Posts by DMR

Considering that a CMOS reset seemed to have cleared up the problem at least for a while, the fault could definitely be on the motherboard itself.

1. Go through each of the steps in my last post, and post as much of a detailed answer to each suggestion as possible.

2. Give us the make/model/appoximate age of the computer.

3. You might have a faulty RAM module. If you have more than one stick of RAM installed, try running the system with only one of them installed at a time; see if the symptoms change depending on which particular RAM module is being used.

4. Replace the CMOS/BIOS battery on the motherboard. It probably won't fix the problem, but the batteries only cost 2 or 3 dollars, so it certainly can't hurt.

Hmm...

Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for entries flagged with "Error" or "Warning", especially those whose time-stamps coincide with the occurence of the reboots, or which otherwise look like they might relate to the problem. Double-clicking on such an entry will open a properties window with more detailed information on the error; post the details from a representative sample of some of the different error messages (please don't post duplicates of a given entry, or flood us with the entire contents of the logs).

To post the details:
In the Properties window of a given entry, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard. You can then paste the details into your next post here.

Sorry, I stumbled a bit late over this thread:
I speak german. (Argh...I've blown my cover...:mrgreen:)

And we're oh-so-glad you did. :D
If you can shed any licht on the subject, it would be much appreciated.

D-oh!
So you've got it sorted now, yes?

P.S. two lovely-ish Glasgow wenches en route on one of Glasgows finest rubber dingy`s!! Should be with you in about 3 weeks.

Hmm... the "3 weeks" part I can deal with, but the "ish" bit in "lovely-ish" has me a bit worried.... :mrgreen:

There is a yellow exclamation mark beside VAXSCSI Controller. Im not sure if this is relevent?

That will be a different issue, but double-click on the SCSI controller's entry to bring up its Properties window and note the information listed in the "Device Status" section of the General properties tab.

For that matter, do the same for the Intel(R)PRO/100 Network Connection entry. The Device Status should say: "This device is working properly"; If it says something else, post that info.

More baseline info gathering:

* Click on the "Run..." option in your Start menu.
* In the "Open:" box of the resulting window, type "cmd" (omit the quotes) and hit Enter. This will bring up a DOS window.
* At the DOS prompt, type the following command and then hit Enter. You won't see any result from the command, but when it completes, a second prompt with a flashing cursor will be displayed; close the DOS box once that happens:
ipconfig /all >"%userprofile%"\desktop\ipconfig.txt

The above command will have created a text file on you desktop named ipconfig.txt; double-click on the file to open it in Notepad, and then cut-n-paste the file's contents in your next post here. The contents of …

End note: the NProtect folder is indeed a Norton component; specifically, it's the folder where the Norton Protected Recycle Bin feature stores items you delete.

I think her name was Laura...

:eek: :eek: :mrgreen:

If you really don't want anyone else logging on to the system, set a BIOS password- users would have to enter the BIOS password in order to even get the system to boot. BIOS passwords have to be enabled through your computer's BIOS setup utility, which you get to by pressing a certain access key just as the system starts to boot up (that is, well before you even see the Windows startup splashscreen). The common BIOS access keys are F1, F2, Del, and Esc.

Main problem DMR is "network adapter error" when i try to re-install the CD(before that "page cannot be found"). Does this make sense to you mate?

Yeah; I think so. Do the following:

* Right-click on the My Computer icon on your desktop and choose Properties from the resulting context menu.
* In the Properties window, click on the Hardware tab.
* In the Hardware tab, click on the Device Manager button.
* Under the Network Adapters heading, note the exact name of your network device. Also note whether or not it is marked with a Red "X" or a Yellow exclamation point. Post that info in your next reply.
* Double-click on that device entry and post the information listed in the General tab of the device's Properties window.
* In addition to the above information, please attach two lovely Glaswegian wenches.

sTyLe,

Your HijackThis log also indicates that you are running two antivirus programs (McAfee and AVG) at the same time. That is definitely not recommended, as multipe AV programs can interfere with each other and cause conflicts and instabilities. (Note that running multiple antispyware programs is a different story- those types of utilities can coexist peacefully.

Please uninstall one or the other of the AV programs, and follow Xpenetrator's advice about moving HijackThis.exe, before we continue.
In terms of unzipping the hijackthis file to a new folder, please do the following:

* Create a new folder for HijackThis outside of any Temp/Temporary folders. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
* Right-click on the HijackThis.zip folder you downloaded and choose the "Extract all..." option from the resulting drop-down menu. This will start Windows' Folder Extraction Wizard. Click the "Next" button to start the wizard.
* In the next window, click on the "Browse" button. In the destination selection box, navigate to the new folder you created for HJT, hilight it, and click "OK".
* Click "Next", and then click "Finished"; a window dispaying the newly-extracted hijackthis.exe file should open.
* Double-click on the hijackthis.exe file to verify that the program works.

