Posts by gerbil

nah, you're cool. see the SIS pci to enhanced host controller line? that means you've got USB 2.0
But what the message is telling you is that you do not have a hi-speed hub. There is a difference. Have a look if it's a separate hub - it probably has full-speed printed on it. SIS 651 is the chipset, you don't say who made the mobo, but I'd be really surprised if the hub wasn't built into the mobo, in which case it would be usb 2.0, or hi-speed.

short answer is yes. boot.ini is just a text-editable file in the C: root directory.. to see it you must untick "hide protected operating system files" in folder options > view. This is mine [windows is in C drive] -

[boot loader]
timeout=20
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

To edit it without the CD you would have to either put your HD in another puter as a slave drive, and just go in and edit it,
or if you have a multipartition setup on that drive then use your OEM discs to load another windows opsys in a spare or otherwise partition in which it would not matter if you lost ALL the data. [AS LONG AS YOUR INSTALL DISCS ALLOW YOU TO INSTALL XP TO ANY PARTITION OTHER THAN C: !!] Then as before you would just edit the bad boot.ini, and reboot, and delete the extra opsys.
There is no other way without a genuine windows XP CD.

hey, thanks for that, colin mac.. i knew they would rebadge Ewido, just had not been back to the site to check cos my Ewido [from AVG] still receives updates. But if as you say AVG antispyware 7.5 has a better scanner [ the actual scanner, or just the GUI changes?] then i should change over...

Your SS should kick in regardless of apps. It is only an instance of user input that will reset the clock. So even a continuing data stream dl which is updating the display will not prevent the SS from starting. Media player ditto - it can be playing an album but if u do nothing your SS will start. Okay, it should.

well, yeah. password them out. Don't give them Administrator privileges and they are locked out of msconfig. Heck, unless they are doing system work they should all be logging on as users. Even you, unless you need to modify sys stuff.

Antispyware popup? Annoying, but Adaware SE will kill it. Go here and dl it, get the latest updates, and scan and remove bugs. Don't worry about clearing your MRU list...
www.lavasoft.de/software/adaware/
-there are plenty of other sites that have it.. google if you wish. It's free for personal use.
And that may cure your desktop problem. Tell us how you get on...

hmmm. that one is a very short script that tells BIOS where to find the windows bootloader and the windows system files. It also lists all operating systems on your machine - most folks only have the one - so that at boot you are presented witha list of OS's to chooose from. It's on your HDD. Yours is probably corrupted... Typically one looks like this:-

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

To write a new one to your HDD you will need the Microsoft XP install CD so that you can boot into a cmd prompt window.And this explains how to do it very clearly:-
http://www.computerhope.com/issues/ch000648.htm

Of course, you could just run Repair from the XP install CD. [Repair, not recovery console..]
NOTE... the partition (1) means the first partition on your HDD. If your windows is loaded into C:, and that is the first or only partition you have, then (1) is correct.

The System process is a file which stores information related to local hardware settings in the registry under HKEY_LOCAL_MACHINE.
I have no idea why yours is taking so much CPU time... but leave it be.
Btw, next time you run a HT scan [yours is clean] you could fix this one:-
O4 - HKLM\..\Run: KernelFaultCheck]%systemroot%\system32\dumprep 0 -k
- you had a crash some time ago; this is just the dump of it.
Of course, some trojans name themselves as common processes to hide in plain view.
You could try this scan- download RootKitRevealer from http://www.sysinternals.com/Utilities/RootkitRevealer.html [the link is at the bottom of their page] and place in a new folder. Read that webpage. Close all open windows, shut all applications, and then open a Windows explorer and Run RootKit Revealer from its folder...[dclick the .exe file]. Do not touch anything, even mouse, until it completes its scan.
Another free online that is excellent is Pandactivescan. Follow the leads from this webpage:-
http://www.pandasoftware.com/products/activescan?

HT often reports those two files missing. And if they were you would still be able to run the puter. Wgalogon is the genuine advantage notifier, the other is messenger related.

Yeah, i can see you could well be having problems....
Is there any reason that you are not running SP2? it's a big download, but it is ALL about

security...
More on security, download the latest update for SUN Java - it is to fix security holes

also. From control panel >java, and click the update tab.
You're making it tough for youself being this wide open. Okay, enough scolding.. :) .. on

with the cleanup.

