cak46

Any idea why you would have a secure connection to an unamed microsoft server? See arin results for the https entry: IP Whois Results: Connecting to whois.arin.net... OrgName: Microsoft Corp OrgID: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US NetRange: 207.46.0.0 - 207.46.255.255 CIDR: 207.46.0.0/16 NetName: MICROSOFT-GLOBAL-NET NetHandle: NET-207-46-0-0-1 Parent: NET-207-0-0-0-0 NetType: Direct Assignment NameServer: NS1.MSFT.NET NameServer: NS5.MSFT.NET NameServer: NS2.MSFT.NET NameServer: NS3.MSFT.NET NameServer: NS4.MSFT.NET Comment: RegDate: 1997-03-31 Updated: 2004-12-09 TechHandle: ZM39-ARIN TechName: Microsoft TechPhone: +1-425-882-8080 TechEmail: [email protected] Could not resolve the hostname or ping the server or net device (timed out)??

Cholla: Yeah, the problem is that even if you view your processes (2K or above, in TaskManager, the smart ones hit as a sub-process under Explorer or some other normal system process. We have msdos, we don't need ewido....

Yes, you could but you would lose your current install of op. sys. Here is another link. Tried this one and it works. http://www.softpedia.com/progDownload/Partition-Magic-Download-2118.html Use the external mirror or your going to be downloading for a while. BTW:Symantec bought the maker of partitionmagic out so they no longer offer a direct download for this software......

If I would have realized that before....... :oops: Damn, I'm gettin' old.... You probably ended a "cootie" as you call it. In the mean time, run your scans and Ewido, from safe mode, no networking. Try to update ewido first before you boot to safe mode. Something just ain't right in texas. One question, when your machine is just idling, (your not doing anything, do you have any activity on your cablem modem or router? (Make sure the kit. machine is down to look at this). Some bugs are good at staying ahead of the anti- virus, adware, etc. They update themselves automatically, and the remote servers can push an update if the spyware, etc. is running....... Also, before you reboot, shut down internet explorer or any other browser and wait a few minutes. Now, go to a command prompt and type netstat. This utility shows what ports are open and the remote and/or local machine ip address or computer name. If your machine does have active ports, list the foreign host and port names. BTW: This is my computer talking to itself...... You sould have no ports open. It will look something like this if there are ports open

If you ended that process today, the 60 second message would come up. Now, if something was updating like anti something, or adware something when you ended that process, maybe that triggered the corruption? I have to sign off for the eve but will return tomorrow.

Not a bad idea! :haha: Maybe your computer knows something we don't about the mail from MS :haha: OK. Let's look back at this thing. You run a registry cleaner, so if there is no file associated with an entry, I would assume that it would remove it. So, If the registry entry is valid, then the driver file (or object) is then either corrupted or you do not have permission to run it (which I doubt). Next, you have reinstalled over your existing install of xp, so it most likely is not an XP file, but rather a third party file for software or hardware. You have done a number of installs and uninstalls of different software over the past coupla months and the issue reared its ugly head when you tried to install/uninstall Silent Hunter, of which you had alot of trouble. Uou also had some spyware, etc. on your machine at the time as well. Were you ever able to see your hidden devices?

And you already flashed the old trench once already?? :haha: Yeah, no sense in overwriting the existing bios. I've flashed bios on quite a few machines, haven't lost one yet.... Famous last words, next one I do, there she goes into the dumpster. Ewido malware scanner is pretty good. It picks on the files, not just the registry entires. After doing all of the other scans, did that one and it found 90 files and a fistful of registry entries. After I did that, did Spybot and found only 3 minimal adware programs. Couldn't hurt to try it. http://www.ewido.net/en/ Put the HP back on the net. No issues thus far but its back offline until I get sp2 into it and adaware update. Update for AdAware would not download for some reason, which made the ole eyebrow twitch Thats good on the avast! Might switch to it on my machine!

Just like my desktop; a mass of cat5 wire, router, and cablemodem with a smidge of telephone line mixed in.........

Thank much, Van. Did not know that! :haha: Just wait till you really get into it! :haha:

PartitionMagic would do the trick. Here is a trialware version download. I've used the real deal (6.0), not the trialware. http://www.soft32.com/download_151.html

Not really DOS anymore.... I miss the limitless expanse of empty memory from my good ole command prompt of times past.... I wonder if the XP COMMAND PROMPT gives you some of the same functionality you had with dos. Haven't looked at it a whole lot, but with Big Brother XP watching over it, not sure what you could do with it. I've been paying for McAfart, I mean, ahhhh, for quite awhile :haha: BTW: That Pavilion picked up that virus again. Must not have gotten it out after all. Saw it when it happened.... was keeping a close eye on my router.... At least it didn't kick the router offline. I think the Agent.214 is back.... Try searching your registry for LSA and see what you can find... don't delete anything, just kinda look around and if there aren't too many entries, see if you can list the file names.....

Not sure whether this is relevant, but at the top of the screen print in the blue bar its showing as "Manual Tweak Screen (windows 2000)"...

Sounds good. AVG hasn't given me much problem on my machine, but it would not install on the machine I'm working on. Too bad it gave you a hrd time, but at least you got a new 'puter out of the deal I must sign off for the eve or I'll look like in the morning! :wave: Back again! Finally decided to risk it and bring that pavilion on line. No problems thus far, but still coming up with rbot.axo.... My problem... How did the Avast Go, 69 RAT?

