Posts by DMR

I think I can get myself sound if I can figure out where autoexec.bat are and config.sys are, but they don't seem to exist. Where can I find them and how do I edit them?

It's IBM DOS 5.0

DOS 5.0? YOIKS!! [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/eek3.gif[/img]

autoexec.bat and config.sys should live in the root (C:\) directory, although IIRC they may have their attributes set such they aren't visible using the normal "dir" command. I haven't touched IBM DOS in about a decade, but in MS-DOS the following syntax of the dir command will display all files in your current directory, regardless of their attributes; the syntax might work for IBM dos as well:

dir /a

MS-DOS had a program called edit.com which you could fire up from the command prompt to edit files like autoexec.bat and config.sys, but I can't remember if IBM DOS had the same or similar. Regardless, you'll probably have to change some of the attributes before you'll be able to edit the files and save your changes. The following commands (again, if I remember correctly) will remove all of the attributes which might prevent you from editing/changing the files:

attrib -r -s -h autoexec.bat
attrib -r -s -h config.sys

but then the message came up that it was unable to repair:
C.\_RESTORE\TEMP\A0063948.CPY

Your system was infected at the time ME's System Restore function created one of its restore points, and now infected files are stored in your system restore folder. That folder is a protected system folder, which is why your AV program can't delete the infected files. Follow the instructions below to temporarily disable the system restore function; doing so will delete the contents (including the infected files) of the C:\_RESTORE folder:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?OpenDocument&src=sec_doc_nam

Before turning the System Restore function back on, run a full anti-virus scan again and have your av program fix what it finds. If it still has trouble removing any infections, let us know.

Download and run Ad Aware and SpyBot Search & Destroy.

Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file

3) Click on the ‘Advanced’ button on the left …

Sounds like you have two chips and one of them is intermittently having r/w failures..

Agreed. It's most likely a bad or improperly seated stick of RAM, but it could be a fault on the motherboard as well.

Here's the official word on that error from Dell's support site:

Probable Causes: Faulty or improperly seated DIMMs or defective system board.

The "cannot find shell.dll" error indicates that your shell.dll file is either missing or corrupt. The error is fairly common, and can happen for a few reasons; probably the most common reason being a virus infection.

A lot of information on possible causes of the error (and the fixes) can be found in the links in the following Google search; try some of the suggestions and let us know what you get:

http://www.google.com/search?hl=en&q=%22cannot+find+shell.dll%22&btnG=Google+Search

Hi creiling, welcome to TechTalk!

Being a new member I'm sure you weren't aware of this, but one of our forum policies is to keep all responses to a given question in the thread in which the question was asked (as opposed to having responses emailed to the member asking the question).

There are two reasons for this:

A) By keeping the entirety of the troubleshoot in the thread, members who who want to help you can see the full, clear history of what has been done and suggested so far. If some suggestions are given only by email, it leaves "holes" in the troubleshoot history in the thread. This leads to redundant and/or off-target suggestions being posted (due to the lack of visible history in the thread), and that just wastes time and causes confusion.

B) We're trying not only to help current members who post questions here, but also to help others around the world who may be experiencing problems similar to those posted here. Many people find our site in the course of searching the Net (through Google and the like) for answers, and by keeping the complete course of each problem's resolution in our forums we can provide those people with a growing wealth of (hopefully) helpful resources.

Additionally, many experienced troubleshooters on tech support forums in general will not answer questions via email, Private Message, IRC, etc. We work on these forums as volunteers, and usually simply don't have the …

In this window type: C:\Windows\system32\Restore

That command should have been "cd C:\windows\system32\restore"; that's why you got the "not recognized" error.

The original "entry point" error is an indication that something went wrong during the update, and one or more of your system files are now corrupt or out of sync ("out of sync" meaning that not all of the files which should have been updated actually were updated; this can cause version conflicts/incompatiblity between the older components and the newer updated components).

A system restore might work, but it isn't guaranteed. If it doesn't, you'll have to find your installation CDs so that you can try a repair from the Recovery Console.

