Posts by DMR

Hi brucejackson,

Our forum rules specify that members should not "tag" their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Given that- I've split your post (and Christian's response) into a new thread of its own, which you can find here.

1. Give us more information and history on the problem: when it started happening, whether or not you made any adds/removes/changes to the system at around that time (think carefully about that one), what kind of Internet connection you use, whether or not you have a router in the equation, etc.

2. Have you disabled Zone Alarm entirely or perhaps tried uninstalling it? Having a firewall active while troubleshooting connection issues only adds another layer of possible complications. To make sure that you've entirely disabled ZA, go into the program's options/preferences, turn off the option to automatically start the program when Windows starts, and reboot. Simply choosing to disable the firewall once it has started often does not shut it down completely.

There are no obvious signs of malicious activity (or anything else overtly wrong) in your HijackThis log, although I do have a question about this proxy setting:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.3.96.40:8080

Is that proxy server setting related to/required by your ISP? Since you're going through a proxy, the problem might not be on your end at all.

Also, when you say: " My internet connection is getting blocked", what exactly do you mean by "blocked"? Does your connection just get dropped, or do you really mean that something is blocking it? Do you get any error messages about this? Give us more specific information about that if you can.

Your log is clean, although there are a number of other (non-infection related) reasons for HotMail, MSN, etc. access problems.

To see many of the previously suggested fixes for Hotmail-related access problems, go to to this page, click on the "Search this Forum" button at the top right-hand side of the page, and type the following two words into the search box:

hotmail access

I don't see anything in your log that would cause this problem.

Agreed- Log is clean. :)

Very good; I only see one thing left to fix in your log:

1. Go into your Add/Remove Programs control panel and uninstall WeatherBug if it is listed there.

2. Run HJT again and have it fix:

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)

3. Open Windows Explorer. Locate and delete the following folder entirely:

C:\Program Files\AWS

Will do. Thanks :)

how do i prevent any more infestations on the pc if i go back to kazaa.

That's like asking how you can go back to a poker table but not lose money this time.

There are measures that you can take to minimize the chances that malicious programs will be downloaded and/or installed on your system, as well as measures you can take to minimize damage should those programs actually manage to install themselves. However, none of the methods are foolproof or comprehensive, and the makers of the malicious programs are constantly finding new security holes to exploit and new ways to bypass current protections.

P2P Filesharing networks are some of the most notorious distribution vehicles for malware, and it's getting much harder to find a P2P network that is known to be "clean" of such nasties. Throw in the fact that a large amount of the content shared on P2P networks is copyrighted material, and you've got some pretty good reasons to give filesharing a miss entirely.

1. C:\Windows\System32\svchost.exe is a valid Windows file; if you find files of that name in other locations, they are quite likely malicious.

The "real" svchost program manages a variety of Windows services, so it's normal to see multiple instances of it (running under different usernames) in Task Manager.

2. Can you be more specific about the "Server busy" message, please?

1. Symantec has a recently-updated descripition of the Pynix VX2 infection and a download link to their stand-alone removal utility here. Try the utility and let us know the results.

2. Download Ewido and install it, and then open the program. If you initially receive a warning message saying "Database not found" when you first run the program, just click "OK" for this. Next- in the main screen, click "Update" and click "Start Update". After the update process, exit from Ewido; do not actually have it scan your system yet.

3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the following files:

C:\WINDOWS\INF\banner.inf
C:\WINDOWS\INF\satmat.inf
C:\WINDOWS\satmat.ini

- For every user account listed under C:\Documents and Settings, delete the entire contents of the following folders (but not the folders themselves):

(Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with …

And thank you for the the kind words of appreciation, crazyquilter. :)

As you said, we are all volunteers here, so the warm fuzzy feeling that comes with knowing that we've helped make someone a "Happy Camper" is our pay.

But No Cookie??? ... Monster sad now. Monster LOVE Cookie!!

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/CookieMonster.jpg[/img]

:mrgreen::mrgreen::mrgreen:

It looks like you still have components of the Qoologic infection on your system.

Please Download the following tools to assist us in removing this infection!

• Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"<
  • Extract it somewhere you will remember like the Desktop<
  • Dont do anything with it yet!<

  <

• Download the Track qoo utility I've attached below. Unzip it and save it as you did for WinPFind

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe

• Click "Start Scan"<
• It will scan the entire System, so please be patient!<
• Once the Scan is Complete
  1. Go to the WinPFind folder<
  2. Locate WinPFind.txt<
  3. Place those results in the next post!<

  <

Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!

