Posts by DMR

I have KFC monitor with speakers built in, which doesn't seem to work.

Before digging ino the fairly unlikely possibility that the audio electronics of your monitor aren't working because some overvoltage "crowbar" sort of protection circuitry has kicked in, can you give us more information regarding the whole problem:

- When did the speakers stop working, or have they never worked for you?

- What is the exact model # of the monitor?

- Have you tried the monitor on more than one computer, or have you tried to rule out software problems in any other way?

- If the monitor's speakers have a separate jack/wire for the audio, what happens if you power up the monitor and then plug the audio jack into the "line out" of some (low output wattage!) audio device other than the computer's audio card?

1. The following 3 entries in your log indicate that you had instances of Internet Explorer running when you ran HJT:

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser(s)! HijackThis cannot fully perform its fixes while browsers are running.

2. Download about:Buster and unzip it to your Desktop. Double-click on AboutBuster.exe to run it and then click on Update > Check for Update. If there is an update available, click on 'Download Update and wait while it downloads. Once downloaded, click on Exit.
Note: Do not actually have About:Buster scan yet; we're only making sure that the program has the most current updates in this step.

3. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files". Click Yes in the confirmation dialog, and then click OK to close the View Options window.

- Close all open programs, run HijackThis again, and have it fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

Oh, great- you've a new bunch of nasties now. :mad:

Follow these instruction to see if we can get some of the mess cleared up:

A) Do a free online virus scan at these two sites:

http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

B) Download and install Ad Aware, SpyBot Search & Destroy, Spyware Blaster, and SpywareGuard (download links are in my sig below).

Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & …

Dare I try to defrag in the same way?

Yes, Defrag can suffer from the same problems as ScanDisk in terms of being interrupted by other running programs. When you run Safe Mode, Windows does not load/start most (if not all) of the third-party programs which can interfere with ScanDisk and Defrag.

Did you try booting into Safe Mode yet as dlh6213 suggested?

If not, try that. Let us know if the computer still reboots itself while in Safe Mode.

Also, as soon as you get the shutdown warning message, do the following:

Click on your Start button and then click on the "Run..." menu option. In the "Open:" box of the resulting dialog window, type:

shutdown -a

and then press Enter.

If you can do this quickly enough you may be able to abort the shutdown.

" Error #62 - Input past end of file" is a general program error which usually indicates that the program throwing the error (HJT, in this case) has encounted unexpected or incorrect information in the file it is trying to process/access/fix/modify. In the case of text files, the problem is often a corrupted or incorrect (and unfortunately, also invisible) end-of-line or end-of-file control character. In your case, the corruption might have been caused by the malware which originally altered your host file.

If the "hoster" utility cannot fix the problem, you can delete your current hosts file and create a fresh file using Windows Notepad (the hosts file is a simple plain-text file).

1. Delete the current hosts file. In Windows 9x/ME, the file lives in your C:\Windows folder.

2. Open a new text document in Notepad, and enter the following single line into the document:

127.0.0.1 localhost

3. Save the file as C:\Windows\hosts

4. When you save the file, Notepad will add a ".txt" extension to the filename. The hosts file must be named simply "hosts", without any extension, so after saving the file and closing Notepad, you'll need to go to the file and rename it by removing the .txt extension. You'll probably receive a message from Windows warning against changing a file's extension; choose to proceed with the change.

5. Right-click on the new hosts file and choose "Properties" from the context menu. In the General tab of …

Ok- at the very least, you have the NewDotNet infection. A couple of things before we dive into that though:

1. The following entry in your log indicates that you had at least 1 instance of Internet Explorer running/open when you ran HijackThis:

C:\Program Files\Internet Explorer\iexplore.exe

Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser(s)! HijackThis cannot fully perform its fixes while browsers are running.

2. Your log indicates that you have filesharing software installed. By participating in file/music sharing and other "free" download activities, you greatly increase your chances of infection. The choice to continue doing so is obviously yours, but we advise that you don't.

3. To remove the NewDotNet software, either do so through your Add/Remove Programs control panel, or download the removal tool from new.net. Information on both procedures can be found here:

http://www.newdotnet.com/removal.html

4. Some versions of the GetRight download accelerator program contain adware (as do many such "free" download managers, search utilities, and the like). More info on that can be found at the following site:

http://www.getright.com/aureate.html

5. Once you've removed the NewDotNet software, post a fresh log and tell us if you are still experiencing problems.

Your log is clean.

