Posts by DMR

Default Gateway . . . . . . . . . :

The IP address of the Internet gateway device is not being passed to you for some reason, so your computer doesn't know where to send Internet-bound traffic.
Ask whoever administers the network if there are any specific settings you need to configure on your end.

What is the exact make/model of the new "modem"? It sounds like it may really be a combo modem/router.
For that matter, give us the make/model of your router as well.

Unfortunately since you don't have a domain controller you'll have to enable the 'GUEST' account ...

Or create an identical user account on both computers, which would be not quite as "dirty" a fix.

I moved to a new place and have been given an outlet to an ethernet connection, and the router cannot obtain an ip address from it.

And to what device does this magical new Ethernet outlet you've been given connect? :mrgreen:

Ok, all kidding aside- it would be helpful if we knew what device the router is connecting to at the other end of that Enet port.

...cause she says she keeps get this pop ups for AOL virus check.

She's running a good deal of AOL software; does she need to have it installed? The popups are coming from pieces of AOL software which appear to be legitimately installed on her computer, so this isn't really a question of some malicious infection...

Hi Angry Jetster, welcome ot DaniWeb. :)

One of our members (dlh6213) has posted a very good HijackThis overview, which you can read here.
In that article, he also links to a good description (written by our friends over at Bleeping Computer) of the meanings of the specific categories of entries found in HJT logs; give that tutorial a read as well.
You can also browse through the threads in our Viruses, Spyware, and other Nasties forum to get an idea of how HijackThis is used help identify and remove malware.

One word of warning: Do not attempt to perform any fixes whatsoever with HijackThis unless you are doing so under the guidance of a troubleshooter well-versed in HJT log analysis! You can delete absolutely valid and critical components of Windows if you don't know exactly what you are doing.

It's all speculation.

Do the hidden files and folders mentioned in the article exist?
Absolutely, although many of them aren't nearly as "invisible" in Win 2K or XP as they are in Win 9x (the article targets Win 9x specifically in terms of file/folder names and locations).

Did MS "hide" files and folders for nefarious reasons?
I'm not even going to touch that one. I may make jokes about The Great Satan and The Beast of Redmond, but I'll bet lazy/sloppy coding practices are as much the root of the issue as anything else.

In addition, Microsoft is by no means the only "guilty" party in this regard- I can give you the names of dozens of obscure Netscape, Mozilla, Apple, Linux/UNIX, etc. files which store exactly the same types of private (and possibly embarrassing) user data that the article's author is concerned about.

The upshot is this: The raw facts presented in the article concerning the invisibility of certain Windows files/folders are essentially true, but the paranoid, conspiratorial wordcrafting used by the author gives the whole thing a *cough* rather biased tone.

[IMG]http://www.stevewolfonline.com/Downloads/DMR/Visuals/nono.gif[/IMG] Ok guys, enough chit-chatting in JediSange's thread; back to work now... :mrgreen:

Hi indoshakermaker,

First of all- welcome to DaniWeb :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread in this forum, post your question there, and one of our members will assist you as soon as possible.

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

Hi Blueprint,

First of all- welcome to DaniWeb :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread, post your question there, and one of our members will help you out as soon as possible.

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

I'll need to wait for the laptop, but will post shortly.

Ok- post when you can; we'll be here...

If you can tie the two routers together with a CAT5 cable, the setup is fairly straightforward, but if you need to bridge the two devices wirelessly, things get more complicated. With those two specific devices, I'm not sure that the wireless bridge configuration will work at all.

Due to the fact that the member who originally started this thread has not responded in quite a long time, this thread is considered abandoned and has been closed.

In accordance with our posting rules, other members having similar questions or problems need to start their own threads and post their questions there.
In order to help us help you most quickly, please include as much information about your problem as possible in your posts.

If the member who originally started this thread wishes to have the thread reopened, please send your request, including a link to this thread, to one of our moderators via email or Private Message.

Thank you.

Hi lolper,

First of all- welcome to DaniWeb :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your HijackThis log in that thread; one of our troubleshooters will help you out from there.
For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

Good work, tolip; that's a clean log :)

Very cool; glad that worked! :)
I've had a couple of instances where a second reboot was needed as well; I'm not sure why it doesn't always take the first time.

By the way- here's a link to Microsoft's description of the whole issue if you're interested:
http://support.microsoft.com/kb/q270008/

OK- post when you can; we'll be here.