Not a bad collection, but nothing to boast about, really....:)

I put all my cleaners, scanners etc in the same partition as my program

files... if u only have a C: drive then open a new folder for this

stuff.. however, HT deserves a folder unto itself. Please do not run it

from the temp folder as you have done - it may miss a lot of stuff. A

point, if you don't do these all these steps some things may not get

fixed...

You may wish to save this to Notepad for the time being.

-I would like you to download CCleaner from

http://www.majorgeeks.com/download4191.html and put it in a new

folder.
-Go here and get Ewido 4 [free].:-

http://free.grisoft.com/doc/2/lng/us/tpl/v5
Install it alongside your other regular applications in Program Files,

because you should keep it for scanning once a week or so - put an icon

on your …

Please let me know how you get on....

Mark.. did you get this sorted out? There is absolutely nothing wrong with the HT log as far as i can tell, so you have met a very good hacker. Norton detected him, deleted some of his stuff but he already laid down some other undetectable files obviously. you are lucky in that the things he did while you were watching are fairly benign...
eg... the iexplore http://ashkel..... i could not load from opera [obviously not compatible..], and IE is too full of holes for me to wish to try with it...
He opened a cmd window and did nothing with it?
The first URL is a spanish blog site, and harmless...
Frankly, half the world's hackers are from Spain or Russia.... I think you met one who is just showing off. However.... he got in, he stayed in even after Norton found him... smells of a rootkit to hide his gear. For the fun of it, go get RKR, a free scanner, from here [the author's site]:-
www.sysinternals.com [browse the site, they have some good free stuff, and they do work contracts for M$, so they aren't tired hacks exactly..].
It's only a REVEALER - it's up to you to google what it reports and then find fixes, or post a log here and we'll see what we can sort out.... No, please post it here... i wanna see what got into your puter.
Also go get this one, …

btw, limewire. Yep, it's peer to peer, and you never quite know your peers, do you? But if it's music you are downloading, the more copies available then prob the safer it is [no-one is going to keep a bad bit of code, are they, once they try to play it..?] and further, limewire has a preview function.... so once say 15% of your track is in, give it a test run by previewing it... if you hear a snatch of music, chances are it's okay.
Shared software? Give the file a GOOD Av scanning b4 you open it....
Never open anything with a double file extension like funnycloud.jpg.exe. It doesn't have to be .exe - there are lots of other executable script codings out there.

oh, lord, i do apologise for not putting in the ewido link. it is still available, it's free if you wish; it was bought out by Grisoft. So you get it here:-
==== Get ewido and AVG free both via this link..

http://free.grisoft.com/doc/2/lng/us/tpl/v5

red.clientapps has a dubious reputation because of its advertising policies. Other cleaners suggest removing it, so unless you really wish to keep it, fix it in another HT passs.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

These two.. well, it's an online scan and if you intend to use it again you will have to dl the .exe files again cos they are missing, so fix these two also.

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Grab, Ewido. it is a good scan, it just needs manual updating, say once per week, just b4 you run a scan. Put an icon on your desktop and run it from there. Scan frequency depends on your surfing risks, i guess...
Do those things and you will be so clean your pc will squeak. Or maybe that will be the heads biting the disc surface.... :)

that's fine, robync... it would be a problem exterior to your pc most of the time anyway. Another interesting one to try, same method, same command line syntax as above is tracert [trace route]. With that one you can see where your ping travels on its way to the site. eg:-
tracert 144.140.78.199
-you close cmd window to stop it, or ctrl-C to stay in cmd window. give it a try for fun.

george..this is a first step. Download this freeware to a floppy - it does not require installation to run, and if you dl it DIRECTLY to the floppy there will be minimal writing to the HDD, if any. Use it to search for your pictures. What file system is on your HDD? FAT, or NTFS?

http://www.snapfiles.com/get/restoration.html

Download it to a floppy, unzip it to the same floppy, and run it from there. If it does not find them there is a better one available, but is much bigger and rewuires installation. It would be sweet to avoid that.
Tell me how you get on....

george, did u do as i suggested? search for a picture file that you remember the name of.. or at least part of... search for My Pictures... and meanwhile do not write any files to puter cos you could overwrite your pictures...