Open the Event Viewer utility in your Administrative Tools folder and look though your log files. Are there any errors/messages in the logs which might shed some light on the cause of the problem?

If you would like to post a log, we'll be glad to take a look at it for you. However, if it's just Hotmail that you're having problems accessing, the cause of the problem might not be indicated in a HijackThis log.

1. Are you having problems accessing any other sites?

2. Are you experiencing any other problems or abnormal behaviour aside from the Hotmail problem?

3. Please give us as much detail as possible concerning the history of the problem and any other info that might be related and helpful.

Lianne,

As your question/problem differs from the one being addressed here, I've split it into a thread of its own. You can find your thread here:

http://www.daniweb.com/techtalkforums/thread18644.html

The member who started this thread has not responded in over a year, making this an abandoned thread. As such, it is now closed.

Other members who are having similar problems need to start their own threads and posts their questions in those threads, as indicated in our posting rules:

"Every question or new thought should have its own thread. Replies to a previous post should be thread replies to that particular thread. Do not piggyback threads by posting your question as a reply to another question."

If the member who originally started this thread wishes to have the thread reopened, please send me your request via email or Private Message.

Yes, you could certainly do that, but be careful and do your research thoroughly if you do. Google is definitely your friend when it comes to making sense out of HijackThis logs, but just keep in mind that:

- Making the wrong changes with HJT could cause serious damage to your operating system and/or applications, and although HJT does make back-ups in case you make mistakes, there's no 100% guarantee that you'll be able undo the damage once done.

- Sometimes what you don't find from a Google search is as important as what you do find; the lack of any information on a particular entry in a log is a good indication that it's a "nasty" (but this isn't always true)

- You will often find conflicting and/or incorrect information in your searches; it's up to you to make the right choice based on the info you find.

- Intuition can sometimes be just as important as relying on Google when deciphering the contents of a log; given how extremely quickly malicious programs evolve, the exact answers simply aren't always out there.

- HijackThis is a great tool, but it does not and cannot detect and fix every infection. It is often necessary to use specialized utilities designed to remove one family of infections, or even certain variants of a family of infections (such as the latest VX2 variants). A HJT log will often give you clues that this is the case, but it …

You're welcome; we are here to help, after all :)

Don't be surprised if there's more work to do after following our above suggestions though. Some of the most recent nasties can be very difficult to remove, and as such will require "special attention" However, taking the steps we posted above will go a long way toward the general cleanup; we'll deal with any leftovers once you perform the procedures above and get back to us with the results.

I followed instructions and I am back on line! I cannot thank you enough!!

Glad we could help get you back up and running! :)

Your new log looks clean, except for one entry (which is not related to anything malicious):

O23 - Service: X10 Device Network Service - Unknown - c:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

If you had installed, and then later uninstalled, video software which uses X10 (SnapStream/Firefly perhaps?), you might want to have HJT fix that entry. It does look like a dangling leftover from uninstalling a program with X10 components.

What do you think? :cry:

I think you're right.

Here are some things you can do to get most of the "nasties" cleaned out of your system:

A) Run a full anti-virus scan, making sure that your anti-virus program is using the most current virus definition updates.
If you do not have an anti-virus program installed, do a free online virus scan at these two sites:

http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

B) Download and run Ad Aware and SpyBot Search & Destroy (download links are in my sig below).

Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

2) …

I think will do the trick for you:

http://support.microsoft.com/kb/q270008/

Although the article pertains to Win 2000, I've seen the problem occur with XP as well; the fix described for Win 2000 works for XP.

Please note that although the article only refers to the "UpperFilters" and "LowerFilters" entries in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet registry subkey, I've had to apply the fix to the similar entries (if found) in the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x subkeys as well in order to make it work.

If you run the following command, what info does it return concerning the exact chipset that your NIC uses:

lspci -vv | grep Eth

(Case-sensitive; the first "l" is a lower-case "L")

Pulled the lithium battery out. Voltage checks out at 3 volts with my voltmeter.

