Posts by DMR

Hi Sheldon, welcome to TechTalk! :)

Being new to this site I'm sure you aren't aware of this, but we do ask that members start their own thread when they have a question rather than "piggybacking" the question onto a thread previously started by another member (regardless of how similar the 2 problems might seem).

For one thing, the piggybacking diverts the focus of the thread away from the original poster's problem, and for another, your question won't get the attention that it would if it were in its own thread.

With that in mind, please post your question in its own thread, and try to provide as much detailed info as possible when you do (the exact text of error messages, your version of Windows and the program(s) you're having trouble with, etc.)

Thanks for understanding.

- Dave (DMR)

I dont know whether this is a UK forum or a US forum. Im from the Uk and im with NTL.

We're US-based, but we have UK members on NTL.

I connect to the internet through a dongle i think its called, which is USB. I thought maybe that was the problem. Can anyone help me out please

Can you describe the "dongle" in more detail please (in terms of it's function and placement in your network wiring scheme)?

- Can you ping the LAN-side IP of the router?

- Can you ping a location outside of your network by its IP? Try pinging Google: ping 64.233.167.99

- Can you browse by IP? Try to reach Google by putting the above IP in your browser's location bar: http://64.233.167.99

- Post the output of the following command: ipconfig /all

Hard drives can be fixed (well, depending on the severity of their "death"), but unless you really need the data on the drive, it probably isn't worth the hassle. Most people don't have the electronics skills or the specialized parts and tools needed to perform the repairs.

Does the beeping have a pattern? If so, the pattern is a POST beep code; telling us the pattern and the make/version of your BIOS will help us pinpoint the problem.

Did anything out of the ordinary happen to the system just prior to the problem's occurrence.

That seriously sounds like the result of spyware/hijackware.

I'm moving this to our Security forum. Have a read through other posts there and follow the spyware detection/removal instructions posted by our security experts crunchie and caperjack; repost here if you still have issues after that.

Any pertinent error messages in your event logs?

(This is a hardware question by the way. Could it be moved to the Hardware section please?)

Yes- done.

Just out of curiousity- what are the names of the files in question?

Exactly where in the process of running the Add Printer wizard does it give you the message, and what is the exact text of the message?

Having that information will help us determine where the problem lies, but my feeling is that what Yzk is getting at is correct; the "resource" in question is the printer itself, and the system is telling you it can find it.

Thanks crunchie! Dinner and the evening that followed were great.
(but now I'm back to the real world :()

:mrgreen:

Thanks for that, crunchie- I didn't have time to individual verify those entries. :)

The mail notification isn't Internet email, it's your system sending you status messages. By default most Linux installations are configured to automatically send the system/network administator notifications on different aspects of system's/network's status (or changes in status).

Type "mail" at the command prompt and you'll see what I'm talking about. You can read the mail man page for more info.

Ouch! You are heavily infested, and that's probably why my link didn't work for you; some of these $*#@ programs can block access to anti-spyware/anti-virus support sites.

I'm sorry, but today is my birthday and my girlfriend is making a dinner right now which smells absolutely wonderful, so I don't have time to respond. Hopefully crunchie, caperjack, or one of our other security experts will pick up on this shortly.

By default, a "root" account (equivalent to the Windows "Administrator" account) should have been created. At the login prompt, type "root" (omit the quotes). If that leads you to a "password" prompt, enter the password there. You will see no characters displayed when you type the password; this is a security feature.

Try that and see what happens. Let us know if it doesn't work; there are ways around the problem.

Yes, that forum is open- much thanks for all of the info caperjack!

-Dave

Glad you enjoyed the link!
Good luck, and may you remain uninfested! :)

Any idea what you did to fix it? Posting that info could help others who might have the same problem...

-Thanks

schweeet 8)

Yar,matey- schweeet she be!

Actually, that's saved my butt more than a few times, and saved my clients' systems more than a few times too: if I have to troubleshoot a system/network that I know to be riddled with "nastyware", I can just boot my laptop into Linux and plug into them for a look-see without having to worry about their nastyware coming back down the pipe and blasting my system. :mrgreen:

(There are also some cool Linux tools that you can use to troubleshoot Windows systems!)

A) You're running HJT from within a temp/temporary folder; you need to create a separate folder on your hard drive for HJT and run it from there.

B) Have you run through the standard SpyBot/Ad Aware/CWShredder/etc. drill yet. If not, do so and then post a fresh HJT log. (Links to the utilities and usage directions are in my sig below).

* Your best bet is to run the utilities while booted into Safe Mode; they may able to more effectively remove the nsties you've got that way.

