Posts by DMR

Ok, now for the fun part...

We're probably not going to get all of the nasties on the first run, but let's start with this:

1) Have HijackThis fix the following entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://
F3 - REG:win.ini: run=C:\WINDOWS\inetdata\services.exe
O2 - BHO: (no name) - {2A29FA17-1BA9-6654-A58E-47C6F864C7B3} - C:\WINDOWS\System32\atkshaeg.dll (file missing)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {B8DADE78-4022-48BF-BE4F-521F4DE6452D} - C:\WINDOWS\System32\lnmg.dll (file missing)
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-716D61788264} - C:\WINDOWS\System32\max8264.dll
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
O4 - HKCU\..\Run: [Ooru] C:\Documents and Settings\Andrew Russon\Application Data\thha.exe
O4 - HKCU\..\Run: [Wbihgqvo] C:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: …

1)

C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

Those two lines indicate that A) Internet Explorer was running when your friend did the HijackThis scan, and B) he/she has HijackThis running from within a Temp folder. For HJT to work correctly, it must be run from its own folder outside of any Temp folder. Create a folder such as C:\HijackThis or C:\Downloads\HijackThis, move HijackThis into that folder and run it from there. Also make sure that absolutely no instances of Internet Explorer (iexplore.exe) are running when HJT runs.

2)

O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

SpyKiller is a bogus program; it should be removed. Use Ad Aware and SpyBot Search & Destroy instead; download links for both utilities are in my sig below.

3) Your friend is using music/file sharing programs, which are major sources of spyware/adware. The risk of further infections will be greater if your friend decides to keep doing the P2P filesharing thing.

Have your friend:

- Take care of the issues above.

- Download Ad Aware and SpyBot, use their "check for updates" features to make sure the latest spyware definition/reference files are installed, run both programs consecutively (the order doesn't matter), and have them fix everything they find.

- Reboot the computer.

- Go to the following two sites and run their free online virus/spyware scans:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://housecall.trendmicro.com/

- Run HijackThis again and give a new log.

The failure sounds much more like a hardware issue than a virus issue, so I'm moving this to the hardware forum. Buckle up...

You say to get spyware blaster and/or spyware guard. What is the difference between those and spybot and ad-aware?

Basically, Ad Aware and SpyBot (although SpyBot does have an "immunization" function) are primarily detection and removal tools; they are more "curative" than "preventative". SpywareGuard and SpywareBlaster, on the other hand, put in place protective measures to keep "spyware" from installing itself on your system in the first place.

Also, why was spybot and ad-aware not able to get rid of those problems that I had either? Are they not all the same thing?

Ad Aware and SpyBot, while very good at what they do, will probably never be able detect and clean all of "nasties" out there. The people who write these malicious programs are constantly changing their programs to make them harder to detect and/or remove, and are also creating new programs which take advantage of newly-discovered methods of infection. Just like finding a cure for a newly-discovered disease, it takes time to analyze new spyware/virus/etc. infections and write code which can remove them.

That said though, I would have thought the Ad Aware/SpyBot combination should have been able to eradicate Web_Rebates and TV Media; I'm not really sure why they didn't.... :?:

Good- it looks like your clean now. According to Microsoft, the fdeploy dll is a valid Windows component:

Fdeploy.dll Category Fdeploy.dll is an MMC extension to gpedit.dll that provides settings for Folder Redirection Group Policy.

Now that you've gotten rid of the nasties, here are some suggestions to minimize your chances of future infections:

1. Use Windows Automatic Update function to keep your system as up-to-date as possible with the most current Microsoft security and bug fixes.

2. Stop using Internet Explorer as your web browser. Because IE is so closely tied into the Windows operating system itself and contains so many security flaws, switching to another browser such as Netscape, Firefox, or Opera will greatly reduce the avenues through which spyware/adware/hijackers/etc. can infect your computer.

3. Install preventative utilities such as SpywareBlaster and SpywareGuard (links are in my sig below), especially if you absolutely have to continue using Internet Exploder. These utilities protect areas of your system known to be vulnerable to malicious attacks.

4. Tighten up some of Internet Explorer's existing, default settings to make it more secure. Some info on that can be found here.

5. Obviously: install a good anti-virus program and enable its "auto-protect", "auto-update", and email-scanning features.

6. None of your utilities are of much good if you don't check for updates frequently; updates for anti-spyware/anti-virus programs can be released as often as ever two or three days.

