Posts by DMR

When I type in the 1st line CD%windir% etc etc , and press enter , I get :- file name directory name or volume label syntax is incorrect.

One possibility: There is a space between "CD" and "%windir%\system32\ThreadMaster"; if you don't type the space you'll get such an error.

Also: "%windir%" is a variable whose real value is the actual name of your Windows folder. On Windows 2000 systems, that folder is "C:\WINNT", and on XP systems it is "C:\Windows". Therefore, you can use the following syntax of the CD command instead of the one given in the instructions:

CD C:\Windows\system32\ThreadMaster (if you have XP)

or:

CD C:\WINNT\system32\ThreadMaster (if you have Win 2K)

If using one of the above commands gives you no errors, the DOS prompt should then display the C:\%windir%\system32\ThreadMaster path instead of C:\ documents and settings\evoboy, meaning that the command worked. You can then proceed with the rest of the uninstall commands.

Try the above and let us know what happens.

lol. Everyone cluster around the Thank You Thread! :mrgreen:

Hmmm... looks like Dani and I are posting at the same time...

How's winter on The Island, Dani?

Thanks are also due to D3m3nt3d and tayspen for their efforts in this forum; they've been picking up a fair amount of slack around here lately.

A big "Thank You" to all of you; we definitely appreciate the help.

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/GroupGrins.gif[/img]

It looks like that second log is from a HJT scan done while Windows was still booted into Safe Mode. As tayspen indicated, HJT should have been run after rebooting Windows into its normal startup mode.
If you did run the scan in Safe Mode, run HJT with Windows booted normally and post that log.

Glad we could help :)

Also- in the future, please use proper grammar and spelling in your posts. This is a technical support forum, so unlike chat rooms and the like, your posts here need to be clear, concise, and easily understood.

Thanks-

1. Click on the "Run..." option under your Start menu.
2. In the resulting "Open:" box, type the following and then hit OK:

CMD

3. In the DOS window that opens, type the following commands (in the order given) one at a time. Hit the Enter key after typing each command, and wait for the command to complete before continuing. You will know that a given command has completed when, after hitting Enter, the screen displays the command prompt (the string of characters ending with a ">") again:

CD %windir%\system32\ThreadMaster

net stop threadmaster

ThreadMast -remove

CD ..

rmdir /S/Q threadmaster

4. Close the DOS window when you are done.

Look under the Advanced tab in the hardware properties of each computer's NIC and make sure that the Link, Duplex, etc. settings are in agreement with the way the NICs should be communicating/negotiating. If the NICs are currently set to auto detect their speed and duplex modes, hard-set those options to the correct settings (100Mbps/Full Duplex, 1Gbps/Half Duplex, etc.)

Please give us more details; the more information we have to work with, the more quickly we'll be able to help you find the solution.
Tell us more about the network environments of the two computers, let us know exactly what you've tried so far, and give us the full and exact details of any errors/problems you've encountered.

The first thing to do when troubleshooting suh a problem is to disable all firewalls entirely. Keep in mind that simply choosing the "disable" or "exit" option from a firewall's menu often does not shut the firewall down all together; you need to deselect the option that causes the firewall to automatically starts when Windows starts up, and then reboot the computer

What is the exact model # of the Linksys router? If you give us that info we can probably give you some specific suggestions.

Hi again, delete your temp internet files. To do this on internet explorer. Then click

Tools>Internet Options>Then click Delete Cookies, and Delete Files.

Right, and when you get to the "Delete Files" window, be sure to put a check in the "Delete all offline content" to make sure that all of your Temp Internet files are deleted.

Then download CCleaner - http://www.ccleaner.com/

And run it.

Good suggestion, and in order to have CCleaner do the most thorough job of deleting unwanted/unneeded content, you need to make changes to a few of CCleaner's default settings.
For example, by default CCleaner will only empty the Temp files in your profile's folders, but not those in other user profiles such as the "LocalService" profile where Norton has found your infected file.

Also- this kind of cleaning is best done when booted into Safe Mode, as many Temp files cannot be deleted when Windows is booted normally, because the files are in use at that point.

1. Boot the computer into Safe Mode.

2. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu; check "Show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types". Close Explorer after that.