In terms of the "popping" noise, that probably (and hopefully) means that some software component related to your video card or monitor has now been corrupted as well. Let's hope so, because the sort of popping and associated flashing of indicator lights can also be the sign of a dead video card or monitor. If you have (or can get) access to another computer, try switching monitors between the two; that will at least tell you if the display problem lies with the monitor or with the computer.

It'd help if you described the pop-up a bit more fully. You've mentioned nothing about the form and content of the pop-up.

Please describe it for us.

Agreed. Posting an image of the window (if possible) would be best.

Hi Alter Ego, welcome to TechTalk :)

deonnanicole is right about starting your own thread for your question/problem; it just makes things less confusing for all if members stick to our policy of dealing with one person's issue(s) per thread.

Once you start your own thread, we'll help you out as much as possible in that thread. In the mean time though, use our forum's search function to find and review past threads on similar issues (there have definitely been more than a few). Click on the "Search this forum" button and try combinations of the following keywords to find those related threads:

msn hotmail log login secure site page displayed action cancelled

Do you suppose that it has something to do with the static IP address that I'm assigning the XP machine?

If your network connectivity and web browser work fine for a while before they quit again, it's unlikely that your static IP settiings are part of the problem.

Given that the corruption keeps reappeariing, and that Ad Aware/SpyBot/etc. have found nasties on your machine, you might consider the possibility that you still have a piece of malicious software which could be at the root of the problem. It's at least worth checking out and/or ruling out- have a read through the threads in our Security forum for a lot more info on what infections you could possibly have and what you should do to detect and remove them.

If you get the sense that "spyware" may indeed be the problem (or at least part of it), please start a new thread in the Security forum. Give us as much info as you can concerning what you've done and found, and we'll take it from there.

Ok- a couple of quick things I'd try, given that it's only your current account that's having problems:

1. Log in as an administrator, create a new user account, log out of the administrator account, and:

a) log in to the new account and verify that all of your programs (including Internet Explorer, obviously) work properly. If they do:

b) Log out of that account, log back in under an administrator account, and copy the contents of your C:\Documents and Settings\Old_Username folder to your C:\Documents and Settings\New_Username folder (instructions for doing so are here). If you get prompts asking if you want to overwrite existing files/folders in the New_Username folder, click Yes.

c) Repeat step "a)".

If all seems to be well you can delete the old account, although I'd leave it in place for a while just in case.

The hardware requirements for Fedora, as well as some known hardware-related issues, can be found here. Unfortunately, Fedora being a fairly new venture, they have not compiled a comprehensive, official Hardware Compatibility List yet. My guess is that the hardware listed in Redhat's HCL would roughly parallel Fedora's supported hardware, but that's just a guess.

If you already have a computer that you're thinking of using, post its specs here; we can probably give you some feedback on the components.

For all versions of Windows, pressing the F8 key at boot-up is the standard method of bringing up a startup menu where you can choose what mode to boot into. The menu options differ between different versions of Windows, but Safe Mode is always one of the options.

In safe mode, Windows starts/loads only the most basic components that it needs to function. Many malicious programs are programmed to start automatically when Windows is booted in normal mode, so by booting into safe mode you keep these programs from loading, and thereby keep them from interfering with your spyware and virus removal efforts.

Does that answer your question?

(By the way- yes, Kazaa and other filesharing programs are some of the worst offenders when it comes to distributing adware and spyware.)

Have you made any hardware or software changes around the time the problem started occuring?

Do your BIOS and/or start-up messages show any mention of either drive?

If it's a hardware fault, you might be able to narrow down the culprit by doing the following (pay attention to Master/Slave jumper settings on the drives!):

1. Remove the DVD from the system; see if the CD drive is then at least recognized by the system. If not:

2. Remove the CD and install the DVD by itself.

3. Install each device (one at a time) on the other IDE channel.

Although I've never seen this happen so severely that the devices don't even appear in Device Manager, there is a possibly related software conflict caused by some CD/DVD burning programs (Roxio is one). Read more about it here:

For Win 2K: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q270008

For XP: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314060

In the above articles, mention is made of changes to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ branch of the Registry. Be aware that the changes may also have to be duplicated in the ControlSet001, ControlSet002, etc. branches as well.