Sigh.. some sites block pings - they see them as a waste of server time... of course MS is one of them... I tried a ping and got the same result as you, but then i put the IP in an IE address bar and it opened [dbweb with aust sports and clubs list].
Is this the URL you use? An IP..? http://144.140.78.199/Public/default.asp?assn=0
Or is there another plainlanguage URL? Because I cannot find the hostname...
I shall have to ponder this one...

sorry, somehow i missed the thread. Okay, please run HT again in safe mode and check these for removal [you have the trojan-downloader.win32.Small.bwy].
And then restart in normal mode and post a new log. I promise to reply more swiftly next time... Here are the ones to fix:-

O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/36c5...38dfe0d_35.exe

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab

O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

...and these windows were of what, exactly? explorer windows? or internet explorer windows [why do i loathe this terminology..?] If they were explorer windows, were they of your My Pictures files? If you open My Computer > My Documents, do you see the folder My Pictures there? I assume you have checked the recycle bin... have you done a search for any of your picture files?
And one final question, why do you run with Sys Restore turned off? It does not take up that much space on your HDD, and you can readily clear old restore point files.

i haven't got a clue. yet. try a ping: go start >all programs > accessories > command prompt.
type:- ping hostname, and press Enter -where hostname is the name of one of those sites [don't include the protocol]
eg ping www.coldcustard.com [see? no http stuff] [and i hope that eg aint a baaad site..i made it up].
type exit to quit.
Anyway, read what it returns. It's pretty self-explanatory. You can do this from the RUN box too, but the screen will not hang around once it's completed its task, so you have to speed read.

a dead horse to beat! cannot pass up that chance. if windows is so busted on the HDD that it can't be recognised, then you will not get the repair option. eg. if boot.ini points to wrong/invalid partition, that sort of thing.... wrong number of partitions in bootloader code... no repair option.

Twoyorkie... are you sorted now? i got a bit confused by the threads in here.... glad to have been of help, anyway.

Samashahdi.... HKLM is hivekey local machine... u gotta open up those folders.... now i also meant for you to open current version [by clicking on it] , and not to merely expand it by clicking the plusbox. Sorry though, in my original post i put a space in the dataword registeredowner. Try searching for that... and BE CAREFUL IN THERE!!!

samashadi,
u gotta open up those listings.... [HKLM is hivekey local machine..] and i meant you to open the folder "current version" by clicking on the key, not to expand it....but more simply, when in the registry, highlight my computer , then just go up to edit tab > find, type registeredowner, and let it search. [sorry, i put a space in that word in my earlier post...] AND BE CAREFUL IN THERE!!! it is the heart of your puter. well, a fair bit of it....
Twoyorkie... are you sorted now? I got a bit confused by the threads running....

Tricky. ..
If you cannot do a Repair cos you do not have the Windows genuine XP install cd, then... let's yell HELP!! together..?

Time to get some free stuff.... but first, why not copy this into notepad?

I would like you to download CCleaner from http://www.majorgeeks.com/download4191.html and put it in a new folder.
Next go get Ewido 4.0 [free], install it alongside your other regular applications in Program Files, because you should keep it for scanning once a week or so - put an icon on your desktop.

So, Ewido:- start it; the main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Click on update tab and then Update Now. When it finishes click on scanner tab and then Settings:- How to act- click on recommended action and set Quarantine. For reports, set to generate after every scan and untick only if threats found. Finally down on the tray right click the Ewido icon and untick Start with windows, an then Exit it. Don't scan yet.

Ok, you're done with the net. Shut it down. Disconnect..... whatever...

Rclick your recycle bin and run CCleaner. [or go to its folder and dclick ccleaner.exe] You will lose a lot of handy stuff like histories etc... but there is a job to do...

Go into safe mode [Restart, key F8 immed after POST runs and select Safe Mode and Enter.... You'll get a dark desktop with icons etc...]

