Posts by DMR

The first thought that comes to mind is that you are using a Broadcom-supplied configuration utility which is conflicting with Windows built-in configuration functions. Is that possibly the case?

this may not be word for word, but its close...

You need to be very specific (and correct) when you post error messages and the like.

Please give us the full details of your partition/drive configuration, and also post the contents of your Windows C:\boot.ini file and your Grub configuration file.

Sorry- my mistake; the command I gave was incomplete. It should have been:
ipconfig /all >"%userprofile%"\desktop\ipconfig.txt

If you used the syntax I originally posted, you'll probably find the ipconfig.txt file in the C:\Documents and Settings\your_user_name folder.

Hi Johnsarelli,

I see that this is your first post; welcome to DaniWeb :)

* Your decription of the 317 error and the "Your Windows is corrupted with spyware virus." messages are indicative of an infection by a variant of the "HotOffers" parasite.

* The following entry in your HJT log iis indicative of infeciton by a member of the "CoolWebSearch" family of parasites:
O2 - BHO: ticont.MyBHO - {F365382D-CF21-45BA-80CF-B868C6ED9634} - C:\windows\system32\ticont.dll

However- before we begin the cleaning procedure, I'd like you to check/modify one thing, please:
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
The above log entry might indicate that you have used the MSConfig utility to deactivate some of your startup items. There are many components of malicious infections which HijackThis cannot detect unless they are running, so we need to see the results of a HJT scan done with all startup items enabled:

* Click on the "Run..." option under your Start menu.
* Type the following in the resulting "Open:" box:
msconfig
* In the "General" tab in the System Configuration Utility window, make sure the "Normal Startup" option is selected. If it is not, select it.
* Click OK to close MSConfig
* Reboot the computer, run HJT again , and post the new log.

-

I am pretty new to routers...

If you can post the exact make/model of the router, I can probably give you more specific directions in terms of what to do/look for in the router's configuration utility.

Anything I can try before then on my local computer?

Hmm... if the situation is that you can seem to connect to the network, but don't get an IP after that, try:

* Click on the "Run..." option in your Start menu. In the "Open:" box of the resulting window, type "cmd" (omit the quotes) and hit Enter. This will bring up a DOS window.
* At the DOS prompt, type the following command and hit Enter. You won't see any result from the command, but when it completes, a second prompt with a flashing cursor will be displayed; close the DOS box once that happens:
ipconfig /all >ipconfig.txt

The above command will have created a text file on you desktop named ipconfig.txt; double-click on the file to open it in Notepad, and then cut-n-paste the file's contents in your next post here. The contents of the file will give us some important details of your IP configuration.

-

I have xp and the cd drive worked fine on my old computer

When you moved the drive into the new computer, did you make sure to verify that the Master/Slave jumper setting on the drive was correct for the drive's position on the new computer's IDE channels?

could it be a compatability issue?

That is something that you would need to verify, as you're the one who knows the make/model of the drive. Look it up on Microsoft's Hardware Compatibilty List and also check the manufacturer's support site to see if there are any known issues with that particular device.

Hi CyrosImmortal,

First of all- welcome to DaniWeb :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Given that, I've split your question into its own separate thread, which can be found here:
http://www.daniweb.com/techtalkforums/thread47206.html

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

Actually, most people just sort of curl up and slink away quietly when I ask that question; apparently you're one of the rare honest ones... :mrgreen:

Seeing that you are doing this with their consent, there are a few things you can try which might narrow down the cause:

1. Take the lappy over to their house, plug it in to the router via a CAT5 cable, and see if the wired connection works.

2. Go in to the router's configuration and look closely at all of the option settings in the Wireless and DHCP areas. Double-check that no wireless security/restrictions are in place, ensure that the router's DHCP range/scope isn't restricted, check (if it exists) the wireless MAC client list to see if your computer's MAC appears there.

