Posts by DMR

Nothing malicious in your log. :)
Are you noticing any lingering signs of possible infections, or did you just want someone to sign off on your log?

* Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for events (especially DCOM events) flagged with "Error" or "Warning". Double-clicking on an event will open a properties window with more detailed information on the error. If you do find such events, please post the deatils here.
To do so:
In the Properties window of a given event, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard. You can then paste the details into your next post here.

Oh for Christ's sake, folks- this is really disheartening.

While I close this antagonistic, sophmoric stream of ego-stroking blather, let me leave you with a couple of words to consider:

Maturity
Professionalism

-

OK- Let us know how it goes.

I will suggest that's it's better from a security standpoint to try to get the port-forwarding for StarCraft (TCP and UDP ports 6112) working rather than disabling the router's firewall entirly. The "Applications and Gaming" section of the router setup is where you do this; it's very straightforward.

The configuration utility lives in the router itself, and you can access it through any web browser. By default, the WRT54G's IP address is 192.168.1.1, so you just need to enter the following in your browser's address/location bar:

http://192.168.1.1

That will take you to the main login page. For the login, enter the following:

username: leave this box blank
password: admin (all lower-case)

Is there not just a way I can temorarly shut OFF the router firewall, and then back on when I'm done, like my software firewall?

In the WRT54G's configuration utility, go to Security->Firewall; Enable/Disable is the first option on the Firewall page.

Hi PaulPool,

First of all- welcome to DaniWeb :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

In light of that, I've split your post out of this thread and into its own new thread. That thread can be found here.

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

Shopped; definitely. If you look at the eye area closely in Photoshop you can see it.

Try performing Burton's procedures while booted in Safe Mode instead of while Windows is running in normal mode. To boot into Safe Mode, restart the computer and:

• Start tapping the F8 key just as the computer begins to boot. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.

Ever heard of google?...
Ever bothered to read threads on the same page with malloc in the title?

Ever been a Newbie yourself? :mrgreen:
Come on- try to be a little less abrupt next time. We'd like new members to feel welcomed here, not belittled.

Hi Bruce,

First of all- welcome to DaniWeb :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (the exact error messages, relevant hardware/software specs, etc.).

Also: One of our site's policies is that we don't troubleshoot via email/IM/etc., for the simple reason that having problems and the steps to their resolutions posted here in the forums can assist others in the future. Given that, I've edited your email address from post.

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

Good- that latest log shows no signs of "Nasties". :)

By the way...What would you recommend for protection with this computer

Honestly? For a number of reasons, what she should do is upgrade to the latest version of Windows XP:

* ME is an "End of Life" product, meaning that Microsoft no longer supports it nor releases patches/updates for it.
* Some of the more useful protection programs simply will not run on ME. For example- Microsoft's "Defender" antispyware utility, Windows Firewall, and Ewido Security Suite are a few of the programs that we usually use and recommend, but they don't work with Win 95/98/ME. Even HijackThis doesn't give as much system/infection information when run on an ME system as it does when run on a Win 2K or XP system.
* With Windows XP, Microsoft has addressed many of the bugs and security "loopholes" which exist in earlier versions of Windows.

If moving up to XP isn't an option:
* Keep AVG installed, and make sure its automatic online update function is enabled.
* In terms of free anti-spyware programs which work with ME, these are the ones most often recommend:
Ad Aware
SpyBot
SpywareBlaster
SpywareGuard

* Some popular firewall programs:
Kerio (now owned by SunBelt Software)
Sygate (now owned by Symantec)
Zone Alarm

Download links to the above programs and other malware detection/prevention/removal software can be found here.

* What (if anything) does the BIOS report for the CD-ROM drive?

* I'm not familiar with that particular model of HP; what options are you given when you press F2?

* The original BIOS description of the HDD (WD4000BB-75DEA0) looks right, but I'm not really sure aboutthe autodetect info; sometimes the "auto" setting reports weird or seemingly incomplete drive info.

If possible, try installing the laptop's drive in another computer as a slave drive. You'll need to purchase a 2.5"->3.5" adapter for the cabling, but unless the drive is severely damaged, you have a good chance of at least being able to pull your valuable data off of it.

1. A description of BIOS shadowing, from computerhope.com:

BIOS shadow
The process of the contents of the ROM being copied to the RAM allowing the computer to access that information quicker. This process is also known as "Shadow BIOS ROM", "Shadow Memory" and "Shadow RAM". Below are examples of messages commonly seen when the computer is first booting indicating that the portions of a ROM are being copied to the system RAM.
System BIOS shadowed
Video BIOS shadowed
Some computer BIOS setups may allow the user to enable and disable this feature. We recommend that it is left enabled; disabling this option could cause problems with some computers.