If it won't delete even in Safe Mode, try unregistering the dll before attempting to delete it:

1. Under your Start button in the Task Bar, choose the "Run..." option.

2. In the resulting "Run" window that opens, type the following command in the "Open:" box and hit the Enter key; this will open a DOS window:

cmd

3. At the DOS command prompt, type the following and then hit the Enter key:

regsvr32 /u C:\WINNT\System32\WOWFAWK.dll

4. If the above returned no errors, try deleting the file; you may need to reboot before you are allowed to delete it.

Overall, that sounds pretty good in the end; test-drive the system for a bit and let us know how it goes.

As far as the fdeploy file goes: it did look suspicius to me, but I could find almost no info on the file whatsoever. The only thing I could find was that a legit file of that name is associated with the "Close Combat" game, but it didn't look like the legit fdeploy.exe should be living in the C:\WINNT\system32\ folder.

On thinking about it further, I take it you don't have Close Combat installed, yes? Even if you did, I highly doubt that the legit fdeploy program would need to add an entry to the Windows Registry to make it start automatically when Windows starts. If the Panda scan wasn't able to disinfect/delete the file, do this so that we can be more sure:

1. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files". Click OK

2. Go to your C:\WINNT\system32\ folder and locate fdeploy.exe.

3. Right-click on the file, and choose Properties from the context menu that opens.

4. Under the Version tab of the Properties window, look through the Company Name, File Name, etc. listings and tell us what they report. If the file's Properties window offers you no Version tab; tell us that as well. A lack of info in the Version tab …

winpack.exe is a trojan which, among other things, performs browser redirects.

1. Have HijackThis fix the " O4 - HKCU\..\Run: [winpack] C:\WINNT\system32\winpack.exe" entry, reboot, delete C:\WINNT\system32\winpack.exe, and empty your Recycle Bin.

2. Make sure you have the most current virus definitions for AVG and run a full system scan.

3. Go to the following two sites and run their free online virus scans:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://housecall.trendmicro.com/

4. Get back to us with the results.

The following page at Symantec/Norton's support site explains one of the infections you have:

http://sarc.com/avcenter/venc/data/pf/adware.easysearch.html

Since you already have Norton and SpyBot installed, also download and install Ad Aware and then do the following:

A) Run a full anti-virus scan, making sure that your anti-virus program is using the most current virus definition updates.

B) Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all …

You're welcome. Glad you were able to get it sorted, and thanks for posting back to tell us how you finally resolved the issue.

Some general questions to help us narrow down the possibilities:

1. Can you give us any more specific, exact information about the Memory problem error? If the computer had stopped responding, how were you able to run the check up, and exactly what "check up" program did you use?

2. When did this start happening? Had you changed/added/removed any hardware or software around the time you first saw the problem?

3. Does the problem happen when you boot Windows into Safe Mode? You can get to the Safe Mode start-up option by hitting the F8 key just as your computer is starting up.

4. If you just let the computer sit for a while after it boots, will it eventually begin to function correctly, or does it stay "frozen" indefinitely?

5. Tell us exactly what version of Windows you have, and give us the specifications of the computer's hardware.

6. Disconnect any external hardware (printer, USB devices, network cable, etc.). Does the problem still occur after doing that?

Sorry- I wasn't intentionally ignoring your thread. Holidays have been hectic both business-wise and family-wise, and getting back to this thread is one of the things that fell through the cracks.

Unfortunately- I can't (even with the info you've given on the drive) know for certain if it comes with overlay software pre-installed, or if that is even the root of the problem.

Also (and again unfortunately)- it's dinner time in my end of the world, and given that I (and all other members who work here) do so on a totally volunteer basis, I need to log off and take care of "real life" issues such as feeding the kids.

Your latest log looks clean to me, except for possibly the "WeatherNetwork" program. I don't have the time right now to confirm if that specific program is adware/spyware related, but some other similar programs are.

Let's wait for dlh6213, crunchie, or caperjack to follow up with a "second opinion" on this before you sign you off as clean, but it does look to me like you've gotten the job done.

its no big deal

It can be, actually- the newer version probes more possibly problematic areas of you system than version 1.98.2 did, so it can identify more possible "nasties".