Although this may not be the ultimate answer to your problem- testing a battery with a voltmeter doesn't say much of anything concerning its strength. A voltmeter doesn't present enough of a load on the battery to tell you if the battery really has enough "oomph" to supply the current it needs to supply under full load. Given that CMOS batteries only cost a couple of $, you might want to just replace it.

More detailed that what? That's a rather broad question you're asking. :cheesy:

Seriously though:

The core Apache product is obviously a web server, so:

- What do you know about Apache so far?
- What do you want it to do for you?
- If you have specific question about its capabilities or functionality, please let us know.

Well- 26 separate displays might be stretching things just a bit, to say the least, but any limitations in that area may start at the application layer. To begin with, for what exact piece of software do you need this functionality?

Hello,

I would be *very* surprised if your present salon would allow you to run with the customer list. That is Intellectual Property of the Salon you are at...

With salons in particular, that's not always the case. Instead of hiring people to work as staff employees, salons often have more of a "freelance" relationship with the people who work there: The salon provides work stations (and perhaps equipment) on a rental basis, the individuals who rent the spaces bring their existing client-base with them, the job of "selling themselves" to increase that client-base is their responsibility, and the ownership of info concerning those clients remains in their hands; they are free to take it with them should they decide to move on.

Yes- disable Norton first; it would be the most likely suspect.

OK- let's start with this:

1.The following entry indicates that your networking software chain has been damaged:

**O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing**

     HijackThis cannot fix this; please download the LSPFix.exe utility from: http://www.cexx.org/lspfix.htm.

Run the program, and if "connwsp.dll" is not listed under the "Keep" list, simply click "Finish" and close the program once it completes its fixes.

     If "connwsp.dll" *is* listed in the Keep list, put a check in the "I know what I'm doing" box, hilight connwsp.dll, and then click the ">>" button to move connwsp.dll to the Remove list (make sure connwsp.dll is the *only* file moved to the Remove list!). Click Finish, and then close the program.

2.Run hijackThis again and have it fix:

   R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
   R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
   R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html
  O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
  O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
  O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
   O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

Also fix these entries if they aren't settings you intentionally made:

   R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
   R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/

3.Reboot into safe mode (you get to the …

OK- you definitely do have problems, but you're using an outdated version of HijackThis. Please download the latest version (1.99.0; the download link is in my sig below), run it, and post the log it generates.

OK- run HJT again from its new location, post a fresh log, and we'll take it from there.

There is a firewall...

Which brand(s) of firewall product(s)?

Before trying anything else, entirely disable any and all firewalling software; it may be actually be the root of your problems, and at the very least it will interfere with our troubleshooting procedures.

maybe we should see a hijackthis log ,as info found when searching shelpar comes up with reference to a dialer .

Yes, it does. A HijackThis log might be a good thing at this point.

JoeyBritt,

HijackThis log analysis is done in our Viruses, Spyware, and other Nasties forum only, so after following the directions below, you'll need to start a new thread in that forum and post the contents of your HijackThis log there:

Download HijackThis:

http://www.majorgeeks.com/download3155.html

Once downloaded, follow these instructions to install and run the program:

1. Create a new separate folder on your drive for HijackThis, move the program into this folder, and run it from there. Don't run HJT from within any Temp or Temporary Internet folder, and don't run it directly from your desktop. A folder such as C:\HijackThis or C:\downloads\HijackThis will do.

2. Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser(s)! HijackThis cannot fully perform its fixes while browsers are running.

3. Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here. The log contents will tell us a lot about what "nasties" have crept …

1. C:\WINDOWS\TEMP\RAR$EX00.639\HIJACKTHIS.EXE

That entry indicates that you are running HJT from within a Temp/Temporary folder. Please do the following:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.

2. What version of HijackThis are you using? The version info is usually listed at the top of the log, but it's missing from your log. If you are not running the current version (1.99.0), please download and run that version.

3. Once you've moved HJT into its own folder, run it again and have it fix:

O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGRAB.DLL
O4 - HKLM\..\Run: [uunojfo] c:\windows\system\uunojfo.exe
O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30426f5...ip/RdxIE601.cab

4. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View …

Your amount of RAM and VRAM should be fine; even if you had a problem of insufficient memory, I really doubt it would cause something as drastic as hard restarts.

1. Check your logs and get back to us. Don't be surprised if the logs hold no clues though; when systems crash in an abrupt enough way, they often don't have a chance to write to the logs before they go down.

