Posts by DMR

I couldn't get back on here sooner...

No problem. I'm sure one of us will be around when you get a chance to repost. :)

Hi steven_whiten,

While we definitely do appreciate help from new members, please check the dates on threads before you post a reply to them. This particular thread has been dormant for almost 1 year (meaning that the original thread-starter has not responded in that time)., and it just adds confusion to the forums in general when a member "wakes up" such a thread.

I'm closing this thread now, as it has obviously been "abandoned" by the member who originally started the thread.

hi again i have a question....above you said

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

how do you get to folder options. Do you go to tools then internet options then something else?

It sounds like you opened Internet Explorer (the web browser) instead of Windows Explorer (the program that let's you browse My Computer, My Network Places, etc.).

If you have a keyboard which has the Windows key (the key will have the "flag-like" Windows logo on it), hold that key and simultaneously hit the "E" key to bing up Explorer. Alternatively- under your Start menu button, navigate to Programs->Accessories and cick on "Windows Explorer".

Within Windows Explorer you should find the menu options I mentioned.

Unless you want a fancy-pants infared keyboard you can buy one for under 20 bucks...

Well under $20 at this point in time. Finding one is though, as you sad, the trick.

Sorry about that Dave. Guess you weren't following the thread in the Community Helpers forum, eh? ;)

Erm, sorry Dani... no. :o

Guess I was too busy responding to unanswered threads, splitting/merging threads, chowing down HJT logs, and all those other fun things that I do around here.

Crikey. I will say that riding shotgun over this site is getting a might harder as it gets larger and more popular. We're obviously doing something right here, but I'm gonna have to resort to guzzling cases of Red Bull's or something just to keep up with the traffic, especially if you let Chris have another vacation any time soon....

:mrgreen: :mrgreen:

Believe it or not, we are making progress here. Crunchie should be around shortly, so I'd like to leave most of the followup of this in his hands for the moment (which I'm sure will thrill him no end, given that he's just returned from vacation).

However, please do the following things in the mean time; they might help:

1. To remove the "crazywinnings" entries:

- First, remove the site from your Trusted Zone:
Start Internet Explorer, click Internet Options on the Tools menu, and then click the Security tab. Click Trusted Sites, and then click Sites. Click the "crazywinnings" site, and then click Remove.

- Click on the "Run..." option under your Start menu, type "regedit" (omit the quotes) in the resulting "Open:" window, and hit OK. This will open the Registry Editor program.

- In the editor, press F3 to bring up the Find window, type crazywinnings in the find box, and hit enter. There may be more than one "crazywinnings" entry, so you need to keep repeating the find until you get the message "finished searching through the registry". Delete all instances of "crazywinnings" entries you find.

Do not delete or modify anything else in the registry!!!

2. Disable XP's System Restore feature. Instructions on how do so (and an explanation of why you should do so) can be found here.

3. Download and run HSRemove.

4. …

Since you said that you have no experience with Macs, you should keep something in mind: there will be a learning curve involved in migrating to the Mac.

The Mac and Windows operating systems (as well as the underlying Mac and PC hardware technologies) are entirely different beasts. Macs have different disk/file/folder structures (you won't even find a "C:" drive on a Mac), a different visual presentation, different keyboard shortcuts keys, and many other things that will be foreign to a user who is only used to Windows.

Not that it's that hard to wrap your head around, but it will take some time to get used to.

Well, we're going to find which is the real HJT very shortly. :mrgreen:

1. C:\Program Files\Internet Explorer\iexplore.exe

The log entry above indicates that you had at least 1 instance of Internet Explorer running when you ran HijackThis.
Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.