2. PXE errors are generated by the network boot ROM. In other words, the boot process is attempting a network boot (your BIOS' 4th boot option), which means that your system was unable to boot from a HDD, CD-ROM, or USB device (the first 3 boot options).

Check/reseat your connectors, especially those of the hard drive. Can you tell if the HDD is at least spinning up when you start the machine?

Oh, right... that'll do it.... ;)
Thanks for the follow-up.

Check your ide cable..Plug it back

:o Um... he did; that was the fix:

I shut down my computer and removed the ribbon cable and replugged and I did the same with the power cable. Revbooted and the drives are OK. I can only assume that a connection had somehow come loose.

Please give us the details of your drive/partition configuration, and also post a copy of your boot.ini file.

Your router was b0rked? Bummer. :(
Glad you got it fixed, though.

Oh- one thing: can you please post the details of what the problem turned out to be, and how you finally resolved the issue. Having that info here could be helpful to other members in the future.

Thanks

In your first post you said "browsers" (plural); which other browser(s) aside from IE are you using?

Checked my BIOPS settins which said Secondary IDE Slave (my CDRom drives) not installed.

I shut down my computer and removed the ribbon cable and replugged and I did the same with the power cable. Revbooted and the drives are OK. I can only assume that a connection had somehow come loose.

It's a pretty rare coincidence to have a software problem with the drives followed directly by a hardware problem, but I'm glad you were able to find/fix it so quickly.

I searched Google to find out how to access my BIOS and on my computer it is tapping the delete key whilst booting up which alerted me to a possible physical connection problem inside the computer.

Good initiative, and good work on your part! :)

Please accept my apologies for wasting your valuable time...

Absolutely no apologies needed here; we volunteer our time because we want to help people get their problems fixed.

its running so much better now that i can do the online scans as well....

Great; please do any/all of the online scans that you can. Unfortunately, a couple of the more powerful utilities I'd like to have you run don't work on ME, so hopefully the online scans can do some of that work instead.

DMR, you can't count LinuxNewbie (the old name for JL) in your list.

Oops- I meant LinuxQuestions.org. Too many penguins for me to keep 'em straight. :p

You get Paul Revere and the Raiders.

I put in bad '70s music.

Did you carefully and completely perform all of the steps I listed aside from the online scans? Many of the HJT log entries that I asked you to fix are still present, and some of those definitely should have been fixed if you did things correctly.

1. Perfect Keylogger itself is a legit, non-malicious program, but some trojans infections are known to install the program for malicious purposes. If you knowingly installed it, you don't need to worry about anything.

2. The keylogger was the only questionable item in your HJT log, and ewido found nothing serious, so the cause of the IE crashes may be of a non-malicious nature. Try the following:

* Download and run the free IEFix utility.

* Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for events flagged with "Error" or "Warning". Double-clicking on such an event will open a properties window with more detailed information on the error. If you find events which are related to IE, post the event details here.

To do so:
In the Properties window of a given event, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard. You can then paste the details into your next post here.

You're good here for now, as the problem still seems to be a security issue.

Now I only get errors when Norton Internet Worm Protection is turned on

If you're fairly confident that that's the case, we should start looking at Norton's behaviour. Norton is known to suffer from glitches which will cause all sorts of different connection/access problems, but it could also be that Norton is just configured a little to "tightly" and some of its settings (Program Control, perhaps) need to be adjusted.

Can you find any possibly helpful/relevant information in Norton's activity logs? If so, post that info here.

DaniWeb
JustLinux
.
.

Hmm... another JL Penguinista crosses over to the Dark Side. I think that makes three of us now.

Your latest HJT log is clean, and it looks like ewido detected and removed a handful of other hidden "nasties". Are you seeing an improvement in browser performance, or do things still seem as sluggish as they were before removing the maware?

Did it come up clean?

Not quite. The following HJT log entry is indicative of an infection:
O4 - HKLM\..\Run: [gaqtkj] C:\WINDOWS\SYSTEM\wyzgfy.exe
Also, the MessengerPlus2 program came/comes bundled with the Lop parasite. Uninstall MessengerPlus2 through your Add/Remove Programs control panel.

In order for housecall to work, do I need to disable system restore every time? Do I turn system restore back on now..

You don't need to disable System Restore in order for HouseCall to work. Have a read of this short article for more info on the matter of System Restore as it relates to malware removel.

Was there anything I can do to speed it up?