"Piggybacked" post, and Xpenetrator's perceptive response, split into a new thread.

Unfortunately, without an English version of the manual, I'm kind of stuck. Every router's built-in configuration utility uses slightly different terminology, layouts, etc., so I can't really point you to anything specific because I can't read that particular router's documentation.

I've got to go to work right now, but I'll see if I can turn up anything more when I get back home this evening.

And thank you for the update. :)

OK, keep us posted....

You can buy clean log for 1.5 pie!

or cash equivalent. :D

Gotta love Weebl 'n Bob; it's all about the PIE!

I think its fair to say you are a genius DMR as the Adware.spyheal appears to be no more:D .

lol. I don't know about the "genius" part, but I'm glad I was able to help. Good work on your part as well- this went a bit "above and beyond" the usual spyware cleaning procedures. :)

As for the network problem, let's start with the baseline stuff. Please post as many details on the problem as possible: problem history, exact symptoms (error messages, browser behaviours, etc.), details of any troubleshooting steps you've tried so far, and any other info that might be helpful.

It says no drive found

Ugh... if that's the case, you should install it in the other computer and see if that computer can acesss it.

Let's kill the SpyHeal entries first. Please do the following:

* Download SpyHealRegRemove.zip and save it to your desktop or another convenient folder.

* Right-click on the file and choose "Extract All..." from the drop-down menu.

* Follow the file-extraction wizards prompts to unzip the SpyHealRegRemove.bat script file.

* Double-click on SpyHealRegRemove.bat and follow the prompts to run the script. Your computer will automatically reboot when the script completes.

* Once the computer has rebooted, run ewido again, and post the new log.

The log shows no suspects. Can you give us the full and exact text of the rundll error message, please?

Also- Digi's tech support is pretty good at answering their phones; have you given them a shout yet? (A quick search of the DUC didn't yield anything useful)

What a bunch of idiots!! (But they have been the last 5 yrs or so....)

That would be: "the last 35 years or so..." :mrgreen:

1. Windows automatically flushes out older entries in the Prefetch folder; this may be what happened to the "au.exe" file. By the way: that particular version of au.exe was most probably not the malicious program that goes by that filename.

2. The folowing entries in your latest log are new entries, and they are also almost certainly malicious.
C:\WINDOWS\rundll.exe
O23 - Service: rundll.exe - Unknown owner - C:\WINDOWS\rundll.exe

Please do the following:

* Open the Services utility in your Administrative Tools control panel.
- In the list of services, locate the service named rundll.exe and double-click on it.
- In the General tab of the Properties window that opens, click the Stop button.
- Once the service is stopped, choose Disabled in the Startup Type drop-down menu and then click OK.
- Close the Services utility.

* Install and run the Pocket Killbox utility.

*Select the "Delete on Reboot" option.
*Select "Single File"
*Copy the filename in bold below to the clipboard by highlighting it and pressing Control-C:

C:\WINDOWS\rundll.exe

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If the computer doesn't restart, just restart manually.

3. Once the computer reboots, run HJT and post the new log.

Could you be more specific …

Hi xr1000, welcome to DaniWeb :)

* I don't see anything amiss in your HJT log.

* What exact error(s) do you get from IE?

* What happens when you try to reach a site by IP address as opposed to URL?
Paste the following into IE's Address bar and see if it takes you to Google:
http://66.102.7.99

* Download and run the free IEFix utility.

.

Your log is clean. :)

In terms of the programs you mentioned:

* The McAfee components should all be left as they are.
* You don't need the Adobe "acrotray.exe" component running, but you'll probably want to leave the Acrobat BHOs installed, as they provide the ability to read .pdf documents from within Internet Explorer.

Hi Dani,

I'm sure you know much more about the marketing end of this than I do, but a few randon thoughts do pop in to my brain:

1. I'd think thatat least a small portion of the disparity you're seeing is attributable to the fact we now have a much larger database of resolved issues and useful suggestions. In other words, there's less reason to post new questions, because our archive already contains so many solutions.

2. Do you have a way of looking at what members do/where they go right after they register or log in; something akin to the info you get when you click the "Currently Active Users" link? Being able to analyze what makes people peek there heads in here in the first place might give you some clues as to why (if) members are getting what they want from their visits, and how they do so without leaving any "fingerprints".

3. Just out of curiousity: who makes up the bulk of the population of active, posting members during any given block of months? That is- is our post rate during any given sampled time-block sustained primarilly by a group of long-term members who have consistenly posted at a fairly even rate (members like myself), or is there a "turn-over" pattern where the collective posting rate of "older" members decreases in a nearly inverse proportion to the increased posting activity of newer members?