2. Once you've closed all browsers, have HJT fix:

R3 - Default URLSearchHook is missing
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 amazon.com
O1 - Hosts: 69.50.173.4 www.amazon.com
O1 - Hosts: 69.50.173.4 aol.com
O1 - Hosts: 69.50.173.4 www.aol.com
O1 - Hosts: 69.50.173.4 earthlink.net
O1 - Hosts: 69.50.173.4 www.earthlink.net
O1 - Hosts: 69.50.173.4 ebay.com
O1 - Hosts: 69.50.173.4 www.ebay.com
O1 - Hosts: 69.50.173.4 go.com
O1 - Hosts: 69.50.173.4 www.go.com
O1 - Hosts: 69.50.173.4 icq.com
O1 - Hosts: 69.50.173.4 www.icq.com
O1 - Hosts: 69.50.173.4 lycos.com
O2 - BHO: (no name) - {41DC3875-C043-0DC7-D275-11550FAA2466} - C:\WINDOWS\System32\qnjjo.dll (file missing)

I just couldn't resist holding back any longer. So I think I may have released it a tad early

lol.

Um, well... yeah, a little bit of a "heads-up" would have been nice; the changes got applied in between the time I had read a post and then had a chance to compose and submit my reply. Once the reply went through and the page refreshed, I thought I'd been sucked through a wormhole into some weird alternate DaniWeb universe!

Familiar strangely yes were things, yet the same exactly find them not did I....

:mrgreen:

Thanks for the L2M log; it (unfortunately) shows a lot of "nasties". We're going to run L2mFix again, but this time we'll actually have it performs its fixes:

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

1. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else. Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.

2. Remove the MyWay/MyBar and WeatherBug programs via your Add/Remove Programs control panel; both programs are parasites.

3. Once you've moved HJT into a folder such as I specified above, run it again and have it fix:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - (no file)
O2 - BHO: (no name) - {4FF56F7F-C145-509C-DE02-65550DD82014} - C:\WINDOWS\System32\puk.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKCU\..\Run: [Idue] C:\Documents and Settings\Administrator\Application Data\umbs.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
…

Welcome.

I wasn't able to get to spywarewarrior earlier (connection refused) to check the rogue/suspect list, but I just went there now and found no listing for Ad Annihilator, so I guess that's a Good Thing.

PC133 will run in your computer, but it will only run at PC100 speeds. So basically your paying more for nothing.

Right. PC133 is backward-compatible with PC100, but it acheives that compatibility by slowing down to PC100 speed.

Some additional info about your setup would help. How you connect, physical setup, router, etc.

Yes- having that information will allow us to give you more specific and accurate suggestions.

Open your Administrative Tools control panel and fire up the Services utility. That will let you view and modify your installed services.

Also take a look at the logs in the Event Viewer; they might give you more information on the error you're getting.

If Compaq can give you the magic keystrokes to modify the installation process, then yes, going through it with them again sounds like the thing to do.

1. You are running a slightly older version of HijackThis. The current version is 1.99.1; please download that version from the link in my sig below and use it from now on.

2. You've got signs of infections by a couple of the more persistent nasties that are making the rounds. Before posting a log from the new version of HJT, please run the following free detection and removal programs.

You should temporarilly disable your McAfee program(s) before performing these scans to avoid any possible conflicts:

- KAV and Microsoft AntiSpyware; step-by-step instructions for using both can be found here. Follow the instructions exactly.

- http://housecall.trendmicro.com/

- http://www.ravantivirus.com/scan/

- http://www.bitdefender.com/scan/licence.php

3. When you've completed the above scans:

- Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):

Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is …

If you're using Windows 2000 or XP, you may be able to repair the system by using the Recovery Console available on the installation CD. More info on that can be found in the links in this Google search:

http://www.google.com/search?hl=en&lr=&q=%22recovery+console%22+windows+repair&btnG=Search

I'd rule out the possibility of virus/spyware infections first. Have a look through the threads in our Viruses, Spyware, and other Nasties forum for suggestions and directions on some of the procedures you can follow determine if malicious programs are part of the problem.

Just a guess, but it could have something to do with the particular model of keyboard you have; it isn't as though USB keyboards in general don't work through a PS/2 converter.

Why not just buy a PS/2 keyboard? They're dirt-cheap.

Do the COM ports show up correctly in your BIOS' setup?

To start from scratch, you will need a valid copy of an XP install CD. There's not much way around that, and to be honest with you, our forum rules do not allow us to help people who are not using a valid version of Windows.