Give us the exact model # of the D-Link card please.

Whenever I attempt to boot it up, it freezes on the Windows 98 logo, but with two "static-like" lines going through it.

Possibly an issue with your video circuitry or driver; can you boot into safe mode?

Do you really mean UNIX, or do you mean Linux? Regardless, what version did you install, and:

1. How exactly did you partition the hard drive?

2. What filesystem did you format it with?

3. Did the installation of the OS complete sucessfully, or did you get errors? If you did get errors, what were they (again- exactly)?

4. *NIX systems use different bootloader programs than Windows does; which bootloader did you install?

... i couldnt update the shredder geting the message ""Unable to retrieve CWShredder update information. the server might be unavailable" which might be because of my computer problem. ( its a version 1.59.1)

That particular error is not part of your problem; it seems to be an ongoing problem on the server's side. You can get the latest version of CWShredder (and other spyware tools) from this site:

http://www.majorgeeks.com/downloads31.html

it works on every other desktop on this computer but not mine.

Do you mean that IE is broken under your user account, but works with all other accounts on the system? If so, what happens if you create a new user account and try to use IE from there?

Try rebooting into safe mode and running Ad Aware form there.

To boot into safe mode, hit the F8 key as the computer is restarting; just at the point where Windows is first starting up (right after the text screen where all of the BIOS info scrolls by).

Could be due to a number of things, including a virus. There are good suggestions and reference links in this thread:

http://www.experts-exchange.com/Networking/Q_21010475.html

And, as always, Google has more to say:

http://www.google.com/search?hl=en&q=IPC%24+share+missing&btnG=Google+Search

... it appears on my acutal desktop not as an icon, but as an exe. file.

* What indicates an exe- the graphical icons, the shortcut filenames, or both? Give us a specific example.

* When you right-click on one of the icons and view its properties, is the target location that the shortcut points to correct?

* How exactly are you creating these shortcuts (drag-n-drop, "send to desktop as shortcut", etc.)?

* Does this happen when you try to create shortcuts to any type of file, or only certain filetypes? Again give us some examples.

* Does this only occur when you try to create shortcuts on the desktop, or does it happen with shortcuts created in other folders as well?

* Which version of windows are you using?

Drives (actually- partitions, technically) will not appear in My Computer until they are formatted with a Windows filesystem.

To format the new drive in Win 2K, open the Computer Management application in your Administrative Tools folder. Under the Storage section, choose Disk Management. In the resulting display in the right-hand window you should see both of your drives listed in the upper half of the window, and a colored, graphical representation of any/all partitions on each drive in the lower half of the window.

Right-click on the entry for the new drive in either the upper or lower half of the window (if you hooked the new drive up as the Primary Slave drive, it should be listed as Disk 1) and choose "Format" from the right-click option menu.

One possible catch- if your computer is too old, its BIOS and/or drive controller may not recognize the full 200G capacity of the new drive; if Disk Management reports the capacity of the new drive to be much less than 200G (127G or 132G, for example), this is most likely the problem. If so, a BIOS/motherboard firmware upgrade may be available to fix the limitation.

Could you describe your problem more clearly and in more detail please? The specific the information you give us, the faster we'll be able to help you solve the problem.

...I seem to have changed language some of the buttons are in greek! the folders and icons are ok the keyboard is ok just buttons e.g. when I shut down I can't read the buttons? you wouldn't have an idea how to get it right would you (win98)

Hi Dave,

You need to start your own thread for that question. If the problem is only with Internet Explorer, post the new thread in this forum; if the problem is happening with your Windows installation in general, post your thread in the Win 95/98/ME forum instead. When you do post the new thread, post/attach a screenshot (or some other image file) of what you're experiencing if possible; that way we can see exactly what corruption you're describing.

Also- after running both Ad Aware and SpyBot:

1. When you downoad the new version of HijackThis, save it in its own folder and run it from there. Don't save HJT directly to your desktop as you are doing now, and don't save it in any folder which is in a Temp/Temporary Internet directory. Creating a folder such as C:\HijackThis or C:\downloads\HijackThis will do just fine.