2. Do you play any other online games, and if so, do they crash the system as well?

3. If it's just Runescape, has you tried removing and reinstalling the program?

4. Open your computer's case and check everything carefully:

- Are all fans running properly and smoothly?
- Is the interior free of dust and dirt, and is the machine sufficiently ventilated?
- Remove and re-insert all PCI cards, memory modules, and cables. Make sure all are seated/connected correctly and firmly.

5. You could obviously have a weak or failing piece of hardware. If possible, try replacing your video, network, etc. cards one at a time.

6. You can test your RAM with the free "memtest86" utility, which can be downloaded here:

http://www.memtest86.com/

Grrr! I stopped counting the number of times that Norton or McAfee's firewall software has caused these kinds of problems!

However- in your first post you said that you had already disabled the firewall; what gives there?

I found the info but the only thing it really said was that it was created yesterday while I was on the computer. That makes me think it is not a happy little file.

Agreed- that does not sound like a happy little file at all.

Did you follow the instructions crunchie posted earlier to delete that file, only to have it "automagically" return? That sounds like the case, but I just want to verify..

Do that. In the mean time I'll try to dig up more info on the "shellpar" files in general.

Basic question: what am I actually demonstrating by pinging this addresses? That the computer is communicating with them?

At some level, yes- you are demonstating that the computer which you are pinging is at least alive and reachable. The PING command uses a (fairly low-level) network communication protocol called ICMP (Internet Control Message Protocol). When you send a ping command to a certain machine, the request sent is essentially a single packet containing the message: "Hello machine, are you there?". If the target computer is online (and ICMP requests are not blocked by a firewall), the target machine should respond with a single packet basically containing the response: "Yes, I'm here".

As you can gather from the above, a ping only verifies that the target computer is running; it says nothing about the functionality of higher-level protocols such as those used by web browser, email programs, etc. (HTTP, SMTP, etc.)

If I pinged the IP address from another computer in my home (working through the same router) would the response I get be of any value?

It very well might; please try that and let us know the results.

It's weird that you cannot ping your own IP...You can ping the internet though

Yes- weird indeed; not sure about that one...

Arikay,

Just FYI: we don't deal with HijackThis logs in any forum other than our Viruses, Spyware, and other Nasties forum; any/all HJT logs should be posted in that forum. However, this …

Have we given up?

No- we definitely haven't; please just hang in there Den.

Those of us who volunteer here do so in/from different time-zones, and also have "real-life" circumstances which can keep us from being as "present" here as we would like to be (the flu and other such fun ailments being the case at the moment for at least a few of us).

As dlh6213 asked you to run remv3.zip, please wait for his response; I'm sure he'll get back to as soon as he can.

Thanks for understanding.

That's strange-

Please post a screenshot (of readable resolution) of Task Manager's process window, or just post the names of the processes that are listed as being "owned" by HJT.

I've haven't seen or heard of that particular (and rather weird) behaviour before.

What exact version of Windows are you using, and is there any further history/information that you can give us concerning the problem (when it started to happen, if you had made any software adds/deletes/upgrades around that time, etc.)?

Maybe check your system start folder:

Start->run->enter 'cmd' and hit enter

Then go to the 'System Start' folder and uncheck all programs that don't need to be started automatically during startup.

Michael

Hrm??

Did you mean "Start->run->enter 'msconfig' and hit enter... Then go to the 'startup' tab?

Upon start up, it takes time to bring up the desktop

That could just be due to the amount and/or type of programs that you have configured to run automatically when Windows starts up. Things like anti-virus programs obviously should be auto-started, but you can cut down on your startup time by not auto-loading components related to AIM/AOL, MSN Messenger, RealPlayer, Winamp, Yahoo Messenger, etc.

I use Dial Up at work... Then on the net, pages are slow, quite frequent disconnects...Tied into my companies server????? People tell me its dial up, I dont buy it????

Hang on here- you use dial-up at work to connect to your work's server?? Do you work from an off-site location or something like that? If not, that sounds like a very strange network setup your company has there.

Dial-up is dial-up. Regardless of what server(s) you are connecting to at the other end of the line, you're still at the mercy of the possible limitations that can plague the wiring infrastructure between you and your destination (age/quality of the physical wiring, line noise, etc.).