Hi warrenforty,

1. Your HJT log is clean, and the "transform" errors and " set path" messages you're seeing most likely aren't related to malicious infections:

* The ulead and muveet entries that you see at startup are additions made to your system (and more specifically, probably your autoexec.bat file) by the DVD-related software products made by ULead and Muvee.

Did you previously have a different DVD drive (and associated software) installed, or did the "set path" statements start appearing after trying to install the new software?

* The "transform" error comes from the Windows Installer service that Windows applications use to manage and standardize their installations/uninstallations. Transforms are basically custom instructions/directions are fed to the Installer service to modify its behaviour, and those transform instructions are stored in ".mst" files such as the one referenced in the erro message you posted.

There are a few reasons that the Installer can throw transform errors, but one possibility is a conflict with existing installation/uninstallation information stored in the Installer's database, possibly due to another version of the application you're installing existing (or having previously existed) on your system. If that's true in your case, remove any currently-installed software which might conflict with the installation you're attempting by using the Add/Remove Programs control panel.

If that doesn't clear things up, you can try using Microsoft's Windows Installer Clean Up utility to more thoroughly remove possibly conflicting program information stored in the Installer's …

Hi Ivan,

This particular forum is just an informal place for new members to intruduce themselves, but it isn't a forum where actual computer-related questions are asked and answered.

You should post your question in a new thread in our C/C++ forum so that our programming helpers can offer advice.

In your post in that forum, please try to include as much specific information as possible about the program you are trying to write and the exact problems you are having. Knowing those things will help us get you a solution more quickly.

Thanks.

Hey Crack'n in, welcome! :)

Hi webempress,

First of all- welcome to the site! :)

This particular forum is just a casual place for new members to say "Hi" if they'd like, but not a forum where technical questions are asked and answered.

If you can give us more info on which specific application/project you're having problems with, I'll move your post to the forum in which you'll be most likely to get help with your question.

Hello fizankhan, welcome to the DaniWeb!

Have a browse around, get familiar with our layout, and as always- feel free to ask if you have any questions at all about the site. :)

The member who originally started this thread has found and posted an answer to their particular problem in this other thread they started.

Given that, this thread is redundant and has been closed.

If the member who originally started this thread wishes to have the thread reopened, please send your request, including a link to this thread, to one of our moderators via email or Private Message.

In accordance with our posting rules, other members having similar problems should start their own threads and post their questions there. In order to help us help you most quickly, please include as much information about your problem as possible in your posts.

So what the hell is goin' on?

Crikey!

Yes- I know exactly what's going on:

People are not reading my post directly above yours concerning piggybacking their questions on to a thread started by another member. :eek: :rolleyes:

You're welcome Kim :)

Your latest HijackThis log no longer shows any signs of infections, although I'd do a couple of things for "clean up":

1. Now that you've deleted the vidctrl.exe file, you can go back and delete the entire C:\WINDOWS\system32\vidctrl folder; that folder was created by the infection that put the vidctrl.exe file inside the folder.

2. I'd set Explorer to show hidden files and folders again and do another search of your entire C: drive for the spool32.exe file just to make absolutely sure it's gone. If you do find the file, delete it.

Also- to best protect yourself from further infections, have a look at the suggestions in this link.

remember: "two eyes have two eybrows not one"

OMG- that is great! There's nothing worse than the dreaded UniBrow.

(Well... except for mullet, maybe).

You might be able to place the drive in a freezer, and once cold, then take it out and fire it up, and maybe get a few minutes worth of life out of it. This is a drastic measure though.

But a measure that might work, and also might be the only option once you get "The Click of Death".

The clicking sound is the head actuator going haywire; this can either be caused by faulty electronics in the drive controller circuitry or by mechanical failure/seizure of the actuator. Either way, the freezing method seems to help- if it's a failing electronic component that's causing the problem, putting it in the deep freeze keeps the component from overheating long enough (hopefully) for you to pull the data off the drive. In the case of a mechanical problem, it seems that the physical contraction of the parts caused by the extreme temperature change can free up the moving parts.