There are virus/worm utilities out there, but due to the fact that there are so few viruses written for Linux, there are only a few utilities as well.

As for spyware, I've never heard of any of that stuff being able to infect a *NIX machine.

That's not a full log- there should be a list of all running processes at the beginning of the log (compare to your original).

Also, the following look suspicious; I'd fix them if they don't look like things you know you've installed, or wait until another member can verify them:

O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [easywww] C:\windows\easywww.exe
O4 - HKLM\..\Run: [BearShare] C:\PROGRA~1\BEARSH~1\BEARSH~1.EXE /pause
O4 - HKLM\..\Run: [ConFig] "C:\WINDOWS\r453.exe "
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msgked.exe
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe

Most distros do come with GUI utilities to handle these sorts of tasks, but the names of the programs can vary between distros and between GUI environments (Gnome, KDE, etc.); you just kind of have to poke around your program menus and get familiar with what you've got there.

OK, that's what I thought you meant- just checking.

Is it possible to create the partition with one of your old Win 98 boot/rescue disks? I've had instances where I've had to do that in order to install 2K or XP on damaged drives. I'm not saying you drive is damaged, but...

Yeah, it happens a lot.

Did you manage to pull down a good one?

Not necessarily a demo, but more a "white paper"-ish decription of what it does and how it does it.

And no, I don't have permission to view the link you gave.

Hi- welcome to TechTalk!

First of all, you need to run HJT from its own folder; not from a temp/temporary folder (which you are doing now), not from the desktop, and not directly from your C:\ directory. You should also close all programs before scanning.

Secondly- your filesharing programs need to go!! That is the best way to get infected (and you certainly are); you're just asking for trouble!

OK-

1. Download and run the programs listed in my sig below (read the tutorials as well); let them fix whatever they find. It might be a good idea to reboot after running each program.

2. Run HJT again (from its own folder as I mentioned above). Post a fresh log after that.

Can I delete Rundll32.exe?

NOOOOO!!!

Rundll32.exe is a critical Windows system file responible for loading other Windows components. Spyware programs use/abuse this function by telling rundll32 to load their components as well; it is their programs which cause the errors, not rundll32 itself.

WOW!

Yeah, no kiddin'!! [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/eek3.gif[/img]

Glad I could be of help. :)

As to why it changed I can't say for sure. Sometimes preferences settings can get forgotten or altered if the systems hiccups or crashes. There's also the possibility that you got some unwelcome "nastyware" in your system which has twiddled with your Internet settings...

Have you tried pestering Tascam, or perhaps contacting the nearest pro audio dealer? It might be a bit of "pulling teeth", but it could be worth it.

That's a fairly old card which, as you know, was never meant to work with XP.
Finding an answer on a purely computer-oriented support site such as this might be diffy; have you tried the numerous digital audio news/discussion groups, forums, etc?

If it's the tdif I/O you need, don't a couple of other manufacturers (Aardvark maybe) make equivalent beasties that are compatible with newer operating systems?

<edit>
YOIKS!! I've only been posting here for about 6 weeks and this is post #500. Man, I need to get a life... :mrgreen:
</edit>

but the numbers that I put in do not stay.

Could you clarify that please- exatly what numbers are we talking about?

You definitely have "unwanted guests". :(

I'm moving this to our Security forum; that's the forum in which we concentrate on HJT log analysis and other "spyware"-related issues. One of resident HJT experts should pick up on this shortly.

OK. Get back to us with specifics if need be.

Good Luck. :)

I'll get ehat to run this too DMR.

Download dllfix from the following link.
http://tools.zerosrealm.com/dllfix.exe

Create a folder on your desktop, doubleclick on the dllfix and install it into the folder you just created.
1.Run start.bat and press option 1. 'output.txt' will be created in the folder. Post the results of that log here too.

You know- I've found lots of links to dllfix, but not a lot which explains its inner workings. Have you run across any good description of this?

I found these two from www.blackbox.com. Their stuff is SUPER high-quality, but it's SUPER expensive as a result. If you can find the stuff there, you may be able to find it elsewhere, for cheaper.

Middle Atlantic is another supplier of sturdy, high-quality rack gear, but they're on the expensive side as well.

...no IE wont open in the run tab. It says "iexplorer is not a valid Win32 app" again.

OK, regardless of how it got that way, she's corruptiod. Since you're going to migrate away from IE anyway, you might not bother pursuing that one.

I clicked on your hijack this link but could not use the back button to come to this page. Is this an Opera bug?