3. Open CCleaner.
- Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours"
- Go to Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and …

Let me ask a possibly stupid question:
Regardless of the fact that you're getting the message about the unplugged cable, do the two computers appear to be communicating at all? Can you ping each machine from the other? If the laptop is set for DHCP and the desktop is configured to provide an IP to the laptop, does it?

Sounds like you've got the modem and/or router configured in such a way that modem's configuration "wishes" are being passed through to your LAN.

You should be able to change that behaviour by reconfiguring the two devices; give us the exact make/model of both the modem and the router so that we have some specifics to work with.

Also- have you installed connection-related software from your ISP on the individual computers, or does the ICS/shared gateway configuration just seem to be automagically forced upon the systems by the modem?

"X over" indicates a crossover cable, yes.

Do you get the "cable unplugged" error when you plug the laptop directly into the cable modem, or when the laptop is plugged into any other network device aside from your desktop machine?

Hello,

For $30 to $40, you can get a small ethernet hub / switch...

A hub or switch won't usually do the trick on a Cable or DSL Internet connection, as the ISPs only allow/provide 1 IP address with normal Internet access accounts. You can physically connect more than one computer to the hub/switch, but only the first computer to log on to the Internet will be authorized, receive an IP, and be able to surf; the second computer will be denied access.

A broadband router provides the functionality needed, but they do cost more than a hub or simple switch (a good router runs around $60 USD).

BOOT FILE AMENDED BY A SOFTWARE PROGRAMMER MATE

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
multi(0)disk(1)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition [2]" /fastdetect

Will the ammended file cure the problem?
m.spencer706@btinternet.com

The last line of your mate's boot.ini has one error. It should read:

multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition [2]" /fastdetect

instead of:

multi(0)disk(1)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition [2]" /fastdetect

(For boot.ini paths beginning with the "multi" syntax, "disk()" is always set to 0)

Will the boot.ini modification cure the drive lettering problem? Maybe, but maybe not. What it will do is remove the need for you to go into the BIOS and muck with the drive order each time you boot. This will make it much less likely that the drive order problem will crop up in the future.

Here's whay you should do to try to sort things out:

1. Go into the BIOS setup and verify that the BIOS lists the drives correctly in terms of their Master/Slave assignments on the Primary/Secondary IDE channels. If necessary, check the physical Master/Slave jumpers on the drives themselves.

2. In the BIOS, configure the boot order such that the drive that you want to appear in Windows as "C:" is set as the hard drive from which to boot.

3. Boot into the version of Windows on the "C:" drive.Once the system has booted, verify that Windows is recognizing …

Since you logs have shown no signs of the infection, it would be helpful if you could get more details from the antivirus program, such as what specific malicious components it found, and where (exactly) those components live. Open Symantec and see if there are any files in quarrantine; also look at the scan repost log(s) to see if there is any recorded history concerning the infection;.

Hi Mikaela,

Sorry for the delay; we're a little shorthanded right now. If you still need assistance, please start by doing the following:

Download the (free) HijackThis utility:

Once downloaded, follow these instructions to install and run the program:

Create a folder for HJT outside of any Temp/Temporary folders and move/extract HijackThis to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". Open the log file with Windows Notepad, and cut-n-paste the entire contents of the Notepad file here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Glad we could help :)

Now that we've finished disinfecting the system, you should uninstall Webroot Spysweeper (unless you want to purchase the product, that is); the program will stop working entirely when the trial period expires.
I'd keep ewido installed though. When the trial period for ewido expires, the automatic update and real-time protection features will become disabled, but the main portions of the program will continue to be fully functional. In other words, ewido can still be used to scan and clean your system; you'll just have to remember to update it manually before running scans.

It looks like the detection and removal utilities did their jobs; your log is clean now :)
Does the system appear to you to be infection-free now, or are you still experiencing odd/suspicious behaviour?

You're welcome :)

Were you able to do the online scans? If so, did they turn up anything else?

I apologize that I do not use the site keeping in mind the goals or vision of the web masters of this site...

It's OK- We discussed your usage of the site many months ago and decided that, since you weren't causing any problems or violating any of our guidelines, there was no harm in what you're doing. :)

but still i cannot burn music onto CDs

- Is it only WMP that won't burn? If you have other burning programs installed, try one of those and let us know the result.

- Are you having trouble burning any kind of CD, or is it just audio CDs?

- Have you checked through your burning software's preferences and configuration settings to make sure that the CD burner is correctly recognized and configured?