2. Before running HJT, close/quit all other programs you have running, especially Internet Explorer. HJT cannot fully perform its functions when your web browser is open.

In terms of hardware requirements, the first thing you need to consider is the particular distribution of Linux that you want to use, as not all distros support/are compatible with all hardware. Most "brands" of Linux have a Hardware Compatibility List available on their support sites; you should check those lists to confirm that your particular hardware components are known to be compatible with the distro you choose to install. Although third-party drivers are often available for unsupported components, as a newbie it's obviously best to go with a distro which fully supports all of your hardware "out of the box".

sgtray.exe is nothing critical, just a monitoring/reminder component of your Veritas backup software. If you have HJT "fix" the following registry entry, Windows will not attempt to load sgtray at startup:

O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

You shouldn't see the shutdown error after that, as the program won't be starting in the first place.

However, since the error does give you the "file missing" message, you could have some sort of real problem with your Veritas install. Is sgtray.exe really missing, or can you still see it in your C:\Program Files\VERITAS Software\Update Manager folder?

The HJT entries which crunchie asked you to fix (and which seem to have reappeared) indicate that you are infected with a couple of different worms. HJT alone isn't going to be able to remove them for you.

Your HJT log also indicates that you have no anti-virus program running, which means you're just asking for trouble. If you can't immediately purchase and install a good anti-virus program like Norton or McAfee, use the links that caperjack posted and get a free online scan at those sites.

Glad we could help. :)

Let us know if the problem returns (hopefully it won't!)

What bios do u have? You can try doing a search for 'beep codes' for your bios. It sounds like it's a problem with your memory/RAM. Did you just install this memory card? If so, it could be incompatible with your system. If not, your RAM could be failing, and should probably be replaced.

Agreed.

If we knew your BIOS make/version we tell you for sure, but 1 long beep is definitely indicative of a memory problem/failure in at least some BIOS makes (versions of Award and AMI BIOSes, for example). The fact that the boot screen freezes at the memory detection point and only reports 32M of RAM makes this even more likely.

I'll just close this thread for now (to keep it from getting hijacked) instead of removing it. If you want/need to continue the thread once you've had a chance to get someone to help you out, just PM me and I'll reopen it.

Good luck, let us know how things go....

I'll move this thread to Security instead of having brian88 start a new one. :)

What kind of Internet connection are using (Dial-up, cable, DSL, etc.)?

Have you checked your system for virus and spyware infections? If not, read through the threads in our Security forum for more information on how to scan for and remove such pests; they can severely alter and/or cripple your web browsing capabilities.

Moving to the Security forum now...

Try this then:

Download HJT and any other utilities you want using a non-infected computer, burn the progrms to CD, and try to install/run them on your system from the CD.

Some of the infections which involve files with random, gibberish names can be very hard to remove- they drop components of themselves in multiple locaitons on your hard drive, and unless you remove every single piece of them they'll just generate more copies of themselves every time you boot up, start Internet Explorer, etc. Given that, you really should try to get a HJT scan done somehow, as SpyBot and a cache/cookie cleaning utility alone aren't going to do the trick for you.

Hi holysmokes,

First of all- welcome to TechTalk!

We do ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:
http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

Hmm- even with Norton running, your HJT log still shows evidence of virus infections (the winupd.exe and avp-32.exe references) and other nasties. You also seem to have a few services running which are probably unnecessary on your system; having them running makes your system vulnerable to outside attacks.

If you haven't done these things yet, do them now:

1. Disable Windows' System Restore.

2. Download the most current virus definition updates for Norton AV and run a full system scan. You can also get free online virus scans here:

http://www.pandasoftware.com/activescan/
http://housecall.trendmicro.com/housecall/start_corp.asp

3. Go to the Windows Update site and download/install all of the most current critical fixes and service packs. You might also want to download and run Microsoft's Baseline Security Analyser to check your system for general security "loopholes".