If you mean speed up the computer in general, you do have a handful non-critical programs running at startup, and disabling them may speed things up a bit and free up some system resources. However, you may want/use the functionality of some of these programs, so the choice of disabling them is really up to you (note that it's usually better to disable the autostart feature of these programs using their preferences/options settings rather than by removing their entries with HijackThis):

TaskMonitor
PCHealth
LoadPowerProfile
EnsoniqMixer
InkWatch
WorksFUD
Microsoft Works Portfolio
Microsoft Works Update Detection
LoadQM
SchedulingAgent
SSDPSRV
StillImageMonitor
MICROSOFT WORKS CALENDAR REMINDERS.LNK
MICROSOFT OFFICE.LNK
EXIF LAUNCHER.LNK

I really have no experience with it, but should I get a firewall? Anything else …

Hi Joe, welcome to DaniWeb :)

I don't see anything overtly malicious in your HJT log. Can you please give us more details on the DNS problems? Having the full and exact description of the error(s) would be helpful.

Also- I see that you have Norton's firewall installed. When troubleshooting any network-related issue, the first thing you need to do is to completely disable any firewall software (including XP's built-in ICF/ICS features). Simply choosing the "Disable" option in the firewall program's settings/preferences rarely turns the firewall off entirely; you will need to deselect the preference setting that tells the firewall to automatically start when Windows boots, and then restart the computers. After reboot, verify that the firewall is indeed disabled.
Keep your firewalls dropped until you get things working.

Your log shows signs of a couple of infections; let's see what else may be lurking around in your system:

Please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Download and install the following utilities:

Windows Defender - http://www.microsoft.com/downloads/d...displaylang=en
CCleaner - www.ccleaner.com
ewido Anti-malware - http://www.ewido.net/en/download/
* When installing ewido, under "Additional Options" uncheck..

1. • Install background guard
   • Install scan via context menu
2. Launch ewido, there should be an icon on your desktop, double-click it.
3. The program will now open to the main screen.
4. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
5. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
6. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run a scan with ewido yet; just close the program once the updates are installed.

Errors with Windows Firewall ,Windows Update,Windows Security..

Can you give us the exact errors, please?

No CD-ROM drive at all in Device Manager, eh? That's not a Good Thing...

* Is there any indication of the CD-ROM drive's existence in the BIOS' setup pages?

* When you insert a CD into the drive, can you hear any indication that the drive is at least trying to spin up and read the disk?

Good work- that's a clean HJT log. :)
How do appear to be working now?

Cool- glad you got it sorted. :)

You've got a handful of nasties there :(

Please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Run at least two or three of the following online anti-virus/anti-spyware scans and let them fix what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.pandasoftware.com/active...n_principal.htm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

* Download and install the following (free) utilities:
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/
Cleanup! - http://www.stevengould.org/software/cleanup/

* After installing Ad Aware and SpyBot, use their online update function to make sure you have the most current anti-malware definitions installed. Do not run scans with the programs yet; just close them once the updates are installed.

* Make sure that AVG has the most current updates installed.

* Close all open programs, run HijackTHis again, put a check mark in the boxes to the left of the following entries, and then hit the "Fix checked" button:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
R3 - URLSearchHook: (no name) - {980F223A-90A0-E554-A6AC-E53B820722C4} - C:\WINDOWS\SYSTEM\HKS.DLL
O2 - BHO: (no name) - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - (no file)
O2 - BHO: (no name) - {980F223A-90A0-E554-A6AC-E53B820722C4} - C:\WINDOWS\SYSTEM\HKS.DLL
O2 - BHO: (no …

Can you use IE long enough to download a few utilities? If so, please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Download and install the following utilities:

Windows Defender - http://www.microsoft.com/downloads/d...displaylang=en
CCleaner - www.ccleaner.com
ewido Anti-malware - http://www.ewido.net/en/download/
* When installing ewido, under "Additional Options" uncheck..

1. • Install background guard
   • Install scan via context menu
2. Launch ewido, there should be an icon on your desktop, double-click it.
3. The program will now open to the main screen.
4. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
5. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
6. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run a scan with ewido yet; just close the program once the updates are installed.

* Open your antivirus program and check …

More than you ever may have wanted to know about svchost.exe can be found here. Basically, your high CPU usage could be caused by quite a few things aside from malware infections (of which your HJT log shows no traces.)

In terms of the excess CPU usage, you might be able to narrow down the list of suspects by doing the following:

* Click on the "Run..." option in your Start menu.
* In the resulting "Open:" box, type the following and then click "OK": CMD
* At the DOS prompt, type the following command:
tasklist /svc
* Open the Task Manager by hitting CTRL+ALT+DELETE and then hitting the "T" key.
* Click on the "Processes" tab in Task Manager.
* Arrange/resize the DOS box and the Task Manager window so that you can view the full contents of each.

