Posts by DMR

Agreed. Small percentages of fragmentation won't cause any performance decrease that the user can notice, but once you start getting into double-digit percentages of fragmentation, you will notice an overall "sluggishness" start to set in. There's no single schedule for defragging, because (as nizzy1115 alluded to) fragmentation results from adding, deleting, and modifying files; the more of this you do, the more quickly your drive will become fragmented.

Off to start another thread :eek:

Thanks- that would be the thing to do.

And now, we return you to your regularly-scheduled question... :mrgreen:

Mechoopda,

O'Reilly Press has a long history of publishing very good computer books; check out these links to some of their Windows XP and Microsoft Office titles:
http://www.oreilly.com/catalog/winxpfstmm/
http://www.oreilly.com/pub/topic/windowsprograms

Also- believe it or not, the "For Dummies" series of books by Wiley Publishing are usually considered (by experienced users as well as "dummies") to be quite useful and informative:
http://www.dummies.com/WileyCDA/Section/id-100086.html
http://www.dummies.com/WileyCDA/Section/id-100094.html

Aonther satisfied customer; now that's what we like to see.
Glad we could help you get it fixed before you had to go out and buy a toupee, ciderman22! :mrgreen:

Yup- just remove it; that's all you need to do.

Thanks for the info Laser and cozofdeath; you two remembered what I'd forgotten...

With a router installed, you want/need to enter the necessary info (connection protocol, username, password, and possibly MAC address) in the router's setup pages to allow it to take care of connecting/authenticating to the modem instead of having that process be performed by the workstations. Once you've done that, you do not use a PPP connection between the computers and the router; you simply connect to the router via DHCP over the normal Local Area Connection.

Who is your current ISP? I'll try to find out exactly what configuration/protocol they use in their modems; that will tell me what info you need to plug in to the router to get this happening.

VIRUSOFDEATH,

You need to:

* Slow down a bit and focus. You are making many rather extreme assumptions based on very scattershot and disparate "facts", some of which actually point to nothing conclusive whatsoever.

* Stop posting IN CAPITAL LETTERS, andstartusingproperpunctuationandspacings; you're posts are extremely difficult to read. We need to be able to easily distill the relevant facts from your (rather lenghty) posts.

* Start posting more specifics about exactly where you have found information regarding this problem, and what exact diagnostic programs you have run. Knowing the name of the rootkit detection programs you have used, and seeing the full and exact text of their reports, would be of help to us. Also- telling us where/how you determined what commands the virus is running and other of its activities would be a Good Thing.

Disregarding the rather broad statements such as: "THE LAST FILE IS PROBABLY ONE OF THE VIRUSES AS MOST OF THE I386 FILES ARE RUN IN SEPERATE PROCESSES.
THE VIRUS IS CONTROLLING ALL THE DRIVES AND INPUT DEVICES BY LOADING THEM WITHIN ITSELF. LITERALLY, THE CD DRIVE IS LOADED IN THE HARD DRIVE...", none of the concrete facts that you have posted (the values of your environment variables, the results of the ZA installation, the contents of the HJT and L2MFix logs, the entries in your autoexec.bat file, etc.) point to anything amiss whatsoever.

We need to know the exact errors before we can tell you what to do about them. If you choose to fix the problems manually instead of having Norton fix them automatically, WinDoctor will give you specific details of each problem before taking any action in terms of a fix.

What you're describing vaguely rings a bell, but I can't remember exactly what causes the color-change. Can you provide a couple of details please?

* Do the files appear in blue when browsing them in Windows Explorer, when browsing through Word's File/Open... menu option, or both?
* Do the colored files have anything in common such as their type/extension or some other attribute?

The router settings are probably OK; that error is usally a result of a misconfiguration on one or both of the workstations.

* Is the router connected to the Internet? If so, can both computers access the Net with any problems?

* Here are some things to check, and some troublehshooting steps to try. When going through the steps, please perform all of them, and give us the detailed results of each and every one in your next post:

1. When troubleshooting any network-related issue, the first thing you need to do is to completely disable any firewall software (including XP's built-in ICF/ICS features). Simply choosing the "Disable" option in the firewall program's settings/preferences rarely turns the firewall off entirely; you will need to deselect the preference setting that tells the firewall to automatically start when Windows boots, and then restart the computers. After reboot, verify that the firewall is indeed disabled.
Keep your firewalls dropped until you get things working.