But... since you can't seem to get version 1.99.0 running, let's work with what you have:

1. If you ran Ad Aware and SpyBot (after getting their most current updates), and also ran the online virus scans I linked to earlier, they should have gotten rid of more than they did. Please let us know specifically if you have followed each and every suggestion we've posted. If there are any of the steps that you have not performed yet, please do them now and post a new log from your current version of HijackThis.

2. In terms of this: "my account was AKRAM"; try logging in as Administrator instead when booted into Safe Mode. That should then give you access to the folders in question.

3. The log entries:

C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

Those entries indicate that you had 2 instances of Internet Explorer running (which could possibly the doings of the spyware). HijackThis cannot fully perform all of its fixes while any instances of IE are running, so before having HJT fix anything:

a) Press the Ctrl, Alt, and Delete keys simultaneously to open Windows Task Manager.
b) In Task Manager, click on the "Processes" tab.
c) In the resulting list of running processes, click on each entry for …

I'm closing this thread due to the fact that the member who originally started the thread has not responded in over a year.

To all other members who are having similar (or seemingly similar) problems:

Our posting guidelines prohibit "piggybacking" questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

Version 1.99.0 of HJT is a very recent release, and even the author of HJT admits that there's still work to be done in terms of certain bug fixes. Read a bit more about that on the author's site::

http://www.spywareinfo.com/~merijn/

If you can't get the latest version of HJT to work on your system:

1. Try running HijackThis while booted into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

2. Perhaps your original download/installation of HJT got corrupted. Uninstall the version you currently have via the Add/Remove Programs control panel, and then download a fresh copy from the link in my sig below.

3. If v 1.99.0 absolutely refuses to run on your system, you can download a copy of the previous version (1.98.2) from my FTP site; I put a copy of that version up there for other members who have been experiencing similar problems with v 1.99.0:

http://www.stevewolfonline.com/Downloads/DMR/DMRCA/Malware%20Utilities/

The counter.cab file itself is indicative of the infection; it also indicates that you may have other infections.

Please do the following so that we can get a "snapshot" of possible problem areas on your computer:

Download HijackThis:

http://www.majorgeeks.com/download3155.html

Once downloaded, follow these instructions to install and run the program:

Create a new separate folder on your drive for HijackThis, move the program into thids folder, and run it from there. (Don't run HJT from within any Temp or Temporary Internet folder, and don't run it directly from your desktop.) Do not have HJT fix anything yet, only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here. The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Do the above, and we'll take it from there. :)

in the bottom corner where the website address would be is something to the effect of...

Please give us the exact info if possible; the more specific you are, the more quickly we can help you out.

- Have you checked for virus/spyware/adware infections yet? They can certainly cause problems such as those you describe. Have a read through the posts in our Viruses, Spyware, and other Nasties forum for information on how to detect and remove such infections.

- You say that this has "been driving me nuts for two weeks". Did you make any software changes, updates, etc. around the time the problem first appeared?

edit: err, sorry for bumping a half a year old thread. but it was unanswered ;)

lol. Yes, and as your first post as well; care to help some of the currently needy members here now?

:mrgreen:

OK then, let's go for this question I asked previously:

Does the problem occur when you are booted into Safe Mode?

If it doesn't occur in Safe Mode, that would be more indicative of a software problem.

Look through the Application and System logs for events that are tagged with a red "exclamation point" or indicate "Warning" and see if the date/time stamp on those coincide with the time that the freezes occur. I f so, tell us what they are.

1. Does the problem occur when you are booted into Safe Mode?

2. Have you looked through your system logs yet for any pertinent error messages? If not, open the Event Viewer program in your Administrative Tools folder to do so.

3. Give us some history of the problem: when did it start happening, had you changed/added/removed any software/hardware at about that point, etc.?

Hi Per Ivar ,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

Tami,

I've still found no info the WOWFAWK.dll file, but I'm sure it's part of your problems. If you haven't already, please do the following:

- Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files".

- Ses if you can now view the C:\WINNT\System32\WOWFAWK.dll file. If so, delete it.

- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Delete the entire content of your C:\Windows\Temp folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.

- Reboot normally.

bump yet again.

I'm not sure if you got idea of what I meant by " Please try to be a bit more patient in the future..." in my first post, but if not, here it is:

1. Those of us who troubleshoot problems here do so on our own spare time, and on a volunteer basis.

2. We all have "real-life" jobs and family lives which might prevent us from participating here for any given amount of time.