Could see if they have a trial of their AV. I think this is it, but not sure. They do have a demo. http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm. Still got the Rbot.axo worm. Can't get rid of it. One lousy file and 3 registry entries that just keep coming back. Forgot the name of the file so I'm running trend again Used to get that mag a long time ago. Just don't have time to read much anymore. Just saw your post. Ouch! I can't say much though, at work right now I have right around 1800 in my inbox Moscow... Didn't know that. (not sure what this icon is doing, but I am distracted by bright and shiny objects on occasion... :haha:) Hmmmm.... Check your sent folder to see how many emails went out.... could be it sent twice. AVG (Grisoft) is in the Czech Republic.............. Edit: Spelling.............

It's a 60 day trial download (full version though). Had to do that with this machine I'm working on. If I connected to the net, it would have knocked my router offline again. (Took all of 30 seconds for my firewall router to hiccup and shut itself off when I first attached the machine) Doing trendmicro for the 5th time on this profile, clean so far. Last scan I'll do on it is the Avast. It came up clean the last time. Hell of it is this machine has four user profiles so when I'm done with this one, to be sure, I need to go in and scan each of the other profiles. Don't want to leave anything to chance.

Cool. Better safe.... Can you remind me what anti-virus you are running?

Looks like their mail system didn't like the size of the email and spit it back....... Did you download the trendmicro sysclean or use their AV a while back? Edit: For AV, Avast seems to be helping me greatly with the machine I'm cleaning. Right now, all scans are negative......... keepin' my fingers crossed.......

Cholla: Yeah, The majority are usually invited knowingly or unknowingly, but then some you get just because you are on a network with another machine that has a virus. Sasser is good for this, I think mydoom as well. RPC viruses come in thru an old exploit thats been fixed now but I'm sure there are others out there. Even others exploit your IE and other parts of the os and drop themselves onto your system... . Computer to computer. How nice, eh? Open ports to the internet are bad if they are unprotected ( firewall, router combo). Dial up isn't so bad, but you can pick some up if you pick the part of the web you surf badly or go to a site that is virused up.. RedRum....RedRum.... Actually, I figured out the folder thing first and that gave me the idea for the other 69Rat: If you are running another anti-virus system, you may have issues installing a new one while the old is running.

This is kind of inane but I just figured out redlof is folder spelled backwards.......

Just do a search for *.tcf on all folder and drives then delete them then empty the recycle bin.

Yeah, some could be leftovers from other scans. With TrojanHunter, it renames the files it finds, but does not delete them. Found that out the hard way) It puts a .tcf, I believe, on the end of the full file name.

The virus will only run when executed, for example with the redlof virus, it executes when you open a virused up email. It then does it's dirty work. The virus is a new. If you look up redlof, there are a bunch of different variants which are vb scripts usually attached to emails. With viruses that write themselves to legitimate program files, it's just an old way of writing a virus. Some of the first viruses were ones that attached themselves to legitimate files. Harder to find. I don't understand why redlof would have been there in the first place, unless it's a variant that has not been well publicized on the web or is new. Still, may have been just a false positive too. A program, no matter if a VB script, .exe, .com, etc. can only execute if someone or another program calls for it. In the case of vb, it's called by your email program (Outlook Express, etc.) when you open the email unless scripting has been turned off. You are right, once executed the virus will do what it was designed to do from formatting your hard drive to just putting up a funky screen like the old Stoned virus. Never saw Stoned in action, but I did see michaelangelo. Does this help or just muddy the water?

Cholla: I don't know why redlof was found in that file. Many infections are caused by the addition of code to an existing .exe, not replacement. (This is the old style of virus). From what I can gather, this one targets web related files like .vbs, .htm, etc.. May have been a false positive as well. Will just pull a copy of the exe from the zip again. Here are a few examples of a file becoming "virused up". This is why you have a clean option in your anti-virus. http://web.zdnet.de/itsupport/virencenter/dict/cat/cat2_0-wc.html

Getting wordy here. Will stop before I run out of ink :haha: I have a tendancy to do that myself, Might shut us off for using too much bandwidth :haha: Did the clone overwrite the other drive, or add to it. I guess I don't understand How you got duplicates of everything....The trendmicro I ran on the bad machine got infected with redlof at some point while I was scanning, etc. over the past three days. No idea how that happened but Avast deleted it for me. (Should have selected clean, oh well.....) I've never run spyware blaster. May give it a test drive! Bios.... Why not? Also, check to see if there is an update for the chipset for your motherboard while you are there. Mine is VIA and there was a separate file for the motherboard devices (Software that installs into Windows to drive the mobo devices). Maybe one of these is corrupt? Honestly, I do not even know if they create update drivers for the chipsets any more. What mobo are you running?.

I agree. Of course, if something goes wrong during the new setup, MS doesn't want responsibility for it. Get the instructions to change the boot.ini and any other settings back to your original installation from him prior to doing the install so you can at least get your old install going if things go south with the new one. One would think they would have some type of program which would scan the hardware then scan the drivers installed and see which one is messed up. As I mentioned before, the registry settings cannot be transferred and even if they were, you would be right back in the same boat referencing something that either isn't there or is corrupt. Have you tried updating the hardware drivers for each device yet? You could also reinstall each software package one by one..... When you did the final cloning, did you just copy the folders from one drive to another or did you use a utility like Ghost of PartitionMagic?