You would make sure that your BIOS is set to try to boot from CD before it attempts to boot from the hard drive, insert the XP install CD, and choose to do a full/fresh installation. That will reformat your drive, erasing everything you currently have on it.

sysprep is a utility used to automate the Windows installation process in a pre-determined way, which is useful when you need to set up a number of identically-configured computers. It appears that's what Compaq is using on your restore CD.

Sysprep has a wide range of capabilities and options, but depending on how Compaq chose to program/configure sysprep on your particular recovery disk, it may or may not do things like automatically load bundled software applications. In your case it sounds like you'll have to reinstall the applications manually.

It also might not have configured all of your hardware/drivers correctly; I'd have a look through Device Manager to make sure all of your hardware components are correctly identified and report themselves to be working properly.

alright i did what you told me to, but in the hijack this, theres a lot more junk than the last time i did it... should i browse the web as we attempt to fix my computer?

The type of infection that you have is of the sort which can morph and/or multiply. Ideally, you should disconnect from the Internet entirely (unless otherwise instructed) until we can get you cleaned up. Also note that the names of the infected files can change randomly after a reboot, so it's also best not to reboot (again- unless instructed) in the middle of the disinfection processes.

... when you get the ADSL kit, many times they give you both types of cables to make certain every contingency can be met by the installer.

True; good point.

i see Red, Red, Blue, Green, Green, Red wires in that order, from left to right...

That only adds up to 6 wires; CAT3/CAT5 data cabling contains 8 wires in it, and the RJ-45 connectors have 8 contacts/conductors. If you've only got a 6-wire, 6-conductor cable, it's not the right kind of cable.

I cannot see any brown wires... There are no orange or stripey wires either, like on the ones shown.

The color-codes for the 8 wires are also standard. If the wires in your cable(s) don't follow that color-coding, I'd again say the you don't have the right cable.

Yeah- I'm worried about the effect your whole R&R thing may have had on you; it isn't like you to miss like that. :p

And I would not be a true Penguin if I didnt say... Knoppix Rules... Others Droolz

lol. See- Distro War flame; what'd I tell ya'?

When you have hardware blessed by the almight God of Fruit...

What? Steve Jobs is a fruit? Well I'll be... you learn something new every day.

:mrgreen:

One thing I would like to mention to the readers out there... don't play with partition toys such as Partition Magic. That software works the drive over, and it would be very easy to corrupt your disk so that it turns useless.

Indeed. They don't call it Partition Tragic without reason; many users have had problems because they've prepped a drive with PM instead of just using the partitioning tools built in to a distro's installation routine. I don't believe this is as much of an issue with newer versions of PM, but I too prefer to use the Linux-native partitioning utilities when prepping drives.

Hey Chris,

Those are components of yet another ad blocking, etc. program called Ad Annihilator. I don't know how good it actually is, but from what I've read it's at least legit.

What exact error message do you get when you try to search?

You might want to post one (hopefully final) HijackThis log for us to review just to be on the safe side.

1. You need to remove the Media Access program; it's part of a new variant of the windupdates infection. Do so through your Add/Remove Programs control panel if possible.

2. Have HJT fix:
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe

3. Delete the entire C:\Program Files\Media Access folder and the C:\WINDOWS\system32\gah95on6.exe file, and then empty your trash.

4. Can you give us more specific information on what SpyBot reports about the admilli infection? It's a known nasty.

Does the computer restart itself even when booted into Safe Mode?

By the way- you're running a pretty ancient version (1.97.7) of HijackThis. You should get the latest version (1.99.1) from the link in my sig below and use that instead.

Thanks for the reply.
OK I found the temp files but I copuld only find them on disk D and the folder was empty anyway.

There's more than one Temp/Temporary folder on XP systems, as dlh6213 pointed out in one of his previous posts; you should make sure to empty the contents of all such folders he mentioned.
In terms of the question of things being on the D: drive, you log does seem to indicate that the installation of Windows you're booted into is indeed on that drive. Can you give us a little more info on your system's layout in that regard?

I di d notice a whole bunch of hidden files named FOUND.000 throught to FOUND.016 on disk D I'm not sure if these are normal.

Those are created by the disk/file checking program that Windows runs after it recovers from serious crashes; the files contain "rescued" data from some of your programs and/or files that got corrupted during the crashes. Keep them around for now, because they may contain data that you might need to restore; they can be deleted later if you determine that none of your critical data was damaged by the crashes.