3. Write down any custom router settings or save the router's config file to one of the attached computers, and then give the router a hard reset. See if you can then connect. Restore the saved config after that and see if you can still connect.

You're welcome; very glad we could be of help. :)

Just remember- now that you have the toys up and working, don't stay awake tweaking them for 4 days straight like I did when I set up my first test domain... :mrgreen:

I've personally had good luck with both of those model lines, but I've also heard first-hand horror stories about both from other techs. I think the "YMMV" caveat probably will apply here.

I think this is what you're asking about, yes?:
In an environment where users only log on from their own machines, account profiles are often kept on the local machines, in the usual \Documents and Settings\%USERNAME%\ folders. However, in environments where users may need to log on to their own account from various locations, roaming profiles are created, where every user's profile data is located on a central server. This article gives a short (but pretty informative) run-down on roaming profiles; you can find much more by Googling for the term.

Have you recently reinstalled Windows or made any other changes to the system? What you've described is usually a symptom of missing or corrupt drivers.

Right-click on the two devices which have the yellow exclamation point icon and click the "Properties" option in the resulting menu. Tell us what information is given in the "Device status" box.

...and knowing that my neighbors have a wireless router I bought a wireless network card for my desktop computer.

And you asked the neighbors for permission to use their network, right? :mrgreen:

Because otherwise, of course, you would be asking us to help you get unauthorized network access, which is something that we don't do here.

OK- before we begin, can you give us a bit more detail please? What exact problems are you running into when you try to reinstall Windows? If you are encountering error messages, please give us the full and exact text of the errors.

Hi pasean8- welcome to DaniWeb :)
I'm moving your post into one of our technical support forums so that you can get some "knowledgeable eyeballs" on your question.

By the way- as far as reference material goes, the networking books from O'Reilly Press are very good.

Conflicts can occur when you have two independent DHCP servers active on the same network. What you would do is disable the router's DHCP server and assign a static IP to the DHCP server computer.
That way, when a client computer issues a DHCPDISCOVER broadcast, the Win DHCP server will be the only machine available to respond.

All the traffic will still pass through your PC as it is also a DNS server...

Mmm... not quite. While URL-to-IP resolution queries will be sent from the LAN workstations to the DNS server, the actual data packets to be transmitted (to the Internet) by the workstations will not pass to/through the DNS server. The DNS server simply responds to the workstations' resolution requests by passing the appropriate IP addresses back to the workstations; the workstations themselves are then responsible for establishing communication with their desired destination (which they do through the router, not through the DNS or DHCP server).

Er...motamedd indicated that Spinrite was already tried:

I have tried the Spinrite 6.0...

Well, it completely crashed...it is going to our favorite person, the computer repair guy.

Bummer. Good luck with the repair, Joal; hope it goes well.

OK- your basic addressing info looks correct; let's find out exactly where the communication is gettting broken:

* When troubleshooting any network-related issue, the first thing you need to do is to completely disable any firewall software (including XP's built-in ICF/ICS features). Simply choosing the "Disable" option in the firewall program's settings/preferences rarely turns the firewall off entirely; you will need to deselect the preference setting that tells the firewall to automatically start when Windows boots, and then restart the computers. After reboot, verify that the firewall is indeed disabled.
Keep your firewalls dropped until you get things working.

* Click on the "Run..." option in your Start menu. In the "Open:" box of the resulting window, type "cmd" (omit the quotes) and hit Enter. This will bring up a DOS window.
At the DOS prompt, type the following commands, hit Enter after each, and tell us the results for each command:

ping 127.0.0.1
ping 192.168.0.1
ping 66.102.7.99
ping www.google.com

* Try reaching a site by its actual IP address instead of its URL. For example, open a browser and enter the following in the address/location bar:
http://66.102.7.99
If that takes you to Google, chances are pretty good that you do have a DNS problem.

"primary slave S.M.A.R.T. command failed...