Also- you had posted a duplicate of this question in the Troubleshooting Dead Machines forum, which I've deleted in accordance with one of the stipulations in our posting rules:

"Do not flood the forum by posting the same question more than once (ie in multiple forums)"

.

Hi Barker, welcome to DaniWeb :)

It also doesnt matter what type of CD it is as long as it is to install something.

What happens when you insert a disk which is not an installation disk (a music CD, for example)?

So all is back to normal then?

* Download the XP .exe Registry fix file by right-clicking on xp_exe_fix.reg and choosing "Save link as..." or "Save target as..." from the resulting pop-up menu.

* Save the file to your desktop.

* Double-click the file you saved, and when it asks if you want to merge with the registry, click YES.

*Reboot your computer; your shortcut functionality should be returned to normal.

Would you like us to make your lunch for you while we're at it? :mrgreen:

Seriously, though: we're here to assist people with their hardware and software problems, but "assist" means that you'll need to be more specific in your description of your needs, and you'll also need to let us know what work you have done so far. The way you've stated things in your post, it sounds like you'd like us to come up with "your" ideas.

That type of request is explicitly disallowed here, as pointed out in the following excerpt from our posting rules:

"Do not post homework problems expecting a quick answer without showing any effort yourself. This especially pertains to the software development forums."

.

OK- post when you can.

<CTNP>

Yarrr, Matey- 'tis a clean log ye be havin' there!

</CTNP>

I'm surprised that the problem actually turned out to be the monitor, given what you posted, but hey- at least you have a healthy system now. :)

Sorry again for the delay in my response; school started this week, so it's been a little hectic.

1. Please open a blank new text document in Windows Notepad and copy and paste the lines in bold below (and only the lines in bold) into the document:

reg query HKEY_LOCAL_MACHINE\SYSTEM >>"%userprofile%"\desktop\RegQuery.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\Select >>"%userprofile%"\desktop\RegQuery.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\HTTP >>"%userprofile%"\desktop\RegQuery.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\HTTP\Parameters >>"%userprofile%"\desktop\RegQuery.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\HTTP\Parameters\SslBindingInfo >>"%userprofile%"\desktop\RegQuery.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\HTTP\Parameters\UrlAclInfo >>"%userprofile%"\desktop\RegQuery.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\HTTP\Security >>"%userprofile%"\desktop\RegQuery.txt

Name the file SpyHealRegQuery.bat and save the file to your desktop.

2. Double-click on SpyHealRegQuery.bat to run it.
Not much will happen, although you may see a DOS window flick up on your screen very briefly.

When the file is finished running, a new file named RegQuery.txt will appear on your desktop. Double-click on RegQuery.txt to open it in Notepad, select the entire contents of the file, and paste those contents into you next post here.

yea i thought i was supposed to
but i will do it regularly

Yes- please do that.
There are many components of malicious infections which HijackThis can't detect unless they're activated and running, but since many of these malicious components do not get activated when in Safe Mode, they won't show up in a HJT scan done in Safe Mode.

Sorry for my delay in responding. I'm glad you got rid of the symptoms, but could you post another HijackThis log for me to review, please? Considering that ewido hadn't actually fixed anything and that your last HJT log did still have malicious entries in it, I'd like to make sure that there are no lingering traces of the malware.
Thanks.

Do you need make and model and other info?

No, not as long as you have verified that the BIOS correctly reports it.

Does the Windows installation CD message say no drive found, or no operating system found?

1. Delete the "au.exe" file from the Prefetch folder.

2. The "Nmain.exe" file mentioned in one of the errors is a Norton component. Now that you've uninstalled Norton, that message should not appear again.

3. Most of the other errors look related to a failure somewhere in your networking software, but the errors don't point to the exact suspect.
Can you find any other types of Event Log errors which might help? If so, please post them.

4. C:\DOCUME~1\ADMINI~1.IAN\LOCALS~1\Temp\Rar$EX00.765\HijackThis.exe
The log entry above indicates that you are running the HijackThis.exe program from within a Temp/Temporary downloads folder.
One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!

Please create a folder for HJT outside of any Temp/Temporary folders (a folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do) and move the hijackthis.exe file to that folder now.

5. Your last HijackThis log looks like it was done while Windows was booted in Safe Mode. Unless someone specifically requests otherwise, HijackThis logs that you post should always come from HJT scans while Windows is booted normally.

If the sytem is corrupting itself badly and quickly enough that the Windows installation CD doesn't even find the drive, you need to:

1. Go in to the computer's BIOS setup utility and determine whether or not the BIOS recognizes the drive.
To enter the BIOS, hit F1, Del, F2 (or whatever BIOS access is used on your particular make/model of computer) just after you turn on/reboot the computer; that is- well before you see the Windows loading screen.
In the BIOS setup, look for a page/section which relates to your installed IDE devices and make sure that the correct information (make, model #, size, etc.) for your drive is listed under the Primary Master IDE device section.