I am curious if it is possible to restore the sprestrt.exe file

You may not need to worry about that; I'm pretty sure the file is only used at installation time. I'll try to verify this and post an update.

Also, I still have a question about whether I should delete wuauclt.exe since I do not have windows ME and I saw a thread that says that I should not have that program on XP.

Information concerning wuauclt.exe being only for ME is out of date; a file of that name is now also a component of AutoUpdate features in XP.

I was browsing around my Windows/System 32 folder and saw sprestrst.exe with an icon like the auto update shield symbol...

Reboot into safe mode, locate sprestrst.exe, right-click on it, and choose "Properties" from the pop-up menu. Look through the General, Version, Summary, etc. tabs in the Properties window for any information which might identify the file (company name, size, creation date, etc.). Post whatever info you find.

Which exact McAfee package (including version) are you using? The configuration options can vary between the different products/versions.

Hmm, possibly interesting... the filename listed in that particular shellpar file happens to be the SpyBot Search & Destroy executable.

What are the filenames listed in some of the other shellpar files? Please just post the names of the files; those tiny screenshots are a bit hard on the eyes. :)

about the missing Media.exe file...so next morning when i turned on computer that message "Media.exe" missing pop-up infront my face.....

Hi carol,

You need to be as specific and accurate as possible when you you post. Until now, you've said that one of the problems is related to a Wmedia.exe file, not Media.exe, and the difference could mean a lot. What is the exact name of this file?

I have a weather bug program...

Um... the free versions of WeatherBug are adware. Depending on exactly which version you have, it may also have installed other programs of more-than-questionable reputation on your computer.

Arikay,

Could you answer a couple of my pervious questions in more detail please?:

1. Was that when you pinged Google by using "www.google.com", or by pinging "66.102.7.147"?

2. The IP address of your own computer's network card failed? Given that you said above that you could ping Google, that doesn't make sense.

Also- your logs indicates that you are not running any anti-virus software.

Before posting a new log, please visit the following two sites and take advantage of their free online anti-virus scans:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://housecall.trendmicro.com/

For future reference, you should install some sort of anti-virus program, and you should make sure to keep it as up-to-date as possible. If you don't want to spend $$ for a program such as Norton or McAfee Anti-Virus, you can download the free AVG anti-virus program from:

http://www.grisoft.com/us/us_dwnl7.php

OK, but as I asked before:

- Are there any errors/messages in your log files which might help pinpoint the problem? You can view the logs by opening the Event Viewer application in your Administrative Tools folder.

- Has the problem been present ever since you first started using the game, or did it start sometime after that?

These are the shell parameters for each program in the Registry. Don't mess with them.

Yes, the Registry has shellpar/shell parameter entries, but I've never encountered distinct SHELLPAR files in any Win 2K/Win XP directories, even when Explorer's View option are set to display all files/folders. Can you elaborate please?

jks,

Your log indicates that you are are using the Reset 5 program, and the sole function of that program is to bypass Windows XP's product activation. I'm sorry, but for legal reasons which should be obvious, we cannot help anyone who is using cracked, pirated, or otherwise illegal software.

In light of the above, I'm locking this thread for now and sending notice to the other moderators that I have done so. If you feel that my action is unwarranted, please send me a Private Message explaining your reasoning.

A possible trojan dialer. Can you give us some of the filenames listed in the shellpar files please?

So nobody knows ?

:eek:

<EDIT>

Note to self: read the date stamps on the posts as well as the #$$# time stamps!! Sorry...

</EDIT>

I've had Win2K do that to me once on multi drive/partition system, but I didn't even notice it until after the installation, so I wasn't able to figure exactly what went *burp*.

- If you set Windows Exploer's View options to show all hidden/system files and folders, do other core files like ntldr show up on the second partition along with boot.ini?

- How were each of the partitions formatted (FAT32 or NTFS)?

- What's in the WINNT folder on the second partition?

- Was there ever a version of Windows installed on the second partition?

The 50-pin connector is the internal SCSI connector; if your system is stock, this won't have anything connected to it.

The two 40-pin connectors are the Primary and Secondary IDE channels; your hard drive should be plugged into the Primary channel's connector. I haven't worked on Macs in a few years and don't remember which connector is which on that particular model. Is it a desktop or tower?