Start Ewido, do the full system scan. Click "Apply all actions" to place any infected files into Quarantine, and only then click on …

Great. Adaware detects Antispyware... Spybot S&D too. Only a couple of things to clean now;

In Safe mode, do a search for this file and delete it if you find it [you must allow to see hidden files and folders in explorer]:- %windir%\system32\searchbr.dll

Run HT again, still in Safe mode, and tick these two for removal:-
O2 - BHO: ASGP32.ASGP - {D8C60617-F121-4F41-984D-E841C057E55D} - C:\WINDOWS\system32\asgp32.dll

O8 - Extra context menu item: SirSearch - file://C:\Program Files\PWRSMND1\Cache\SelectedContextSearch.htm

Boot to normal windows and do another HT log, and post it again.
[[Btw, i suppose dell and comcast put those R browser entries in your machine. If you do not use them it is safe to remove them with HT..]]

oh dear. I think that you have a problem with the HDD - possibly some of the Windows files are corrupt, not the boot sector or master boot record but some system files like sys.ini or win.ini, or the drivers and other files they in turn try to load. Whether you try to find the culprit using msconfig, or just do a repair, you will need the XP install CD. I'd jump straight in to the Repair option - you keep your apps and data that way. [Don't use Recovery Console]. So boot from the CD, enter windows setup, accept the license, point to the installation to repair, and press R.
I do not think there is any alternative for you. Whatever you find/do, please post your solution... I learn this way too. Best of luck.

pquiroz... internet explorer? okay, go tools/internet options/content > autocomplete > clear forms > okay.
Okay? your browser stores the google history....

RAM. Swap out your RAM sticks. But first, you could change your BIOS settings so that it does the extended POST check [enable extended checking], and pause the POST when it finishes the RAM check - see how much you have that is ok, or if there are errors.

meant to include this:- if you can get hold of a Xp Install CD, boot from it and get the command console open, and at the cmd prompt type
bootcfg /rebuild
-and then type exit

i'm going to assume that you have XP. Okay, without the XP CD you have to replace hal.dll by file copying. Now, for sure there is a good copy of hal in the driver cache of windows on your puter [it's stored there, and unused in that location - it's a store only, right?]. It's in C:\WINDOWS\driver cache\i386\sp2.cab - which is a zipped folder. You must unzip, copy and paste it to C:\WINDOWS\system32\ - overwrite the original [which appears to be busted].
How to do this? Well, if u can get your hands on another puter, pull out your HDD and slave it in the other puter - just do a file copy as with any other file. Replace your HDD in your puter as master, restart. If it complains about drivers missing or corrupted just let it autodetect them.

If you have trouble with this solution eg, getting another puter, come back n say.

Another source, and the most likely, of the error would be a corrupted boot.ini file, meaning hal is probably there and ok but windows boot loader just cannot find it. But to repair your boot.ini file [edit it by hand or just let Windows Repair rebuild it [and then you would immediately exit], you would need an XP install CD to boot from. Sigh... If you can borrow one you must only use it to get your puter to boot so that you can go into command console. Do not go the …

ok, reboot, into BIOS using delete key, and set windows to NOT restart after errors. Then copy the error codes and info and post it here....

Btw, is the popup Antispyware?

Gosh, sorry for the delay. Please go here:-
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5
and download Adaware SE Personal. Install it in your program folder, start it - it will immediatley suggest downloading the latest protection files. Do that and follow the screens thru to install them, then select Scan, press the button for a full system scan, untick search for negligable entries, and go Next. When the scan completes, first copy the scan log file to notepad for posting here, then check all the critical objects and remove them. Finally run another HT and post that also.
Good luck.

please, just google "XP install". There are any number of walkthrus posted. And as you do the clean installation you will be given the option to format partitions [your drive] as you go.

i really am thinking that you must get your hands on an XP install disc - borrow one... because when windows boots it loads in the selected drivers for your keyboard and mouse as set by registry entries. If you could uninstall those drivers via the computer management screen windows would load the default drivers [which handle any keyboard basic operations]. But of course you cannot do that, so you need to load them from the XP disc via the Repair option. ie Boot from the CD [which you can do, naturally]. Am i correct in understanding tht your keyboard is frozen in the Windows Advanced Options Menu? If so, then booting from an XP CD is your only option.
Well, there is another one... buy or borrow any HDD, slap it in as master, set your original HDD to slave, use your install disc to put XP on the new disc, and then go in and fix drivers loaded in your slave. Somehow. Your chance to experiment.

uU.... if i helped you on that i would get banned from here. You have to logon to the Netgear server from any one of the lan'd pc's, but it would be password protected for sure. I'm sorry. Check with your techie. Or the boss.

i do not know your BIOS, cos you do not say what it is.... a tosh lappie, sure, but... Start up, hit Delete, enter BIOS, advanced cmos settings perhaps and check the mouse and keyboard settings there. dunno anything else you can try. In BIOS itself only a few keys are used, when Windows loads it loads the drivers you may have selected, or the defaults. Those drivers it is loading aint working for you. Maybe it isn't loading any!?