Let us know what you find there.

3. If the BIOS does not see the drive, remove the drive from the computer, install it as a slave drive (making sure to set the drive's Master/Slave jumpers to "Slave"), and see if that computer can access the drive. If so, copy all of your critical data off of the problematic drive and on to the external drive ASAP.

[Additional info from super_he_man sent to me via PM]:

The computer has gotten much worse. We can't even load it up into windows now.
IT goes past the windows xp screen and goes to a blue screen that says windoes
is loading and stays there for ever. So far i've tried going in through safe
mode, last known configuration, and even tried to reinstall windows xp but when
i tried to install it, it says there is no harddrive hooked up. Any and all
help is greatly appreciated. I have an external hard drive and another computer
to work with if i can. Its looking like we're just going to have to take it to
a computer doctor if we don't get any help.

Thanks for the update.

The help finder and help features control panels must be related to software that came with your particular computer or to other third-party software; tehy aren't standard Windows components.

I'll take a look at the other problem in the other thread you mentioned.

Faulting application au_.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.

Bleh!. "au_.exe" can be a component of the SpyFalcon/SpywareStrike/SpyAxe family of infections, depending on what exact folder it lives in.
Please search for the file and tell us its exact location:

In the Folder Options->View settings under Explorer's Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

* Click on the "Search" button.
* In the "All or part of the file name" box, type au_.exe
* In the "Look in" drop-down menu, select your "C:" drive.
* Click on "More Advanced Options.
* In the "Type of file" menu, select "All files and folders".
* Put checkmarks in the Search System, Hidden, and Subfolders options.
* Click the Search button; wait for the search to finish.

Your school can't (or at least shouldn't) require that you use two firewalls at the same time; do you mean that they require you to use McAfee's antivirus program? First verify that, even if installed, the McAfee firewall is not actually running.

but I stumbled over this:

"How to stop folder c program files common opening on startup"
http://www.alegsa.com.ar/N/i64/How%20to%20stop%20folder%20c%20program%20files%20common%20opening%20on%20startup.php

That link barfs a connection timeout for me; does it work for you, Xpenetrator?

Did you install a Norton product lately or did something else with it?...

I can't read the info you linked to, but yes- Norton has a lot of components running out of the C:\Program Files\Common Files folder, so that would be a good place to start looking. Check the following:

Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for entries flagged with "Error" or "Warning", especially those which mention a Norton/Symantec file. Double-clicking on such an entry will open a properties window with more detailed information on the error; post the details from a representative sample of some of the different error messages (please don't post duplicates of a given entry, or flood us with the entire contents of the logs).

To post the details:
In the Properties window of a given entry, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard. You can then paste the details into your next post here.

As far I …

Anyway just in case you didn't know, this is an English language forum.

Yes.
aman_dce,

This is a professional, English-language technical support forum. When you post in our forums you need to be clear and concise, and use full, correct English spelling and sentence structures, not the abbreviated sort of gibberish used in chat rooms.

Do you currently have, or have you had in the past, a third-party firewall program installed?

You've somehow managed to get IPv6 (the new TCP/IP protocol) enabled on that machine. Try the following:

1. Log on to the computer with a user account that has privileges to change network configuration.

2. Click Start, click Control Panel, and then double-click Network Connections.

3. Right-click any local area connection, and then click Properties.

4. Click Microsoft TCP/IP version 6 (for Windows XP with SP2 or Windows Server 2003) or Microsoft IPv6 Developer Edition (for Windows XP with SP1), and then click Uninstall.

5. When prompted to confirm the removal of the Microsoft IPv6 Developer Edition or Microsoft TCP/IP version 6 protocol, click OK.

Let's see what you've got running that might be causing that to happen:

Download the free HijackThis utility. Once downloaded, follow these instructions to install and run the program:

Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".

Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". The log file will open in Windows Notepad once you save it; cut-n-paste the entire contents of the file from Notepad and post it here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Ok, next up:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

1. Your log indicates that you have threee antivirus programs running (AVG, Norton, and Avast!). This is definitely not a recommended practice, as they can conflict with each other and cause instabilities and corruptions. Please uninstall two of those utilities before continuing.

2. Close all open programs/windows, (especially web browsers). Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button:

O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)

3. Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Log in to the Administrator account.

4. Double-click on your My Computer icon to open Windows Explorer.

* In the Folder Options->View settings under Explorer's Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file …

OK- the log looks good and clean now :)

How do things seem to be working now? Are there still other issues that we need to look in to?

You're welcome :)

Follow the steps I posted and reply here with the log files when you can.
Once we get rid of the malicious infections, we can also trim down some of non-malicious, non-critical background programs that you have running; that should give you a bit of a performance boost.