It may have just opened the link in a new window instead; that behaviour can probably be changed in your browser's preferences. I can't remember if/where you can do that in Opera, not having used Opera in a while.

Thanks to you n everyone else for helping out this hippy! I shoulda got online years ago...the nets a trip. Cya

Extremely trippy. It's weird- surfing can get almost meditational or mystical sometimes if you do it right. I've had loooong nights online where I swear I actually began to sense the intangible pulse of everything that was going on out there. Kind of like I grasped a thread of the web and could feel its vibrations.
... Welll- until I ran into this, of course:

http://www.robrob8.com/news/last_page.htm

:mrgreen:

Create a separate folder for HJT instead of running it directly from your root (C:\) directory. Run HJT from that folder and have it fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\hflond.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\hflond.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.5/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://195.225.176.5/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\hflond.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\hflond.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\hflond.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.5/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://195.225.176.5/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://195.225.176.5/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\hflond.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.5/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.5/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\windows\iehr.dll
O2 - BHO: (no name) - {A2DAC346-1C57-4BCB-B342-8D0179C41A5D} - C:\WINDOWS\System32\hflond.dll
O2 - BHO: sr - {FC2593E3-3E5A-410F-AF3D-82613CCE58E5} - c:\windows\sr.dll
O4 - HKLM\..\Run: [kikklrv] C:\WINDOWS\System32\gvppcaqs.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\System32\windll32.exe
O4 - HKCU\..\Run: [Neso] C:\Documents and Settings\Peter\Application Data\aoau.exe

Restart in safe mode and delete the entire Windows SA folder, as well as all of the .exe, .dll, etc. files referenced in the above HJT entries. (Make sure that you have Windows Explorer set to view all …

Some (extremely un-fun) info concerning Look2Me and its removal:
http://www.kephyr.com/spywarescanner/library/look2me/index.phtml

Hunterbar:
http://doxdesk.com/parasite/HuntBar.html

Have you gotten the absolutely most recent patches and fixes from Microsoft? If not, do so now- your system needs to be kept thoroughly up to date to lessen your vulnerability. Also, download and install SpywareBlaster if you haven't already; it blocks the installation of malicious programs which exploit ActiveX controls:
http://www.javacoolsoftware.com/spywareblaster.html

How is your page caching set up in your Internet Options control panel? The settings are under the "settings" button of the Temporary Internet Files section of the General tab of the control panel. In the "check for new versions of stored pages" options, force it to "every visit to page" and see what happens.

....we should all hold hands sing the pepsi song...

Yoiks!! Somebody is really showing their age here...

:mrgreen:

Hi steviegee16,

Please read the post right above yours concerning the need for you to post your question in its own separate thread. You'll get more attention that way, and you won't add confusion to the troubleshoot we're doing for the original starter of this thread.

Thanks :)

An unfortunately all too comon problem. Luckily, it's been addressed here many times before- look through the threads in the following link for the solution, and more info than you ever wanted to know about spyware problems in general:

http://www.daniweb.com/techtalkforums/search.php?searchid=72429

Mozilla, Netscape, FireFox, Opera, etc. are all stand alone, fully functioning browser; they have no interaction or dependence on IE. This is generally considered a Good Thing- those browser are not an integral part of the OS (IE is), so they present less of security risk in terms of viruses, spyware, and the like.

The error message you're getting could simply be due to a corruption of IE, or perhaps the result of a malicious program that got into your system. Under your "Start" menu, try typing "iexplore" (omit the quotes) in the "Run..." dialog box- does IE start that way?

Um-

After an fdisk and reformat it will tell you that the operating system is missing, because it is; a format wipes the drive entirely. :mrgreen:

- Can you give us some background as to how/why the system got so h0rked in the first place?

- Which OS are you trying to install?

If the whole point of this venture is to migrate to XP, you should just purchase a load of XP and start fresh. (especially since you sound pretty sure that the Win 98 disk is probably damaged).

The fact that you get no graphical desktop after the b0rked 98 install attempt means that you probably shouldn't bother with trying to work things out from the command line (the "C:\" prompt); the installation was obviously not successful. :(

Marking as solved :)

That could be caused by a number of things.

- Can your friend boot into safe mode?
- Has he changed anything software or hardware wise just prior to the problem's beginning?
- Has he tried a system repair by booting into the recovery console from the installation CD?

Any error messages in your log files that might shed some light? Use the Event Viewer in your Administrative Tools package to view the logs.

Could you give us more specific information please?

- Which drive? What type (IDE, SCSI, etc.)?
- What do you mean (exactly) by "lose"?
- Which operating system?

OK- good luck :)