This other weird thing called Spooler logs keeps reappearing on my disk d too I don't know what it is it looks like a styl;e sheet it's in HTML anyway.

Spool or spooler references are usually related to printing, and would be automatically generated if that's …

OK- I know it's probably a hassle, but please do that. The newer version scans more areas of your system, so it will give us a better idea of where all of the "nasties" are hiding.

Sorry, but your latest log still shows HJT running from within a temp folder:

"C:\Documents and Settings\Du$tin\Local Settings\Temporary Internet Files\Content.IE5\WLMRK9EV\hijackthis[1]\HijackThis.exe"

I'm not sure what you're doing wrong, but you've got to get HJT into its own separate folder before we continue, because we're going to delete the entire contents of all of your Temp/Temporary/Temporary Internet Files folders in the course of this troubleshoot.

The one thing I have noticed in all that I have read on the subject so far (just a trifle actually), is that the vast majority of *nix users don´t stick with one distro. They all seem to try, not two or three, but five, six and seven different ones. And each one has his own opinion and reason for using one.

I´m sort of amazed at this...

Amazed? That's understandable; I think most people who live primarilly in the Windows World would have the same take on the situation. What usually happens with serious *NIX users though is that they will try many different distros to start with, will perhaps even use multiple distros for a long time, but will eventually decide on a single distro that fits them best. At that point, it isn't uncommon for them to become strangely religious about their choice; an almost evangelical thing which invarialbly leads to what are commomnly known as Distro Wars. These are not pretty; if you've ever run across those "evangelical" types of Mac users, you've only seen the tip of the iceberg I'm talking about. Put a die-hard Slackware user and a Mac zealot in the ring together and you'll see what I mean; just be sure to put your money on the Slacker! :mrgreen:

The basic thing is that *NIX variants, and Linux in particular, offer so many choices, and that isn't something Win users are very accustomed to.

- How do you want your …

Ok, it looks like my thread merged worked, but unfortunately the log you posted indicates that you used/ran a rather outdated version (1.98.2) of HijackThis.

I'm sorry to have to put you through this again, but you need to get the most current version (1.99.1) of HijackThis and post the log that version generates.

Hang in there. It looks like you posted your log in a new thread; let me find that post and merge it in to this one.

And thank you for the follow-up info, sidhis.

I'll mark this one as solved now...

Yes, but we who are short on this type of knowledge, bow to your wisdom and have been patiently awaiting your words of encryption...:rolleyes:

Oh, the demands.. if only I were paid for this. :mrgreen:

You're going to have to hang tight here- I do have a full-time, real-life computer support companty to run after all, and that's what pays the rent.

The good news is that I've already started to compose the rest of what you're asking for, but it's rather in-depth, so to get it all condensed into something less than a 4-post response will take some effort.

but used to be a unix programmer...

With a UNIX background, you shouldn't have much problem at all in a Linux or BSD environment. Although there are obviously some differences between all of the *NIX variants, I think you'll find most of the commands, file structures, programming tools, shells (sh, bash, csh, tcsh, etc.) available in BSD and/or Linux to be familiar.

Given that hard drives are so cheap, I have more than one option, although it would be nice if I could put three of them into one computer, which I don't believe you can do, at least with windows.

Sure you can. Windows has nothing to do with how many drives you can have in a system; that's a function of the 'puter itself. Even if you run out of available IDE/SATA drive connections on the motherboard, you can always add PCI drive controller/expansion cards to give to you more room for growth. The only limits there are essentially the physical space in the computer's chassis and the size (wattage-wise) of the power supply.

Heck- one of the computers on my network (a lowly P-III 500 even) is multi-booting 6 operating systems: Win 98, 2000, and XP Pro, as well as two versions of Red Hat and one verison of Mandrake. Three drives, 24 partitions total, all co-existing happy as clams.

What you said about the fact that drives are pretty cheap now is true though, and given that, I'd suggest adding more drives as …

The cable i'm using to connect the PC's together is; YFC UTP CAT.5E PATCH 150/IEC 11801 & EN 50173 & TIA/EIA 568B.2 3P VERIFIED FOR GIGABYTE ETHERNET-24AWG x 4P TYPE CM (UL) C (UL) CMHE161469...