3. Your problem is no more pressing that those of our other 20,000+ members'. We haven't forgeotten you, but we might not be able to get to your particular question as soon as you would like.

4. It's the week between christmas and New Years; many of us have other commitments right now.

Given the above; enough with the "bumpidy bump bumpidy bump bump bump bump"s please.

You are infected with the latest VX2 variant, which is extremely nasty and persitent. As crunchie already mentioned- do not do anything that we don't suggest, and do what we do suggest exactly, and in the exact order given! As you've already found out, the infected files will both morph and multiply if you don't follow instructions to the letter.

Do not try to keep throwing Ad Aware and SpyBot at this problem; they are not capable of fixing this particular infection and will only magnify the problem.

As crunchie asked before: why is your %systemroot% directory named "C:\WINNTOLD"?! That is not the normal name of the root system directory for any version of Windows. Can you give us any elightening info on that?

Actually, I'm not sure that you can check that from within Windows. The overlay utilities are low-level programs that the hard drive manufacturers use to overcome the inabilty for certain BIOSes and/or operating systems to correctly detect the full capacity of large drives. Such software, if you have it, would most likely have been applied when the drive was first formatted (that is, before Windows was even installed).

Over the years there have been many "size barriers" in terms of a BIOS' and/or operating systems' ability to deal with the full capacity of "large" IDE/ATA hard drives. The most recent barrier is 137GB, so it's quite possible that your 160G drive came with an overlay pre-installed to overcome that barrier.

I might just be shooting in the dark on this, but- what make is drive? Maxtor's overlay utility is called "MaxBlast", and current Western Digital drives use a utility called "Data Lifeguard Tools" (older WD drives used an overlay called "EZ-Drive").

...it stops also at the bootup -- at this prompt:

scanning for Harddisk partitions and creating /etc/fstab/...

a similar problem that I had with the rescue cd...
I think that installing windows did something I didn't know to my hd...
is it because I have no more swap space or something?

Knoppix doesn't need to write anything to the hard drive at all (it runs in memory), so insufficient swap wouldn't be an issue.

Are you using any "drive overlay" software on that 160G drive? If so, that kind of software has been known to throw Linux for a loop.

ok i did that. But i couldnt get into my user in documents and sttings, it said access denied.

What user account were you logged in under?

Since i dont have my old version anymore, i cant post a new log! Can you tell me where to find the old one?

I've got a copy of v1.98.2 on my FTP site; you can get it from there:

http://www.stevewolfonline.com/Downloads/DMR/DMRCA/Malware%20Utilities/

Could you have a heat problem with the CPU...

That could definitely be worth a check.

Tome722,

If the motherboard is under warranty, you might just want to return it for another one before the warranty runs out.

lol!

you are online all the time -- everytime I come -- I can count on a reply from DMR within the hour...

OK, OK- so you've busted me. :mrgreen:

The truth is that I'm a freelance computer consultant in "real life", which does make my time somwhat flexible. That said though, I probably do spend way too much of my free time here helping others solve their problems. Oh well- sorry... I've been doing it for a few years now and just can't seem to stop...

Erg!

I was just about to post more info before I got notified of your most recent dillema. Hang in there- I'll respond, but I really have to log off right now and get down to eating some dinner...

Are there any error messages generated from the crash? If so, tell us exactly what they are.

We could probably at least start to work from the old version of HJT, but the newest version has an enhanced range of detection, and as such can find/fix a wider range of problems.

1. Did you do the online anti-virus scans I suggested? If not, please do those and let us know that you have done so before we proceed.

2. A few other things you should do to help clean things up before posting a new HJT log:

A) Run a full anti-virus scan, as I mentioned earlier.

B) Download and run Ad Aware and SpyBot Search & Destroy. The download links are in my sig below.

Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file

...before you buy a book "gentoo - unleashed" and read the whole thing...

lol!
Yeah right- like I have that kind of spare time to throw at a job I don't even get paid for... :mrgreen:

Is there an easier or alternate way of running qparted?
-Soral 3.0

Well... qtparted is a Linux utility, so if you want to use it you will have to run it while booted into some sort of Linux environment. I haven't used SystemRescueCd myself; I use Knoppix instead, and have only had it refuse to boot on one particular system out of the many that I've used it on.

Knoppix is a full-blown, Debian-based Linux distro which runs entirely from CD and includes many utilities, including qtparted. It's very good at detecting and coping with a wide variety of hardware configurations, including a variety of laptops (which traditionally have somewhat of a history of not "playing nice" with Linux).