Hi samsada,

First of all- welcome to DaniWeb :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, makes/model #s of your hardware devices, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

The type of computer doesn't actually make a difference when it comes to this particular problem.
Please run the "fix" script I provided in my last post; it repairs the Registry corruption which usually causes the "disappearing" CD/DVD drive syndrome.

The drives for my CDRom and CD Burning are suddenly missing

Yup- they do that sometimes... :mrgreen:

* Download the attached xp_cd_dvd_fix.zip file.

* Right-click on the file and choose the "Extract all..." option; follow the Wizard's prompts to extract the enclosed xp_cd_dvd_fix.vbs file.

* Double-click on xp_cd_dvd_fix.vbs to run it. If you receive a confirmation or warning message asking if you really want to run the script, choose YES. When the script finishes running, you will get a message saying that it has done so, and that you should reboot.

* Reboot the computer, and then check Device Manager; your drives should be present again.

When you say "combine these networks", are you asking if you can have each router manage a different network/subnetwork but have data freely routable between those two networks, or are you asking if the two routers can simultaneously act as access points for the same logical network?

That is, for example: do you want router #1's computers to use the 192.168.0.x network range and router #2's computers use the 10.x.x.x range, but have data freely shared between those two networks, or do you want all devices configured to use the same network range (the 192.168.0.x range, say)?

Hi folks,

From now on, please use the "Advanced Reply" or "Quick Reply" button instead of the "Quote Reply" button when you post. As you can obviously see, the "Quote Reply" button includes the entire text of the other person's previous post in your post, thereby doubling the length of the thread and making the thread rather tedious to scroll through and difficult to follow.

Thanks. :)

St3v3boy,

A broadband router should share the Internet connection pretty evenly among the computers connected to it, unless one of the computers is engaged in massive BitTorrent downloads or other bandwidth-intensive activities.
In other words, unless there's a critical piece of information that we don't have concerning your setup, one computer should not be slower than the other when both are connected to the Net through a router.

A couple of thoughts:

1. In your original configuration, the CAT5 Ethernet cable connectiong the laptop to the desktop machine would (or at least should) have been a specially-wired "crossover" cable. Now that you are using the router, the cables between the router and each computer should be of the normally-wired, non-cfrossover type of CAT5 cable.

2. Please do the following on each computer in order for us to at least see a bit of your baseline IP configuration info:

* Click on the "Run..." option in your Start menu. In the "Open:" box of the resulting window, type "cmd" (omit the quotes) and hit Enter. …

If you receive that message from McAfee again, please try to get the exact name and folder location of the file McAfee is flagging if possibe. That will give us a bit more to work with.

joyleigh,

Your log indicates that you have a trojan infection which will, among other things, try to prevent many antispyware and antivirus programs from running. If jhay116's procedures do not work when booted normally, try them in Safe Mode as well. Even if you cannot get ewido to do its online update, run the program anyway if possible and have it fix what it can.

Hi niik, welcome to DaniWeb :)

I can think of at least a couple of reasons that you can't reach Internet sites through that connection:

1. The network is not secured with encryption or a password, but Internet access is controlled by a proxy server on the network... good luck hacking past that.

2. The DHCP server on the network is assigning your computer a valid IP, but isn't passing you DNS server IPs. You can verify this by doing these steps while connected to the network in question:

* Try reaching a site by its actual IP address instead of its URL. For example, open a browser and enter the following in the address/location bar:
http://66.102.7.99
If that takes you to Google, chances are pretty good that you've got a DNS problem.

* Click on the "Run..." option in your Start menu. In the "Open:" box of the resulting window, type "cmd" (omit the quotes) and hit Enter. This will bring up a DOS window.
At the DOS prompt, type the following commands, hit Enter after each, and tell us the results for each command (if DNS is working properly, you should receive 4 positive responses from Google, followed by some summary info):

ping 66.102.7.99
ping www.google.com

* Again at the DOS prompt, type the following command and hit Enter. You won't see any result from the command, but when …

It's a beta version; of course it crashes. :mrgreen:

The term "beta" implies:
1. That it is not a finished release version of the program.
2. iThat it does have bugs and programming errors.
3. That you use it at your own risk.

A monitor icon, tho?

Tray icons for touchpads can look like monitor icons, but if you blow the image up you can see where the icon also looks a lot like the large, square touchpad wth the smaller rectangular left/right "mouse" buttons below it.

Try toggling the touchpad on; I'll bet the icon changes.

Nothing else comes to mind right now, but if it does, I'll post it. Hopefully one of our other members will be able to offer some suggestions in the mean time.