2. Make sure the two computer's IPs and the router's IP are all in the same network range. If the router is configured as a DHCP server, it should supply the correct addressing info for you; you can check the computers' IP info by opening a DOS box and typing the following command at the prompt:

ipconfig /all

3. While still in the DOS box, verify basic connectivity by pinging the IP of each machine and the router. …

I thought so. See what happens to your brain when you spend 14 hours a day online here? :mrgreen:

I guess your hunch was right- seems like it was McAfee, eh?

You will also need to get an antivirus. I reccomend ewido.

Erm... ewido is great for spyware and the like, but a dedicated anti-virus program it is not. :o

AVG is a great choice for your anti-virus utility, and it's free (forever) for personal use.

Okay, what I did was plug the DSL cable into port 1 of the linksys, and port 2 to my NIC, and port 3 to my roommates NIC. Weird thing is my PC is connecting to the net fine and his isn't...

Ah, crud- I forgot about that possibility. Here's what's happening: Your ISP is only allowing one machine to connect at any given time (giving out only one IP address), and maybe authenticating your computer by its MAC address. When used as a full router, the linksys would provide support for multiple computers via NAT; when using only the switch side of the Linksys, NAT is not available.

You will either have to get a multiport combo modem/router from your ISP or correctly configure the Linksys to work with your current modem/router. The exact setup for the later option will probably depend upon what method your ISP (and the modem they gave you) is using to serve you your IP info (PPPoE, DHCP, PPPoA, etc.).

One thing that would be useful to know in regard to getting the Linksys to work: Are you using (and do you need to use) special connection software supplied by the ISP in order to connect to the Internet? Does your configuration mention the use of PPP or PPPoE anywhere?

I think you'll have to flash the 2nd Linksys with a certain piece of 3rd-party firmware in order to get that to work; consumer-grade routers don't natively have the ability to wirelessly bridge to each other.
Here's some linkage to the firmware, as well as info on the whole concept:

http://www.sveasoft.com/
http://forums.anandtech.com/messageview.aspx?catid=36&threadid=1513386&frmKeyword=&STARTPAGE=1&FTVAR_FORUMVIEWTMP=Linear
http://thisisfanzoo.com/blog/archive/2005/02/12/488.aspx
http://www.oreillynet.com/pub/a/wireless/2003/08/28/wireless_bridging.html

I'm not sure if its spyware now, could it be Mcafee trying to get a virus update?

That's along the lines of what I was thinking- one of your valid programs not being able to make a connection.

It probably is a message from a legit program; here are the programs/services I see in your log which could be trying to "phone home":
The GMail components
The McAfee components
Yahoo Pager (YahooMessenger.exe)
jusched.exe (Sun Java Updater)
eMule
iPodService.exe
Trillian

You can try to determine the exact culprit by:

1. Disabling the startup programs/services (one by one) by using msconfig.
2. Checking for clues in the Application log via the Event Viewer utility in your Administrative Tools Control Panel.

Your log shows signs of multiple infections. Don't worry though, we'll get you on the road to recovery very shortly.

Gotta go now, seriously. It's 1:15AM in my world, and [IMG]http://www.stevewolfonline.com/Downloads/DMR/Visuals/sleep.gif[/IMG] [IMG]http://www.stevewolfonline.com/Downloads/DMR/Visuals/sleep2.gif[/IMG]

That's better; thanks. I have to log off now, but one of our other troubleshooters should be coming online soon. Hopefully they'll pick up on this before I return tomorrow night.

I'm not sure about freeware alternatives, but hopefully someone else will have a few ideas...

What I want to do is take the hard drive out of my computer that has what I want to back up (as well as Windows XP on it) and change the jumper settings to slave. Then change the boot order to have the computer look at it very last while installing it in my dad's computer.
And my question is this - Installing it this way will keep my dad's computer from booting from my copy of Windows XP, while allowing me to access and back up my files, won't it?

That's exactly right.

I'm not sure what would happen booting from a different version of XP that's in a machine it wasn't installed on, but my intuition tells me that it would probably be trouble...

Yes, that would be what is known as a Bad Thing. :mrgreen:

The limit is technically 137G, although you may see a figure slightly lower. The limit may be imposed by the OS, but it may be imposed by the motherboard/BIOS. Drive manufacturers also sometimes install a limiting jumper on drives larger than 137G; check your hard drive's documentation on that or give us the exact make/model of the drive.

In terms of the OS, you'll need to be running Win 2000 Pro or Server with Service Pack 3 (or higher), or Win XP Home or Pro with SP1 or higher.

Much more information concerning your entire configuration would be helpful.