Here's a short article which describes a bit more about Knoppix:

http://www-106.ibm.com/developerworks/linux/library/l-knopx.html?ca=dgr-lnxw03-obg-SysRecover

And of course... the Knoppix home page:

http://www.knoppix.org/

If at this point you still just want to shrink your existing Windows partition to make room for Linux, there's no reason you can't use Partition Tragic *cough!* er, um... I mean "Partition Magic" to do the job if you're willing to pay for the program.

OK. Keep us posted, and don't hesitate to ask for help if you have any questions along the way.

This one was sold with hardware that satisfies licenseing.

OK- as Christian and I alluded to, that particular disk might not offer the "upgrade" installation if it was tailored to be a restore disk for the system it came with. That's the only reason I can think of at the moment why you didn't get the "upgrade" option when you tried the install.

Im sure your advice for a full install is correct and I belive that is what we will do.

Yeah- even though the program reinstallations are a pain, you may avoid other irritations by going the "whole banana" installation route.

If you're planning on upgrading to SP2 once you get the base XP install set up, you should so before doing anything else (reinstalling programs, adding new programs, etc.). It's best to install SP2 over a "virgin" XP if you have the opportunity, and then start rebuilding your environment once you're sure that the operating system itself is in good running order.

bumpidy bump dump bump

After less than 3 hours from your first post?? :rolleyes:
Please try to be a bit more patient in the future...

First- you're running an older version of HijackThis. Please download the latest version (1.99.0) using the "HijackThis" link in my sig below, run that version, and post the new log it generates.

Also- since your current log shows no indication of any running anti-virus software, go to the following two sites and run their free online virus scans. They'll probably be able to clean up some of the nasties:

http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

You can also download the free anti-virus program from this site if you don't currently own an AV program:

http://free.grisoft.com/freeweb.php/doc/2/

Grrr. OK-

In terms of this:

I was told by my IT guy at work to hold down the insert key while turning the machine on.

The guy was probably trying to accomplish one of two things by that suggestion:

1. On some (but not all) BIOSes you can force a reset by holding the Insert key down while the computer is turned off, and continuing to hold it while you turn the machine on and let it start the boot cycle.

2. Continuously holding a key down (or repeatedly pressing a key) as the computer boots will often force the BIOS to halt and cough up a keyboard error. You can often get in to the BIOS setup at this point.

A few standard things to try, assuming that you've already double-checked your cables/connections:

1. Remove, clean, and reinsert your RAM as helloimtim suggested.

2. If you have more than 1 RAM module installed, test the modules by installing each one individually and attempting to boot. If the computer fails to boot only when a certain RAM module is installed, replace that module.

3. Remove any PCI cards (network card, modem, sound card, etc.) one by one. Will the computer boot when one of those cards is not installed in the system?

4. Do the above steps for any CD, DVD, etc. drives.

5. Unplug the computer's power cord and remove the BIOS/CMOS battery from the …

Oh crud:

- I'm not very familiar with Gentoo at all.

- The documentation at sysrescd.org is really light on troubleshooting info; I couldn't find anything helpful there.

- I cannot find a Hardware Compatibility List on Gentoo's site, so I can't verify that your particular components are known to work with the distro.

I'll have to see if I can come up with more info; I'll repost when/if I can find anything useful.

The problem started after my 5 year old wiggled the power plug on the machine.

That might just be coincidence, but maybe not.

Open the case and check everything out as I suggested. While you still have the case open, turn the machine on and make sure that all of your fans are working. Also listen closely to the hard drive or put your hand on it. Can you hear/feel any indication that it is at least spinning up?

Thanks for the update. Your log still shows HijackThis running from a Temp folder:

C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe

Please create a folder called HijackThis directly in your C:\ folder and move HijackThis there. One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. If HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!

That aside, I see no obvious "nasties" in your log, but there are a few loose ends that should be cleaned up. Once you are absolutely sure that you've moved HijackThis to the C:\HijackThis folder, run it again and have it fix:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab

For the performance reason mikeandike22 mentioned, you might want to get rid of StyleXP. I'd also uninstall FlashGet if you're using the free/unregistered version- it contains (CyDoor) adware.