What device is connected as the Primary Slave?
What is the make and version of the BIOS? There may be an option to disable SMART hidden in an "advanced" setup page or somesuch.

Check LaCie's support site; most drive manufacturers have downloadable low-level disk diagnostic & repair utilities for their products.

How would I set up another computer to use my servers DNS/DHCP instead of the routers?...
... I want to recieve all the traffic from the computers in the house on my server, and then route it from my server, to the router. I only want the router to deal with my computer, not anyone else. All traffic should go through my server. (I assume this is how a regular server would act?)

You're actually describing two different possible roles for the "server" computer, and therefore, two different possible network configurations.
Having the server machine run DHCP and DNS server software is one thing, and that configuration doesn't demand that all LAN traffic pass through it. In this configuration, the router is still the gateway device, but the IP address of the server is what you use for the DHCP server IP.
Regardless of any other role the server might play, having all LAN traffic pass through the server computer (and then from there to the router and beyond) would mean that the computer would have to function as a router/gateway device itself. The computer would need, among other things, two separate network cards installed in it. You would also need to install a switch in order to connect multiple LAN workstations to that machine.

Is there any particular reason that you want/need to use your server machine as a router when you already have the dedicated router device?

WPA2 is a newer version of WPA, and it does have some compatibilityissues.
What are the exact versions of the OS on each computer, and what is the exact version (including revision #) of the Airport/Airport firmware?

1. Give us the exact model #s of the router and adapter.
2. Clikc on the "Run..." option under your Start menu, type the following in the resulting "Open:" box, and then hit Enter:
winipcfg
Post the values given for:

Ip address
subnet mask
gateway IP address
dhcp server address (if any)
DNS server IPs

Tell us what you have tried so that we don't offer duplicate suggestions.

I have purchased a genuine copy of Windows and would like to install it again as I think that this may rectify any problems that I'm currently having

Yes, and there are other obvious good reasons for installing a legit version of Windows, aside from it perhaps rectifying the problems.

I have tries installing Windows in Safe Mode but it won't let me.

You don't install/reinstall Windows from within Safe Mode; you boot directly from the installation CD and perform the install from there.
Insert the CD and restart your computer; the computer should either boot right from the CD or ask you if you want to boot from the CD (the answer is obviously "yes"). If it does not, you need to enter the BIOS setup utility, locate the boot device order configuration menu, and make sure that the CD drive is listed before the hard drive.

A Restore operation only monitors and modifies certain components of your system such as the Registry, user profile data, drivers, and program files such as .exe and .dll files.
System Restore specifically does not alter the contents of the My Documents folder, nor does it touch user-created data files (files with extensions such as .doc, .htm, .xls, etc.).
Being that SR doesn't modify the contents of the My Documents Folder (including any of its subfolders), any files that you have doubts about as to whether or not SR will modify them can be stored under the My Documents folder for safekeeping.

1. That problem could be caused by anything from faulty hardware to a corrupt system file. Please give us as much detail/background info on the problem as possible so that we can (hopefully) narrow down the list of "possible suspects".

2. Does the computer boot successfully if you start it up in Safe Mode? To boot into Safe Mode:

1. Restart your computer.
2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
3. Select the option for Safe Mode using the arrow keys, and then press Enter.

That's a totally clean log; is there a specific reason that you suspect malicious infections to be the cause of the crashes?
Give us as much detail about the crashes as possible (including the exact text of any error messages) and we'll see if we can't help you pinpoint the source of the problems.

Glad you had a clean Restore Point to go back to. :)
Be careful though- the System Restore may have "undone" the noticeable effects that the malware made to your system, but given that you had at least three separate infections (one of which was/is a password stealer and keylogger, by the way), and the fact that a Restore does not delete the actual infected files you downloaded, it's quite likely that you still have infected components on your computer.

I saved some word program files onto disks.

If by "disks", you mean CDs, then you will not be able to modify the files at all. That, however, is normal behaviour for files stored on CD or DVD media.