You are blocked. Period. The Netgear server running on your gateway, router, whatever has been programmed to block email sites obviously. It isn't even going to forward your connection requests onto the net. Your boss requested it; only he can have it altered. And if u reprogrammed the server yourself they would know about it.

curtis, that is a good question. To my knowledge it is not possible to reassign the F1 - F12 keys because they are OS assigned, plus some applications set their own assignments for them when they are running. So either the OS has control of them, or the program may control them when one is running. But depending upon the particular keyboard you have the F keys will have auxiliary commands assigned, probably by default [you would access the Fn keys by toggling a F-lock key]. And i know those functions are assignable - you can set them to run apps, or open files. You need someone like Comatose [a poster in here] to write you little batch or script files that the windows scripting host can run to directly insert your texts into whatever you are writing. Best of luck.

coldmail, firstly would you please go here and run the Active Scan- free online [accept the activeX control], after deleting your cookies :-
http://www.pandasoftware.com/products/activescan?
Save the scan, and post it as an attachment.
Secondly, go here and get this pgm, winpfind:-
http://www.bleepingcomputer.com/files/winpfind.php
Just follow the instructions on the webpage, and attach the notepad file to a post here. [it could be long.. :(...]

coldmail, would you please go here and get this pgm, winpfind:-
http://www.bleepingcomputer.com/files/winpfind.php
Just follow the instructions on the webpage, and attach the notepad file to a post here. [it could be long.. :(...]

hmmm. i thought sys restore flashed up a "wait" sign. But heck, why believe them? Basically a system restore is reloading the registry and other files from the HDD- it's a bit critical; u interrupted it, and you ended up with a broken registry. Okay, we can fix that. You need a way to get to system restore before windows starts, or tries to. Press F8 at startup [repeatedly if u do not know when.... actually just after POST runs is the proper time] to enter the Advanced Menu. Either go down the list to Last Known Good Configuration and follow that through, or enter Safe Mode when you will be given the chance to do a System Restore by pressing the No box [ you get to choose the restore date here].
See how you go.

gee, a dearth of information there. So what is it? If u rclick it and check properties, wot d/u see? Who does it link to? There are masses of those icons out there.... and they are not all the same trojan, if that is what it is.

something else.... in another startup attempt instead of answering No you could answer Yes to the question in Point 1 from my previous post [ie in Safe mode, press Yes when asked about sys retore], and note the last file windows loads before it freezes. Report it here.

hi, coldmail, i have not ignored you, but am trying to find the culprit.... it does look like there is an unscavenged file in there somewhere....

ummm... this might sound very unhelpful, rude even, but if you do not know that then please do not try the registry part of my suggestion. You could totally, and very easily, blast your computer back to the reinstall Windows non-option, with perhaps a total loss of files if you only have a C: drive configured on your HDD.
So anyway, how did you get on without that bit? Post a new log.

Okay. You may have a RAM problem, so u could try exchanging RAM cards if u have only one, or

swap them out if you have two.
But first i would try working through these options..:-
1. Press F8 at startup [repeatedly if u do not know when..] to enter the Advanced Menu. Either go

down the list to Last Known Good Configuration and follow that through, or enter Safe Mode when

you will be given the chance to do a System Restore by pressing the No box [ you get to choose

the restore date here].
2. The other option is to change the primary boot device to CD and attempt an XP Repair. At

powerup u may have the option of pressing F11 to enter the Boot menu directly, so enabling you

to directly change the Windows boot device to CD, or alternatively press Delete to enter Setup - u

want the Advanced Bios Setup group [2nd?], and Boot order [change first boot device to CD];

and with the XP CD in the drive [you may have to restart the pc with the XP CD already in the

drive] let the system run on into the windows install/repair option screen. . Repair it.

okay. now when you get the blank welcome screen, ie, no user accounts, what happens if u go ctrl-alt-del twice? do u get the little login screen that allows you to enter a user name and password? cos if u do, and you can remember that stuff...