disabling System Restore and running your utilities in Safe Mode. If system restore is enabled, and the virus was present at the time your last restore point was taken, the virus can be reintroduced to your system that way.

NEVER open emails from an unknown source! The emails could be benign mass-mailings, mistakes, or viruses.

It isn't worth finding out which if you know they're not intended for you. If your mail program allows spam/bulk mail filtering, use that function. If not, delete the files immediately upon receipt.

Considering the fact that some of the emails have already been opened/read, you should do a thorough virus scan on all machines on your network as soon as possible.

Thanks friends. My problem is solved!!!!!!! :lol:

Happily marked as so...

You can sometimes run into quirks when networking XP (or even 2K) machines with Win 95/98 boxen. Here are some suggestions:

http://www.duxcw.com/faq/network/xprouter98.htm
http://www.anandtech.com/guides/viewfaq.html?i=92
http://www.ezlan.net/Installing.html
http://www.practicallynetworked.com/sharing/xp/addxp.htm
http://www.experts-exchange.com/Networking/Microsoft_Network/Q_20951548.html

Hope this helps :)

Just another vote of agreement.

Even if the repair shop didn't purpously skneetch a stick of your RAM (and yes- that definitely does happen), they may have forgotten to reinstall it or they reinstalled it incorrectly. Open the case to physically verify what you've got in there.

OK, let us know if it works or not.

Sorry- I also forgot to mention that HJT only removes the Registry's reference to the files in the " O4 - HKLM\..\Run" entries; you should find and delete the actual files after fixing them with HJT.

post your hjthis log here .

Yup. A lot of these nasties can morph and/or reinstall themselves if you don't catch every little piece of them. Let's have that HJT log and we'll see if we can spot the culprit.

Also, did you run Ad Aware, SpyBot, CWShredder, etc. before doing your HJT scan? If not, do so before posting the fresh log.

- HKMJW.EXE is the executable for the game "Hong Kong Mahjong". Is that the games you're talking about.

- easyclea.exe is the executable for ToniArts' EasyCleaner utility.

- fyjh.exe looks very suspicious to me. The filename looks like one of those random names that trojans or spyware would use. Any idea what that file is associated with? If not, I'd give your system a through scanning with anti-virus and anti-spyware utilities.

- Have you tried an unistall / reinstall of Majhong and EasyCleaner?

As this is spyware related, I'm moving it to our Security forum.

That error is probably caused by an "orphaned" run entry in your registry; the entry just being a "loose end" left over from the spyware removal. HijackThis can probably remove the entry for you if you aren't comfortable editing your Registry by hand.

Run HJT and look for an entry similar to the following:

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\sdkzh.dll

If it exists, put a check in the box at the beginning of the entry and have HJT fix it. DO NOT HAVE HJT FIX ANYTHING ELSE AT THIS POINT!!

The first thing to do would be to check your settings in Explorer's view options. Got to Tools menu and navigate to Folder Options->View->Advanced Settings. If the "restore previous folder window at logon" option is checked, uncheck it.

Good to know Leo- thanks. :)

Sure,

The first thing to do is to have a read through the following thread:

http://www.daniweb.com/techtalkforums/thread5690.html

In it you'll links to spyware detection/removal utilities, instruction on their usage, and tips to help you avoid getting reinfected. The utilities are free; download them, read their documentation, and run them. Repost here when/if you run into problems or simply have questions.

:)

It sounds like you might infected with "spyware". Read through the information in the following link, especially the recommendations concerning many of the free utilities which you can use to detect and remove these malicious programs. If the utilities find problems and you need further help, please start another thread in our Security forum, giving as much information as possible about what the utilities have reported and what you've doen so far in terms of fixes:

http://www.daniweb.com/techtalkforums/thread5690.html

- Does this happen when running in safe mode?

- When did it start happening?

- Had you added/changed/removed anything in the system just prior to the problem's appearance?

- Are there any errors or messages in your event logs which might pont to the problem?

- Does this happen only after using certain programs?