Given the lack of any gross indication of problems in your log, it's possible that the error you're getting isn't the result of malicious programs. There are a number of possible alternate causes, but we'd need more info to help you narrow things down:

…

i am still trying to recover from that frob sentence i witnessed lol :p

Ah yes- Frobnication is definitely not for the faint of heart; you're lucky to have made it out of that link alive... :mrgreen:

I agree about the "stubborn programs" bit; if it were my machine, I'd be digging around in it until I found out exactly what those files are, malicious or not. Unfortunately, since I'm not sitting in front of your computer I can't offer you any more help along those lines.

Oh, and as for this:

does antivirus software ever accidentally lock your own access to certain files

Accidentally? I've never seen it happen personally, but that certainly doesn't mean it couldn't. The only circumstance I can think of which might be slightly related would be with infected files which an AV program has quarantined, but that doesn't seem to apply here.

Caught, and moved... :mrgreen:

Manny805,

In addition to the fact that you do need to move HijackThis to a folder outside of any Temp or Temporary Internet folder, your log doesn't look complete:

1. The header information should list the version of HijackThis; yours doesn't.

2. I'd expect to see more than one "04" entry in a normal log.

Are you sure you cut-n-pasted the entire contents of the log?

I am unable to boot from the Windows CD or get into the system BIOS.

- Did the system ever boot correctly after installing the new motherboard? Your post is slightly unclear on that.

- Does the system emit any beeps when it attempts to boot? If so, tell us what the pattern is and what brand of BIOS you have.

If you can't even get into the BIOS, I'd crack open the case first and make sure that all cables are in their proper connectors and that all components are seated firmly.

This one says for sale with new computer only.

I think Christian's take on the above may be on the mark.

Where exactly did you get the disk? Does it have a PC manufacturer's name on it? Install disks labelled in that way are OEM versions meant for distribution only by PC makers. They are not retail versions, and are often not identical to the off-the-shelf versions of Windows.

In terms of the upgrade path in general, Microsoft specifies that Win 98 can be upgraded to XP (home or Pro) with either a full or upgrade version of XP. Personally I'd go for the full, fresh install method myself; 98->Xp is quite a jump, and any "ragged edges" that your current 98 installation might have will be carried over and possibly magnified in the course of an upgrade to XP.

Give it a shot- it should work.
Without a DC, your machines are basically in a workgroup environment now, meaning that you can certainly still share resources between them, but your shares and user accounts will have to be configured locally on each individual machine.

Setting up identical accounts/passwords on each machine will simplify the remote logon procedure, but that process will obviously be cumbersome unless you have a fairly small network. If your network is larger than 10 machines or so, I'd recommend that you get a Domain Controller back in place.

Good luck; let us know if you have any further questions or problems. :)

Glad we could help :)

Now you've gotten cleaned up, install SpywareBlaster as crunchie suggested and make sure to keep it updated. SpywareBlaster "plugs the holes" in some vulnerable areas of Windows and Internet Explorer, thereby preventing a lot of the crapware programs from installing themselves on your system.

Also make sure to keep your anti-virus program up to date, and use Windows' Automatic Update function to ensure that you're keeping current with Microsoft's latest security fixes.

You might also want to think about dumping Internet Explorer and going with a non-Microsoft web browser. Browsers such as Netscape, Firefox, and Opera are much less susceptible to the effects of spyware, adware, etc. programs.

RPrice,

Two things before we dig in to this:

1. You are running an old version of HijackThis. Please download the latest version (1.99.0) using the link in my sig below.

2. You are currently running HijackThis from a folder within your C:\Documents and Settings\Administrator\Local Settings\Temp folder. Please create a new folder outside of any Temp/Temporary folders for the new version of HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. If HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!

Take care of the above, post the log that the new version of HijackThis generates, and we'll take it from there.

Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.

my strawberry files are BACK in normal mode and that program wont let me delete them...

Is it possible that the files are being generated by a legit program you have installed? Malicious infections aren't the only programs which auto-create files, and if the "strawberries" are benign we probably shouldn't waste time on them. While I would think that you would be able to delete them if they we harmless, they do look like they're related to some sort of online shopping catalog or similar.

can i delete the crap in that temp. internet folder too? theres a lot...

Yes, you can. The cruft that builds up in there isn't vital. ;)

OK- the operating system is having a problem with your hardware configuration by the sound of it.

What are your hardware specs, and what version/distro of Linux is your rescue CD based on? Depending on the distro, there may be parameters than you can enter at the boot: prompt to work around the problem(s).