In Task Manager, locate the instance of svchost.exe which is hogging the CPU and note that instance's PID (Process ID).
Now locate that same svchost PID in the DOS box's list and note which services are listed as being associated with that instance of svchost.
One of those services will be culprit. Try disabling them one at a time to pinpoint the exact service, or just post the names of the services here and we can give you input from there.

>How to Keep an Idiot Busy
Provide a general discussions forum...

Lol. How true... :mrgreen:

even if you go with static IP addressing??

Static or dynamic IPs; doesn't matter. The thing to understand here is that simple switches are Layer 2 (Data Link Layer) networking devices, and layer 2 devices are only "aware" of hardware (MAC) addresses; they have no knowledge of (or ability to deal with) IP addresses, because IP addresses are a logical component of the network model.

The basic upshot is this:
* Switches cannot be assigned an IP address.
* Switches do not route network traffic according to IP addresses; they connect source and destination computers by MAC addresses only.
* Switches are unaware of the specific function of any device attached to any of their ports. To a switch, any and all connected devices are just NICs with their own unique MAC address, nothing more.
* Switches do not have WAN/Internet/Gateway/etc. subsections built in to them; to a switch, everything connected to its portds is all on the same big (or small) happy LAN.

Given that, what would the switch be able to do with the IP address that the modem would be trying to hand out? Nothing.
If all of the computers on the LAN were already assigned static IPs, I guess you could say that the switch would only do "more nothing", because the IP addressing attempts from/by the modem would not find any computers on LAN which were able to accept the address info.

Be aware though, that some …

Good work- glad you were able to find the right configuration. :)

Yes- if Norton and Spy Subtract have expired, their effectiveness is already compromised, and they'll obviously only become less and less effective as time goes on. Run Windows' firewall and Defender; those, combined with AVG and some common sense when browsing, will go a long way toward keeping you out of trouble.
I'd also highly suggest using Firefox as your web browser instead of Internet Explorer. At the very least, Firefox doesn't rely on ActiveX and other Windows components that create such nasty security loopholes in IE.

The Panda log you posted appears to be just a scan; it doesn't indicate that it actually cleaned anything. If you didn't choose to have Panda disinfect when it scan, do the scan again, making sure that the "autoclean" box is checked.

Post the new Panda scan results and a new HJT log (do the HJT scan after the Panda scan).

*Groan*
The symptoms you're experiencing could be caused by anything from lingering firewall/ICS issues to DNS problems. Without being able to look at your machine, I can't honestly tell you where the best place to start would be.
Many of the different possible causes for the error(s) you're receiving are covered in the links below; please try the suggested fixes and repost here with the exact details and results of your troubleshooting:
(Note that some suggestions involve installing IPX/SPX; do not do this.)

http://support.microsoft.com/kb/298804
http://www.experts-exchange.com/Networking/Microsoft_Network/Q_20847982.html
http://www.experts-exchange.com/Networking/Q_20877736.html
http://forums.whirlpool.net.au/forum-replies-archive.cfm/441615.html
http://hidev.com/Technical/neterrors.asp

OK- things still look pretty nasty, but we need to take care of something before we continue: Your HJT log indicates that are running both Norton's and AVG's anti-virus programs simultaneously; that is not recommended, as serious conflicts can arise between the two. It's OK (and advised) to run multiple anti-spyware tools, but you need to choose only one anti-virus product and disable/uninstall the other.
If your subscription to Norton has expired, uninstall that program. If your subscription is current, and Norton AV is installed as part of the whole Internet Security Suite, you may want to keep that program and uninstall AVG.

Regardless of what you choose to do:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Download and install the following utilities:

Windows Defender - http://www.microsoft.com/downloads/d...displaylang=en
CCleaner - www.ccleaner.com
Symantec's ISTBar Removal Tool - http://www.symantec.com/avcenter/venc/data/adware.istbar.html
ewido Anti-malware - http://www.ewido.net/en/download/
* When installing ewido, under "Additional Options" uncheck..

1. • Install background guard
   • Install scan via context menu
2. Launch ewido, there should be an icon on your desktop, double-click it.
3. The program will now open to the main screen.
4. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
…

Thanks for the info thus far; repost the rest when you get a chance.

Don't sweat it; moving a thread is no big deal. :)

Thank you very much for your help, much appreciated to have someone who seems to know what they are talking about, and not just some computer generated reply from someone who is reading a script and following a flow chart !!!! (as i think i got from McAfee !!)

Cheers,

Dave

Lol. Glad we could help, and no- I'm definitely not a computer-generated reply. At least I don't think I am, but if I stay logged on to this site for much longer, I might become one... :p