- Have you tried individually disabling all unnecessary background applications (AIM, MSN Messenger, Anti-virus programs, etc.) before shutting down?

- Have you used Windows Update to make sure you have the latest patches/fixes/updates installed?

Careful- it'll grow on you... :mrgreen:

I am having tha same problem as mister454, the only difference is at the end my message it doesn't say which file is missing. Any ideas??

Hi NoaaMan, welcome to TechTalk :)

You need to start your own thread for your question. For reasons of clarity, we ask that our members adhere to our "one member's question per thread" policy; things just tend to get too confusing otherwise. When you do post, please include as much specific info about the problem as possible (when it started, what changes might have been to the system at about that time, etc.).

Thanks for understanding.

-DMR

If possible, you might try putting the drive into another computer as a slave drive just to see if you can access it long enough to rescue your data.

It's a hidden system file; you need to have Windows Explorer's view options set to display all files.

The HDD LED connection is nothing more that the connection which goes from your motherboard to the hard drive activity indicator light (LED; Light Emitting Diode) on the front of your chassis. Having it disconnected has nothing to do with your problem; although reconnecting it to the wrong points on the motherboard could.

The "no signal" message from your monitor means that it isn't getting a valid signal from your video card. With everything else you've described, it sounds, as Catweazle said, that you've either knocked a connection or component loose or have mis-plugged something when you reconnected your wiring.

As mentioned, you'll have to check the documentation for your particular motherboard to determine the correct connections; those vary between different makes/models of motherboards.

I would like to edit the boot choices...

If by that you mean that you now have a menu giving you 2 choices of Windows to boot into, but you need to delete the bogus one, the file you want to edit is "boot.ini" (located in C:\).

haha- 500 is a lot.

Drop in the bucket- I'm almost at 6,500 at the other forum I moderate- don't know if that should scare me or not... :p

Have you tried contacting Tascam directly? I know they can be a real pain, especially if you want help with something they've discontined, but it might work if you just bug the fsck out of them.

Yes, but could you please tell us exactly what section it stops at and provide the hardware specifications of the computer. Knowing those things will help us get to the bottom of it faster.

OK- yes, delelting New.Net Domains 6.30 was what I meant.

You've still got a load of nasties in there (RapidBlaster, eZula, Webhancer, Bargain Buddy, etc.); Ad Aware, SpyBot, and the other utilities should have caught those. Did you follow the setup instructions for those programs and make sure that you had the latest updates when you ran them? Did they find and remove any of those nasties I mentioned? If so, you're getting reinfected- stay off line until your sytem is cleaned up.

Windows will let you partition and format a blank drive as part of the installation process, nothing to worry about there.

As far as the 10G drive goes, you probably won't get a heck of a lot for it, but what'll hurt if you try, right?

... please start your own Thread / click the new Thread icon at the top of the security page .and post your log there .

Yes.

across_stars,

First of all- welcome to TeckTalk!
For reasons of clarity, we ask that members not add their questions to a thread started by another member, but instead start their own thread. It just keeps things more manageable that way.

Thanks for understanding :)

Your problem at this point may be at a higher level than the NIC.

- Can you ping the IP of your NIC?

- Can you ping the IP of any other machine on your network?

- Can you browse or at least interrogate other machines via command line?
Try the command: net view name_of_other_computer

Leg,

I've merged you other thread into this one. Please do not start multiple threads for a single question; it just confuses things.

Thanks for understanding :)

If the updates don't fix it, have a read through these suggestions:

http://inetexplorer.mvps.org/answers_5.htm#msvcrt

- At exactly what point in the boot process does it fail?

- Can you start up in safe mode?

- What are the specs of computer in question?

- Was this a fresh, clean install of 2K? In other words, did you wipe ME and reformat the drive?

Remove anything that references new.net. If that's all you''ve got, kill it.

See if you can start RH's video configuration tool from the command line by typing:

redhad-config-xfree86

OK- you've still got problems judging from your log; hang in there until crunchie or caperjack can get back to this.