You've deifnitely got a few unwanted guests; please do the following:

1. C:\DOCUME~1\SHAWNA~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
The log entry above indicates that you have not yet unzipped the hijackthis.exe program file from within the downloaded hijackthis.zip archive file. You are also running HijackThis from within a Temp/Temporary folder, which you should not do. To remedy this, follow these steps before running HijackThis again:

* Create a separate, new folder for HJT outside of any Temp/Temporary folders. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
* Right-click on the HijackThis.zip folder that you downloadd and choose "Extract All.." from the resulting context menu. This will open the file extraction wizard.
* When the wizard presents you with the option of choosing the location into which the extracted hijackthis.exe file will be placed, browse to and select the new folder you created.
* When the extraction is complete, an Explorer window will appear showing the newly-extracted HijackThis.exe file; double-click on that file to run the program.

2. C:\Program Files\Internet Explorer\iexplore.exe
The log entry above indicates that you had at least 1 instance of Internet Explorer running when you ran HijackThis.
Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.

-------------------------------------------------------------------------------------------------------------------

Once you have remedied the two issues above:

You will need to close/quit all web browser programs and …

give my reply how to connect that system in LAN

Can you state that more clearly, please?
Does the system not connect at the moment?
What exact problems are you experiencing?

Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

The above information from your log's header indicates that you are running a very out-of-date system. You should install the most current Service Packs and updates for Windows 2000 and Internet Explorer. An up-to-date Win 2K system will be reported in a HJT log as:
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

The following entry in your log is relates to an adware parasite, although the "(file missing)" note may indicate that the infection itself has already been removed:
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\cXVlc3Q\command.exe (file missing)

Please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Download and install the following utilities; do not actually run the programs yet:

CCleaner - www.ccleaner.com
ewido Anti-malware - http://www.ewido.net/en/download/
When installing ewido, under "Additional Options" uncheck..

1. • Install background guard
   • Install scan via context menu
2. Launch ewido, there should be an icon on your desktop, double-click it.
3. The program will …

Does it matter that these files arenow saved on disks and I can not save copy or delete them now?

What exact files are you referring to?

Sorry for the delayed response; I've been pretty busy for the last few days.

Try running the free "Cleanup!" utility. A description of the program, and links to the download and FAQs, can be found here.

1. What about the suggestion of uninstalling/reinstalling Spyware Doctor?
2. What exact version of Windows are you running?

3. Instead of asking you to look through the logs, it might be quicker if I reviewed them, if that's OK with you. I'll recognize a relevant error if I see one.
The logs are too large to post here, so do the following instead:

* Open Event Viewer again and right-click on the Application Log.
* Click "Save log file as..." from the resulting menu.
* In the "Save As" window:
- select Desktop as the "Save in:" location
- In the "File name:" box, name the file AppEventLog
- In the "Save as type:" menu, choose "Text"
* Repeat the above steps for the System Log, but name that file SystemEventLog.
* Send me an email with the subject "Spyware Doctor logs" and attach both the AppEventLog.txt and SystemEventLog.txt files.

Hi klaura,

All kidding aside (and I was just kidding, cubanforever), there definitely are infections indicated in your log; please do the following:

1. D:\DOCUME~1\Kaye\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
The log entry above indicates that you have not yet unzipped the hijackthis.exe program file from within the downloaded hijackthis.zip archive file. You are also running HijackThis from within a Temp/Temporary folder, which you should not do. To remedy this, follow these steps before running HijackThis again:

* Create a separate, new folder for HJT outside of any Temp/Temporary folders. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
* Right-click on the HijackThis.zip folder that you downloadd and choose "Extract All.." from the resulting context menu. This will open the file extraction wizard.
* When the wizard presents you with the option of choosing the location into which the extracted hijackthis.exe file will be placed, browse to and select the new folder you created.
* When the extraction is complete, an Explorer window will appear showing the newly-extracted HijackThis.exe file; double-click on that file to run the program.