4. Run HJT again and have it fix the following entries. After doing so, find and delete all of the .dll and .exe fiels mentioned in the entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\luinn.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\luinn.dll/sp.html#29126
O4 - HKLM\..\Run: [Plug And Play] msnmsg.exe
O4 - HKLM\..\Run: [AVP-SE] avp-32.exe
O4 - HKLM\..\Run: [Microsoft Update] msnmsgr.exe
O4 - HKLM\..\RunServices: [Plug And Play] msnmsg.exe
O4 - HKLM\..\RunServices: [AVP-SE] avp-32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msnmsgr.exe
O4 - HKCU\..\Run: [Plug And Play] msnmsg.exe
O4 - HKCU\..\Run: [Microsoft Update] msnmsgr.exe
O4 - HKCU\..\Run: …

I don't know if this will help, but I recently uploaded a copy of HJT to one of my FTP servers; try getting it from there:

http://www.stevewolfonline.com/Downloads/DMR/DMRCA/Malware%20Utilities/

Wisockxpfix:

http://www.spychecker.com/program/winsockxpfix.html

Also- a couple of "do it yourself" Winsock repair articles from Microsoft:

http://support.microsoft.com/default.aspx?kbid=299357

http://support.microsoft.com/default.aspx?kbid=811259

KK now what do i do?

Once you've run the new version of Ad Aware as per crunchie's directions, run HJT and the getservice utility again and post the new results of each.

How's this?

Firkin' fantastic. :mrgreen:

Your log looks much better now. :)

There are still a couple of things I have questions about (the "TEXTBR~1.0" references); I don't know if they're problematic or not, but unfortunately I don't have time to research them right now. Aside from those though, this one is the only entry I see that should be fixed:

O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Angela\Local Settings\Temp\7Yxm.dll (file missing)

If you're still experiencing any problems, let us know what they are.

crunchie's configuration directions are indeed for the older version of Ad Aware (Come on- get your act together and update that shite, Chris. ;) )

You can get the newest (SE build 1.05) version from one of the download sites given here:

http://www.majorgeeks.com/download506.html

Uninstall the older version from your computer before installing the newer.

ok beca first your right about the adware or spyware messing with your ieexplorer its something that needs an ip fix program...

Assuming that you're talking about the programs which repair a damaged TCP/IP or LSP stack- be careful about instructing people to use those programs without guidance. Misusing such programs or trying to use them in the wrong circumstance can actually make matters worse.

The problem might not be with your computer. Do you have any other machines on your network with which you can test your connectivity speeds?

In other words, the problem could be "upstream"- check with your ISP and/or cable company to see if they know of anything that might be causing slowdowns on your branch of their service.

HKLM\..\Run: [nwiz] nwiz.exe /install
looks kind of guilty...

nwiz is OK; it's part of NVidia's video package. It's an optional component (used for configuring multiple displays), but it's totally benign.

Open Event Viewer (in your Administrative Tools folder) and look through your logs for any errors relating to DNS, SSL, or Certificates. If you find such any errors, please post the full text of the messages, especially the specific error codes.

- I see that you have AOL, which uses a modified version of Internet Explorer. Does the problem happen when using AOL's browser or the stand-alone version of IE, or does it only happen with one or the other? As a related test, you could download Netscape or Firefox and see if problem occurs in those browsers as well as IE. Doing so would at least let us know if the problem is specific to IE or not.

- How are you connected to the Internet? If you're going through a hardware router/firewall or a proxy, it's possible that the problem lies there.

Hey, don't feel bad about the N00b bit at all; you actually gave us what we needed to get to the bottom of it.

I never use ad-ons like Messenger Plus or the like, so I actually had to Google around for a solution using some of the category names in the toolbars image you gave us ("make money", "casino", "music", etc.), and that's what led me to the answer.

:)

Are the toolbars gone now?

From what I could find, those exact toolbars appear to part of the ad-sponsored component of the Messenger Plus! 3 application. The sponsor component is optional, but you'll have to uninstall Messenger completely and then reinstall it and choose not to include the sponsor component when you do so.