You're welcome :)
Feel free to ask if you have any questions along the way....

(If this turns out to be something perfectly normal that's supposed to be there, I'm going to be beaucoup embarassed :cheesy:)

Er, um, well... how do I put this nicely? :mrgreen:
That icon looks suspiciously like the indicator for your laptop's touchpad status; the "red X" would indicate that the touchpad is currently disabled...

The Good News: Your computer has built-in wireless circuitry, so getting that configured shouldn't be difficult.

The internet I have on current home computer: Modem Voyager 105 USB ADSL modem.

*Groan*... and that's the Bad News:

Unfortunately, that modem only allows you to connect one computer to it at a time, and it only has a USB connection for that computer (it has no connection for an Ethernet network cable, and no wireless capability).

Ideally, you want to get (possibly from your ISP?) a modem with a built-in wireless router; this will obviate the need to purchase a separate wireless broadband router. A broadband router will be necessary with your current DSL modem, as the modem alone only allows for one computer connection. You'll also need topurchase a USB-to-Ethernet adapter for your modem, which will allow you to add a wireless router without too much hassle. Such a setup would give you the capability of connecting multiple computers both by Ethernet wiring and via wireless.

Looks clean to me.

Looks clean to me as well.

Glad we could help, Crissa86 :)
Does everything appear to be OK now? If so, we can mark this thread "solved".

1. Can you print documents from the local computer? Delete all currently-pending print jobs before trying this.

2. I know it sounds obvious, but make sure that the "Use printer offline" option in the printer's Properties/Preferences isn't checked.

Click on the "Run..." option in your Start menu, enter the following in the resulting "Open:" box, and hit OK:

services.msc

That should open the Services utility.

Just because it says the file's missing doesn't mean the its invalid--the majority of the time, the folder's there, just HJT misses it. Rather, look at the file in general, not whether its present or not.

Yes- please be careful of the "file missing" entries. For one thing, there are known issues with HJT's reporting of certain files (including the Sun Java file in Sascha's log).
Also, some components of anti-virus/anti-spyware utilities seem to use a protective mechanism to make themselves "invisible" to malicious software (which might try to disable/delete the components as part of the infection routine); these files will also be reported as "missing" in a HijackThis log.

1. C:\DOCUME~1\Guenther\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

The log entry above indicates that you are running HijackThis from within a Temp/Temporary folder. You are also running the program from within its original ".zip" archive folder (that is, you never unzipped/extracted the actual hijackthis.exe program into its own new folder after downloading it).
Please do the following:

Create a folder for HJT outside of any Temp/Temporary folders and extract the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.

2. Your latest HJT log looks like it comes from a scan done while still in Safe Mode. Please run a HijackThis scan while Windows is booted normally and post that log. There is at least one infection indicated in your current log, but the new log may reveal more.

Hi WhiteRabbit,

A) I've merged your other thread into this one; bouncing back and forth between the two threads was making me seasick. :mrgreen:

B) Would it be possible for you to post a screen shot of the "mystery icon"? A picture of the beastie might give us a better idea of what it is/where it comes from.

1. Open the Services utility in your Administrative Tools control panel.

* In the list of services, locate the service named "Userinit Logon Verification" or "UsrInitVerif" and double-click on it.
* In the General tab of the Properties window that opens, click the Stop button if the service is not already stopped.
* Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK. Close the Services utility after that.

2. Run HijackThis again. Click on the "Config" button in the lower right corner of HijackThis' main window. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:
UsrInitVerif

Close HijackThis after that.

3. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu; check "Show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
Look for the C:\WINDOWS\userinit.exe file and delete it if it still exists.
** Caution: There is a valid Windows file named userinit.exe that lives in the C:\Windows\System32 folder. Do not delete that file!! **

3. EWmpty your Recycle Bin, reboot the computer, run HijackThis again, and post the new log.

Hi phildlee,

Your latest HJT log still shows signs of infections, so let's go a little deeper.

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

A) Please visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/active...n_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall60.trendmicro.com/e...orp.asp?id=scan
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Also run this online trojan scanner

TrojanScan

B) Download and install the following utilities:

CCleaner - www.ccleaner.com
Webroot Spy Sweeper (14 day free trial) - http://www.webroot.com/shoppingcart/tryme.php?bjpc=64011&vcode=DT02&WRSID=b4b40cd432b9e43eb90d3ce83c4deeab
Windows Defender - http://www.microsoft.com/athome/security/spyware/software/default.mspx

- Open Spy Sweeper, click on "Options", and then click on "Update Definitions" under the Program Options tab. Do not run a scan yet; just close the program once the update completes.

- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.

- Open Norton and use its Live Update feature to make sure that it has the most current virus definitions installed. Again- don't …

1. A question about this HJT log entry:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.32.57.200:50050

That entry indicates you are routing through network port 50050 on a proxy server with the IP address of 61.32.57.200. Does any of that sound familiar to you? If not, include the above line in the list of HijackThis fixes given in step #2 below.

2. Run another HijackThis scan, put a check mark in the box to the left of the following entries, and then click the "Fix checked" button (close HJT when it completes the fixes):

O2 - BHO: (no name) - {01190249-0562-4FB5-85E3-381671BAFB5C} - C:\WINDOWS\System32\pmnli.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://nprotect.roseonlinegame.com/n...etizen/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.roseonlinegame.com/n...rypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A89AF12-67AB-45B0-856D-C166FC75D94D}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{787FC45B-3876-46B2-9C12-CBD57DDB6BED}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{B67D7C15-4791-4A71-898D-9C28FEC74934}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A89AF12-67AB-45B0-856D-C166FC75D94D}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A89AF12-67AB-45B0-856D-C166FC75D94D}: NameServer = 85.255.116.131,85.255.112.165
O20 - Winlogon Notify: pmnli - C:\WINDOWS\System32\pmnli.dll

3. Download VundoFix.exe to your desktop.
* Double-click VundoFix.exe to run it.
* Click the "Scan for Vundo" button.
* Once it's done scanning, click the "Remove Vundo" button.
* You will receive a prompt asking if you want …

Have you tried running the anti-spyware utilities while booted into Safe Mode? (You get to the Safe Mode boot option by hitting the F8 key just as your computer is starting up).

Hi daruk,

You do show signs of infection, but you are using an outdated version (1.99.0) of HijackThis. Please download the current version (1.99.1) and post the new log.

Hi qinteriors, welcome to our site :)

We'll need more specific information in order to help you most quickly; can you please tell us:

* The brand and model of the laptop.
* What type of Internet service you already have in the house (cable, DSL, or dial-up).
* If you have cable or DSL, does your current computer connect directly to the cable/DSL modem? If so, what is the exact make/model # of the modem.
* If you know that your current setup includes a broadband router or a switch, please give us the make/model of that device as well.

Very sorry we didn't provide you with free asssistance within your desired 2-hour timeframe.
Don't worry though, I'm sure that one of your local computer repair shops will rush right over in a 1/2 hour or so and take care of your problem at no charge.
Good luck in your endeavors.

...... but how do i fix that?

* Run another scan with HijackThis.
* Place a check mark in the box to the left of the following entry:
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\SYSTEM32\winbrume.dll (file missing)
* Click the "Fix checked" button.
* Once HijackThis has completed the fix, close the program and reboot.
* Once rebooted, run one (hopefully) final scan with HJT to make sure that the "O2 - BHO: (no name)" entry is no longer present. Post that final log file here.

Glad you finally got it sorted out...

Last thing, could ya mark the thread as solved?

Got it...

the only problem she experienced was a popup from one of the other spyware removal tools she installed earlier called Spyware Doctor which tells her that she's got the Alexa spyware app. Does ewido/ccleaner remove Alexa?

ewido should clean Alexa, as should Spyware Doctor.
Alexa (owned by Amazon.com) provides web search and website information services mostly accessed through the installation of their search toolbar plugin. Unfortunately, Alexa does do a fair amount of "behind-your-back" information-gathering for marketing purposes, so it is detected as spyware. Alexa partners with a lot of companies, so their software is often bundled with other downloads; your cousin may have inadvertently installed the toolbar while installing some program she downloaded. If that's the case, she may be able to uninstall the toolbar through the Add/Remove Programs control panel; if not, she can have ewido or Spyware Doctor remove it.

Otherwise, she's in great shape. Thank you again, DMR for all your help and advice!

Glad to hear that the major nasties have been disinfected, and we're glad we could be of assistance. :)

If the downloaded program is the only .exe that gives you the error, the 3 most common reasons for that would be:

1. The download got corrupted.
2. The downloaded file is not compatible with your version of Windows.
3. The downloaded file is malicious.

The HijackThis log is clean, which is a Good Thing :)
Have her "kick the tires", and also see if you can get a good resend of the ewido log if possible. The ewido reports can be pretty illuminating in terms of letting us know what specific components of the infection(s) were found and what was done about them.