- What does happen when you try to rip a CD? Give us exact details please.

That's a clean log now; good work! :)

If it's possible to do now, I'd suggest trying to run the online scanners again just to see if they find any "loose ends" that ewido and Spy Sweeper missed.

Hey- welcome D3m3nt3d! Glad to have your help around here :)

lol. I just want to make sure they walk away squeaky clean, T :mgreen:

BTW- thanks for picking up some of the slack around here lately; we definitely appreciate the help! :)

Much better, but not totally clean yet.

A) Disable XP's System Restore function. Instructions for doing so and an explanation of why we're doing it are here.

B) Open your Add/Remove Programs control panel. Uninstall NewDotNet via the control panel if you find it listed there.

C) Run another HJT scan and fix the following entries:

O4 - HKLM\..\Run: [win32095-93429525] C:\WINDOWS\win32095-93429525.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

* Additionally, the files referenced in the following entries, while not necessarilly malicious, do not need to run at Windows startup. Disabling them will not adversely effect their "parent" programs, but it will speed up your boot time slightly and also reduce the load on your system resources (memory and CPU usage):

O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\documents and settings\kevin1\my documents\kev\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

D) As …

And, it's beyond the scope of a forum to provide a complete, bare-metal primer on building one specific network.

Yeah, but it's kinda fun tryin'... :lol:

Ack! That really is quite the nest of nasties you have there :(

Please try to do as much of the following as the state of your computer will allow. If you aren't able to complete all of the procedures, let us know exactly what you were and were not able to do:

A) Open the Services utility in your Administrative Tools control panel.
* Locate the service named "Windows Overlay Components" and double-click on it.
* Click the "Stop" button; once the service is stopped, choose "Disabled" from the "Startup type" drop-down box.
* Click OK to close the service's Properties window, and then exit the Services utility.

B) Visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/active...n_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall60.trendmicro.com/e...orp.asp?id=scan
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Also run this online trojan scanner

TrojanScan

C) You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

> Download and install the following utilities:

CCleaner -

could ya mark the thread as 'solved'

Done :)

quixotic,

Unfortunately, your HJT log still indicates the presence of at least two different infections, and there may be other infections present on you system as well which aren't being reported by HijackThis. Please do the following:

A) Visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/active...n_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall60.trendmicro.com/e...orp.asp?id=scan
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Also run this online trojan scanner

TrojanScan

B) You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

> Download and install the following utilities:

CCleaner - www.ccleaner.com
Webroot Spy Sweeper (14 day free trial) - http://www.webroot.com/shoppingcart...4011&vcode=DT02
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en

- Open Spy Sweeper, click on "Options", and then click on "Update Definitions" under the Program Options tab. Do not run a scan yet; just close the program once the update completes.

- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.

- …

More details would help us.

Was System Restore even enabled?
If so, what exactly does happen when you try to restore to an earlier date?

... and without knowing wat immunizing does to the system i clicked on it...

And so that makes it SpyBot's fault?? :mrgreen:

what's the problem?

Don't sweat it; SuperSam just uses our site as a pass-through for his own malware removal business. :mrgreen:

you look like you are all clean now.

Careful there, T- it wasn't ;)

Nasties:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.imvmuyxoeelgqlcxblajyv.c...TUFBdEfQQ5.html
O4 - HKCU\..\Run: [loveinternet] C:\DOCUME~1\Owner\APPLIC~1\PHONEL~1\Byte Bows.exe
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\ckcfg32.dll (file missing)
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\wvnsta.dll (file missing)

For the WPM 10 error, try the following:

1. There is an issue with corruption of the C:\Windows\System32\wmploc.dll file, which can cause the error you're getting.
You may have a backup of the wmploc.dll file elsewhere on your computer. If so, replace the version of the file in C:\Windows\System32\ with a copy of the backup, reboot, and try the WMP 10 installation again.

2. Run the System File Checker to check for and replace missing or corrupt Windows files which may be causing error. The following article on Microsoft's KnowledgeBase has more details on the proceedure:
http://www.microsoft.com/windows/windowsmedia/knowledgecenter/mediaadvice/0073.mspx

1. This log entry is indicative of an infection; probably a variant of the Look2Me/VX2 family of parasites:
O2 - BHO: (no name) - {FDF30958-2E0E-496C-AE8D-D5F09B4D826E} - C:\WINDOWS\System32\ofek.dll (file missing)
The "(file missing)" may mean that the infected file has already been deleted by an anti-virus/anti-spyware program, but the presence of the entry as a whole could definitely indicate that there are still malicious entities on your system.