Linkage to the thread discussing the "freezer" procedure:

http://www.daniweb.com/techtalkforums/thread9069-drive+freezer.html

- What is the make/model of the laptop?

- If you look in Device Manager, what inforamtion do you see there for the built-in wireless card?

Hi Essence22,

First of all- welcome to our site!

We don't work on technical problems in this particular forum, but I'll move your post to our Troubleshooting Dead Machines forum so that our technical troubleshooters can help you out :)

Hi SunRunner- welcome!

Don't worry about being here to get answers to problems; that's why we're here- to here to help you get those answers. :)

In terms of your question regarding exactly where to post questions, that depends on the nature of the questions. This particular forum is just a place for new members to introduce themselves; we don't work work on problems here.

However, browse the rest of the forums to get a feel for the site and you should be able figure out which forum best fits any particular type of problem. If you ever have any questions about navigating the forums, using our forums features, or the like, feel free to contact one of the moderators or site administrators and we'll help you out.

Welcome to the site, Karen! :)

Have a browse around the forums, get familiar with site, and always feel free to ask if you have any questions about how our particular forums work.

Hi AuctionMan, welcome to DaniWeb! :)

Have a browse around our web design, site building, etc. forums; I'm sure you'll fing lots of helpful info there.

Hi saibaba, welcome to our site! :)

In terms of your laptop screen problem, we don't work on technical problems in this particular forum; it's just a place for new members to say "Hi" and introduce themselves.

If you'd like our help, what you should do is start a new thread in our Monitors, Displays, and Video Cards forum and we'll take it from there. In that post, please try to give us as much specific information about the problem as possible. Info such as the make and model of the laptop, some history on when the problem started, etc. will help us get to bottom of the problem most quickly.

No problem. You've already started a thread for the new problem in the right forum, so all is cool.

Feel free to let us know if anything else crops up; we'll be around. :)

You're welcome. I hope the reinstall holds up. :)

You're welcome. Sorry we couldn't help you get to the bottom of it... :(

Just downloaded a program called Knoppix, ain't tried it as yet but thought I'd give it a go.

That might work; I've used the Knoppix CD to sucessfully rescue data from terribly corrupt Windows drives more than a few times. However, if the drive has low-level electronic or mechanical problems, there's a pretty good chance that no operating system is going to be able to access it. Definitely worth a try though.

Would like to add, this is a really 'friendly' forum, and very useful. Really appreciate the help I've been given...Thanks.

Thank you, santfekuss. Our members really do work pretty hard to help others and make everyone feel welcome here; it's always good to hear that are efforts are appreciated. :)

OK- L2MFix seems to have successfully deleted a lot. More may surface, but let's work on the non-L2M infections indicated in your HijckThis log:

1. Run HJT again and have it fix:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKCU\..\Run: [Arte] C:\Program Files\upls\atnr.exe
O4 - HKCU\..\Run: [Khjq] C:\WINDOWS\system32\W?nSxS\spool32.exe
O23 - Service: CWShredder Service - Unknown owner - C:\DOCUME~1\Candy\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CP2RG5UJ\cwshredder[1].exe (file missing)

2. Reboot into Safe Mode again and:

* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

* Locate and delete the following folder entirely:

C:\Program Files\upls

* Locate and delete the following files:

C:\WINDOWS\system32\vidctrl\vidctrl.exe
C:\WINDOWS\system32\W?nSxS\spool32.exe

* Look in these folders and give us the names of any other files (apart from those you just deleted above) which might be present in them:

C:\WINDOWS\system32\vidctrl
C:\WINDOWS\system32\W?nSxS

* Empty your Recycle Bin and reboot normally.

3. Run HijackThis again and post a new log.

Given everything you've described and tried, it sounds like the drive's electronics have failed. :(

However, you never said what the specific problem was that caused you to take the drive out of your friends computer in the first place. Was it originally doing the same sorts of things in his computer?

To all members who have posted their own questions on top of the question first asked by the member who originally started this thread:

In accordance with our posting rules, we ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own threads and post your questions there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

Hi jeepn_sigep,

First of all- welcome to TechTalk! :)

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

Thanks for the follow-up, Chris. I appreciate it. :)

im not sure what you mean by poor grounding

More specifically, I guess I should have said shielding. Speakers themselves are prone to Radio Frequency Interference (RFI) and Electromagnetic Interference (EMI), and as I said before, the wiring can act as antennas which pick up stray signals and dump them into the speaker/amplifier circuitry.
Manufacturers of some higher-end sound systems minimize this interference by building metallic shielding into the speaker cabinets, which blocks the interfence. They also tend to use higher-quality cables which have an inner layer of grounded shielding surrounding the actual signal wires. Unfortunatley, many computer-grade speaker systems don't have such protections buit into them.

not that it may be to do with the wireless transmitor for mouse-keyboard?