2. C:\Program Files\Internet Explorer\iexplore.exe
The log entry above indicates that you had at least 1 instance of Internet Explorer running when you ran HijackThis.
Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.

-------------------------------------------------------------------------------------------------------------------

Once you have remedied the two …

well i tried to check it out but i still dont see anything

You have to squint your eyes and look really closely... sort of the same way you would if you were trying to find a herd of elephants hiding behind a cupcake. :mrgreen: :mrgreen:

OK- Here's the first step:

Download the (free) HijackThis utility:

Once downloaded, follow these instructions to install and run the program:

Create a folder for HJT outside of any Temp/Temporary folders and move the downloaded HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

wrong forum

And off we go to the right forum.... buckle up!

Glad you at least got it working. :)

If it turns out that the lag doesn't seem to be related to certain times of the day, there might be some software settings you can twiddle with to reduce the latency. Just as a test, the first thing I'd try is to play the game with McAfee's firewall entirely disabled. I'm obviously not suggesting you actually run the system that way, but the firewall would be the first possible suspect to eliminate.

I tried to open the Zip file that the kind person recommends but cant open that, as It asks for a file extension to assoicate it with.

Windows XP has the ability to open "zipped" files built in to it, but earlier versions of Windows do not.
If you are not running XP, you need to download a utility like WinZip or WinRAR to deal with .zip files.

Again- please do not follow up on this issue in this thread, but rather in a new thread of your own.

Hello sjc1971,

First of all- welcome to DaniWeb :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question in that thread. When you do, please give us as much specific info as possible regarding the problem (exact error messages, the exact version of Windows you are running, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

You're welcome. :)
Please keep in mind, though, that a clean HJT log is not a definitive indication that your system is entirely malware-free or otherwise uncompromised.
If you have good reason to believe that the identity theft was the result of a rootkit, keylogger, or other malicious information-gathering software being installed on your hard drive, the only way to truly ensure that all traces of the attacker's work have been removed is to totally reformat your hard drive and reinstall Windows from scratch.

Unfortunately, none of those errors relate to the problem.

* Can you find any errors in either the System or Application log which contain anything that appears directly related to Spyware Doctor, DCOM, or the exact error message you posted?

* Did you/can you try entirely uninstalling the older version of Spyware Doctor before installing the newer verison?

-

...they can't even find my modem anywhere on their system.

That, combined with the fact that it has happened with two different modems, almost definitively points to the problem being in the ISP's realm. If you want to narrow things down even further, disconnect your devices from the modem and just let it cook with nothing but the cable coax line and the power plugged into it. See if it still drops off.

What you need to do is configure Internet Connection Sharing (ICS) on the two machines; ICS will allow you to connect the desktop to the laptop via wireless, and allow both machines to access the Internet via the laptop's wired connection. A good, detailed instructional on just how to do this can be found here.

...I have an ASDL connection which is connected to a wireless hub... (bearing in mind, although different computers, they share the same IP address)

Actually, each of the computers will have its own, unique IP if they are all connected to the same network at the same time. From your description of your setup, it sounds like you have a router, not a hub; a simple hub won't allow multiple machines to simultaneously connect to an ADSL modem. Of course, the modem itself could also be a hybrid, containing not only the modem but a router as well.

Regardless- some of the basic answers to your questions are:

* The gaming PC is definitely vulnerable, just by virtue of it being on the network, and especially because the network also connects to the Internet as a whole. Keep in mind that even a fresh installation of Windows (with no other programs installed) will leave your computer configured with a number of running services which open ports on the machine through which network-propogated infections can enter. Additionally, because you have no antivirus or firewall software installed, the gaming machine is essentially open to intrusions.

* You don't really have to worry about spyware and adware programs themselves propagating from one machine to the rest of your network, as that is not a behaviour that those types of malware have. If the gaming machine is never used for Net browsing, its chances of picking up a spyware/adware infection are …