* What files are being served, and by what applications (Samba, Apache, etc.)?
* "...several computers could'nt access the server..." Couldn't access by which methods (network browsing, pings, share-mapping, via HTTP, etc.)?
* What operating systems (including versions) are the client computers running.
* when did these problems start to occur? Give us as much background history as possible.
* What exact steps (if any) have you taken so far to try to resolve the problems? What were th exact results of those steps.
* Give us the full and exact text of any error messages you may have encountered which relate to the connection/access problems.
* Give us the details of your network's physical configuration.

"IRQL_NOT_LESS_OR_EQUAL" errors usually include a string of numeric "STOP" codes beginning with something like "0x000000D1", and also sometimes list the name of an offending Windows file.
Please give us the exact Stop code and name of the file (if any).

In general, IRQL_NOT_LESS_OR_EQUAL messages indicate a problem with a device driver or, more commonly, a fault hardware component such as a RAM module or video card. Given the (very good) possibility of a hardware fault, and considering that the computer is brand new, your best bet is probably to return it to the place of purchase.

One thing to clarify first: how are you planning to connect the two routers together? There's a big difference between trying to simply cascade two routers via a CAT5 cable and trying to bridge them wirelessly.

Norton/Symantec's "Ghost" program will do what you describe, and the program's usage is pretty straightforward.

Judging by the (abnormally short) list of running processes at the beginning of your log, it looks like you ran HJT while booted in Safe Mode. If so, please run HJT while booted normally and post that log.

I will put up the message in some time here.

The sooner you can do that, the better, as the symptoms you've described aren't those normally associated with virus or spyware infections.

Hi Ek-o, welcome to DaniWeb :)

There are no signs of anything malicious or otherwise amiss in your HJT log.
Can you give us any more details about the popup messages? Things like a description of what the popup windows look like, knowing which program is delivering them, knowing whether your entire Internet access is disrupted when they occur, etc. would help us.

Glad you got things back to normal without too much pain.

"Smitfraud" is the name given to one (growing) group of malware which infects your computer with fake spyware warning messages and other scare tactics designed to goad you into purchasing the full commercial versions of certain supposed "spyware removal" products such as SpyFalcon, SpyAxe, SpySherrif, and Antivirus Gold.

Hi scorpi04, welcome to our site :)

A very good set of instructions for removing variants of the SpyFalcon family of infections can be found here.

Please follow the instructions carefully and fully. Once you've completed the disinfection process, post a new HijackThis log here, along with the contents of the C:\smitfiles.txt log that was created during the removal process I linked to.

OK- step #1 in the cleaning process:

Download the (free) HijackThis utility:

Once downloaded, follow these instructions to install and run the program:

Create a folder for HJT outside of any Temp/Temporary folders and move/extract HijackThis to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

You've still got a few Gremlins in your system; please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

1. Download and install the following utilities:

CCleaner - www.ccleaner.com
ewido Anti-malware - http://www.ewido.net/en/download/

- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.

- Open Windows Defender and check for/install the most current updates. Close the program after you've verified this.

- Open AVG and make sure that it has the most current virus definitions installed. Again- don't scan yet, just close the program once it's updated.

At this point, please close/quit all open programs and disconnect from the Internet.

2. Run another HijackThis scan, place a check mark in the boxes to the left of the following entries, and then click the "fix checked" button:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O4 - HKLM\..\Run: [win3208341181720] C:\WINDOWS\win3208341181720.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwintqaf.exe CORN001
O4 - HKCU\..\RunServices: [Load Functions] c:\windows\system32\kikl\kolder.exe c:\windows\system32\kikl\dirote.exe
O4 - Startup: Zeno.lnk …

Bugger. I've never seen SmitFraudFix hose a computer before; not in my real-life work nor in online troubleshoots.

* Where exactly in the boot process does the system freeze?

* Are you able to boot if you choose the "Last known good configuration" option (found in the same boot menu where you found the Safe Mode option)? Try that and let us know the results.

Hi tsahajdack,

Your latest HJT log is clean :)
However, I'd recommend that you keep the computer off the Internet as much as possible until tayspen comes back online and is able to sign off on this.

1.Spybot search and destroy.

2.Norton antivirus software.

Nope- neither of those utilities will entirely remove that family of infections.

Hi azzbel, welcome to the site :)
I'm moving this to our Viruses, Spyware, and other Nasties forum; you'll get assistance there shortly.

Unfortunately, disabling NAT involves more than just a button click; configuring a router to work as I descibed in my second option can take a bit of twiddling sometimes. Try the uplink port configuration and get back to us with the results when you can...