That's possible, but I don't think it's as likely as what I described above. However, that should be easy enough to find out: remove the wireless transmitter from the vicinity of the computer and speakers for a few nights and see if you still pick up signal or not.

... seamingly random although thinking about it its usually late at night... which makes me guess and i stress guess shortwave

That's actually quite possible. Certain frequencies of radio waves are reflected by the Earth's ionosphere, and night-time changes in the ionosphere can cause those waves to be reflected great distances away from their original point of transmission. What happens is that (usually due to poor grounding) speakers and their wiring act lile an antenna, picking up those stray radio signals.

You can try to minimize the interference by readjusting the placement of the speakers or rerouting the wiring a different way, or you could just pull the plug on the speakers when you're not using them.

If you can't physically install the drive in the computer, then yes- an external enclosure is certainly an option.

From what you've described, it does sound like a hardware problem, but the exact culprit could obviously be difficult to pinpoint.

Even stranger, is that everything works fine for about 45 minutes to an hour and a half, then the freezes happen

That may indicate that heat has something to do with the problem. Failing electronic components often don't shows signs of their failure until they've been "cooking" for a bit. It could also be a sign that the CPU's heatsink isn't firmly seated on the processor, or that the thermal-transfer compound between the CPU and the heatsink has dried up and needs to be replaced.

along with the BIOS warning beeps

Is there a pattern to those beeps? If so, tell us what that pattern is; knowing the exact beep codes could help isolate the problem.

What's the exact make/model of the router?

but i AM the Admin!! it's really weird!

It is weird, and although I've heard of it happening before (and not just with MSN), I honestly don't remember ever running across an explanation or a fix. :(

Hi crazyquilter,

I'm glad swatkat could help you get things cleaned up. Please do send him some cookies if you can though- with all of the volunteer work he does helping people, I'm sure he forgets to eat once in a while. :mrgreen:

As you've indicated that your most recent scans show you system to be clean, I'm going to mark this one as "Solved". If the problems do return though, please let us know.

Glad we could help, and I'm glad the 'puter seems better now :)

Hopefully, the problems won't return, but if they do- just let us know.

In terms of your friend's ME system; good luck with that.
Although- ME being the clunky beast that is was to begin with, combined with the fact that ME is an "end of life" operating system, you might want to try installing your friend's hard drive as a slave/secondary drive in another (and healthy, obviously) computer just to rescue any data that he/she might want to save. Once done, wipe (totally reformat) the original drive after that and install a more current version of Windows.

Well- I obviously can't say why things "automagically" started working again, but I'm glad they did. :)

Hopefully the problem won't return, but if it does, let us know.

1.

... it's like whatever is going on with the computer is morphing into various nuisances.

Unfortunately, you're right- many of these nasties have the ability to morph/mutate in order to make their detection and removal more difficult, and your HJT logs show indications of just such activity.

2. On the good side, your ewido log has revealed a bit. For one thing, it tells us that the MHC71ENU.DLL and RROCURS.DLL files that your Event Viewer errors mentioned are components of a variant of the Look2Me VX2 parasite. The ewido log also indicates the presence of components of the rather evil Qoologic infection. :(

3. I need to take care of a few administrative things on the forums before I log off for the night, but I'll pass a request for a follow-up here to one of our other troubleshooter who should be coming online shortly.

Due to the fact that the member who originally started this thread has not responded in quite a long time, this thread is considered abandoned and has been closed.

In accordance with our posting rules, other members having similar problems should start their own threads and post their questions there. In order to help us help you most quickly, please include as much information about your problem as possible in your posts.

If the member who originally started this thread wishes to have the thread reopened, please send your request, including a link to this thread, to one of our moderators via email or Private Message.

Thank you.

Hi StormChaser,

Please read my above reponse to jn2004's post regarding our rules on members "tagging" their own/new questions on to a thread started by another member.