2. This log entry is actually a Good Thing; it's a component of Trend Micro's "HouseCall" online virus scanner:
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

-------------------------------------------------------------------------------------------------------------
Let's do some general scanning and cleaning to see what turns up:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

> Download and install the following utilities:

CCleaner - www.ccleaner.com
Webroot Spy Sweeper (14 day free trial) - http://www.webroot.com/shoppingcart...4011&vcode=DT02
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
ewido Anti-malware (14 day free trial) - http://www.ewido.net/en/download/

> Download the free WinsockXPFix utility and save it in a folder of its own. Don't do anything with the program yet; we'll be using it later.

- Open Spy Sweeper, click on "Options", and then click on "Update Definitions" under the Program Options tab. Do not run …

A few possible solutions are discussed in this thread:

http://www.daniweb.com/techtalkforums/thread3539.html

im going paint a picture of a basic network... i don't know how they work or what order...

That's pretty much right. Different devices can be involved in different scenarios, but you've got the basic idea of the general flow and device connection order.

5. there has to be a DHCP server running a network OS (Windows Server 2003) to assign dynamic ip addresses to machines on the LAN

That's usually the case on an internal network, yes.
When you use a DHCP-capable router or have a computer acting as a DHCP server on an internal LAN, the device is usually configured to automatically assign (to computers on the LAN) IPs from one of the "private" ranges of IP addresses. The "WAN-facing" side of the device which connects your internal network to the incoming Internet line is assigned a single "public" IP address, and that single IP address is used for communication to/from the outside world.

More on "private" vs "public" IP addresses can be found in these links:

http://en.wikipedia.org/wiki/Private_IP_address
http://www.duxcw.com/faq/network/privip.htm
http://www.pku.edu.cn/academic/research/computer-center/tc/html/TC0305.html

another question, do printers need an ip address too?

Well, yes... and no. There are basically three types of printing solutions found on networks:

1. Network printers. These are printers have their own built-in network interfces, so yes- they need their own IP addresses just like other discrete devices on the network.

2. Shared printers. These are printers which are connected to the local USB or …

that thread delete button must look mighty tempting eh mods.

Yeah, sure does.
Unfortunately, it's really hard to reach that button when you're bent over the bathroom sink going [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/puke2.gif[/img]at the thought of the topic.

:mrgreen:

Um, folks- this is a 2 1/2 year old thread you've dug up from the grave. WTF?

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/DWThreadLock.jpg[/img]

waits for email! lol

Please read our posting rules regarding requesting and/or offering help via any channels other than the forums. In accordance with those rules, please refrain from offering such assistance here in the future.

Thanks in advance for understanding.

actually I have none at this time...

In that case, what are all of those .zip files in your C:\Documents and Settings\Owner\Complete\ folder? It looks like ewido is flagging evry single one of those files; that's why the log is so massive.

Thanks to limewire

Krikey!!! No joke.

Look, I just have to lay this out here: You've got more pirated software than friggin' China, for god's sake.
What did you expect??

Don't bother posting the rest of the ewido spewage; I think I get the picture. :mrgreen:

There are a couple of things in the HijackThis log that need attention, but we'll have to tackle them tomorrow. It's almost midnight in my end of the world, so I need to log off for the day.

You can try poking around the different preference settings to see if turning off various autoupdate and/or alert related options does the trick. I don't have a version of NIS in front of me right now to experiment with though, so I can't give you any specific pointers.

OK- get the anti-virus installed ASAP, and be sure to let us know if you notice any further problems. :)

The "registry keys box" shown in your screenshot is the Registry Editor utility. The other odd thing I notice in the screenshot you attached is that the computer is not booted into Windows normally, but is booted into Safe Mode instead. Does it always boot into Safe Mode, or did you do that intentionally?

The Ewido is the one that seemstoo large. let me know if there is any other way to send it.

Ewido logs usually fit into a post, but our posts do have a size limit. Paste the first half of the ewido log into one post and paste the second half into a second, consectutive post.

Please post the exact and complete message.