Let's look a little deeper:

* Download RootkitRevealer into a new folder of its own and unzip the contents of the downloaded file into that folder.
* Open the RootkitRevealer.exe program and click on the "Scan" button in the lower right-hand corner of the main window. When the scan completes, the findings (if any) will be displayed.
* If the program does find malicious items, click on the "File" menu option at the top left of the program window and choose the "Save..." option. Save thescan report file in the RootkitRevealer folder you created; the file will be named RootkitRevealer.txt.
* Double-click on the txt file to open it in Notepad and then Cut-N-Paste the contents of the file into your next post here.

* Download SilentRunners.vbs, save it into its own folder, and then double-click on it to run it. If you get a warning prompt about running script files, choose to allow the script to run. It will save a log file into the Silent Runners folder; post that log along with the RootkitRevealer report.

Negative, the modem has only one port...I'm including a link to the webpage for it...

Ah, I see- it's a LiteLine model, not a Versalink, although judging from the 192. address you're getting, it looks like it's one of the liteline models (6100, maybe?) that does have a built-in router.

The easy solution is to wire the Ethernet port on the modem to one of LAN ports on the Linksys (instead of connecting it to the Linksys' Internet/WAN port). This bypasses the router functionality of the Linksys and basically turns it in to a glorified switch. The "pro" of this is that there is no need to configure anything on the Linksys; the "con" is that it does eat up one LAN port on the Linksys. If you do wire things this way, you may need to use a special "crossover" Ethernet cable (instead of a normally-wired cable) to connect the two devices. This will be the case if Linksys has no "autosensing" or "uplink" port .

The other option is to connect the router to the modem in the way you normally would (which, from the sound of it, is what you originally tried). You would then either disable NAT on the Linksys so that it passes through the DHCP-assigned IP info supplied by the modem, or configure the Linksys with the correct settings to allow it to route from its own network to that of the modem.

Let us know which option sounds good to …

Hi fld2000,

First of all- welcome to DaniWeb :)

As per our forum rules, members should not tag their questions on to a thread previously started by another member (regardless of how similar the problems may seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please read this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

megaman99,
tayspen is correct; you need to start your own thread in this forum and post your log in that threead. We will help you out from there.

ok, i still have a prob :evil: .
sometimes i got redirected from google searching.
the first adress is: 'http://85.255.113.26/' then it apears another page...

You've got a variant of the SpywareQuake scumware; the entire range of IP address range of 85.255.112.0 - 85.255.127.255 is owned by the fine folks who distribute the infections.

Please give us a fresh HJT log (it's been a while since your last post) and we'll take it from there.

I don't think TP-Link themselves have a Linux driver, but you might have a try at implementing ndiswrapper with their Windows driver. A generic Linux driver for the chipset used by the WN-620G might be available, but I don't know exactly which chipset that model uses.

I got it. It seemed rather sparse/bland; didn't catch me, so to speak.

Also- it appears that you have disabled some startup items using the System Configuration Utiity (msconfig). In order for HijackThis to render a full report of the possibly malicious items on your computer, you need to reactivate all currently disabled programs. To do so:

* Click on the "Run..." option in your Start menu.
* In the resulting "Open:" box, type the following and then click "OK":
msconfig
* In the "General" tab of msconfig, select the "Normal Startup" option and then click "OK".
* Reboot your computer, run HijackThis again, and post the new log.

I don't see any signs of infections in your log. What exactly do you mean when you say: "symantec keeping dozen of mail"? Please post any and all details possible.

Glad you got it sorted.
Can you post the details of how you solved the problem, please? That info could be helpful to others who might find themselves experiencing similar trouble.

Thanks.

The Westell itself (which definitely has a built-in router if it's a Versalink model) has 4 Ethernet ports and wireless capability as well, right?
If so, do you really need the Linksys at all?

...a public utility like citizen band..or at least one should be set up for such a use...

You're right, and open, public-access WiFi networks do exist in many areas.
Unfortunately, most consumer-grade wireless networking devices are also "open" by default; they rarely have any security applied at all in their "out-of-the-box" configuration. If you detect a network whose network name (SSID) is something "Linksys", "Netgear", "Default", "Wireless", or "WLAN", you're almost certainly dealing with one of these kinds of devices.

this is just a local signal im picking up in range...

Yeah, I thought that was the case.
I know that jumping on to some random unsecured WiFi network to get Net access is pretty common and pretty benign, but technically you are trying to gain anouthorized access to a private network. I hope you can understand that because you don't have permission to access this network, we can't help you do so. Offering assistance for that kind of thing runs contrary to our forum rules regarding topics of possibly illegal activities.