I cannot peel any wires back (ref to einstein's description of crossover & ethernet cables). Still not sure if it's a crossover cable. I've posted everything from the box it came in & everything that's written on the cable itself. I cannot see any red wires & to peel back the ends would mean the cable would be then damaged....

I've been to 3 different shops & have bought the same cable 3 times & have tried them all.

Unless the packaging of the cable you bought specifically stated that it is a crossover cable, it is not. The information stamped on the cable itself will be of no use here, because the actual wire that's used to make straight-through and crossover cable is the same; the only difference between the two types of cable assemblies is order in which the individual wires in the cable are inserted into the RJ-45 connectors at each end.
Just because you told someone at a shop what you wanted to use the patch cable for does not mean that they sold you a crossover cable. Many supposed computer techs and/or salespeople simply do not know what a crossover cable really is or why/when you need one.

As already stated, you don't have to alter/mangle/destroy the cable …

Have you tried the simple way? Depending on the package, you may just be able to do:

make uninstall

i have an IBM thinkpad laptop running WinXP pro. when i go to defrag the hard drive it shows that the file system is FAT 32. i though that Winxp used the other format of NTFS 5. if this is the case how on earth do i convert it.

XP can be installed on a FAT32 partition, but NTFS is prefered, basically due to the fact that it's more robust, efficient, and has greater networking and security related features.

It would be strange for someone to choose to do a fresh/full install of XP Pro onto a FAT partition, but it's certainly possible to do. Another way you could end up with XP on a FAT partition is if you upgraded an existing 95/98/ME installation to XP.

Even if you don't have your original setup disks, you can still convert from FAT/FAT32 to NTFS using XP's built-in "convert" utility. A bit more info on the process can be found here:
http://aumha.org/win5/a/ntfscvt.php

The convert process should leave your data intact, but it's definitely a good idea to do a backup before attempting the conversion.

so how could i put two file systems on the same hard drive without any conflicts or problems.

As Christian said, filesystems are specific to partitions, not drives. Given that, the way to have more than one filesystem on a drive is to partition/repartition the drive into multiple partitions; you can then format each individual partition with whatever filesystem you want.

Most Windoze users only have one partition which occupies the entire drive, so they tend to think of "drive" and "partition" as the same thing, and rarely have to delve into the concept of partitions at all. On the other hand, users of Linux, UNIX, BSD, etc. are usually pretty familiar with the concept of multiple partitions ("slices", in BSD terminology), because those operating systems often consist of at least two partitions. *NIX users are also much more likely to have more than one operating system installed on a single drive, because many of them also use some version of Windows.

I agree on not going backwards to fat32. but that is the file system on the unix/linux distros, no?

FAT, FAT32, and NTFS are Microsoft filesystem formats; the most common Linux filesystems are ext3, ext2, and ReiserFS; none of which Windows operating systems can natively understand. Linux does have full native read and write support for FAT/FAT32 though, which makes FAT32 a good format for any partition that contains data that you might want to share between Linux and Windows.

For a dual-boot Win/Linux system where …

The Temp folders are definitely there, and the instructions dlh6213 posted are pretty specific, so you must be missing something.

Are you able to see the D:\Documents and Settings\Mr.Alvandi\Local Settings folder, or is that not even visible?

C:\Documents and Settings\Du$tin\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

The log entry above indicates that you are still running HJT from within a Temp/Temporary folder. Please do the following:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.

1. C:\Documents and Settings\tt\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.

2. C:\Program Files\Internet Explorer\IEXPLORE.EXE

The log entry above indicates that you had at least 1 instance of Internet Explorer running when you ran HijackThis.
Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.

3. Download, unzip to your desktop about:Buster and run it, then:

1. Click "Update".
2. Click "Check For Update"

(If no new version is available, skip to step #4.)

3. Click "Download Update", and wait for it to be installed.
4. Click "Start".

(Wait for the initial ADS scan to complete.)

5. Click "Yes", to shutdown any …