rikkkki Posted July 13, 2005 Author CID Share Posted July 13, 2005 Yes I saw hidden stuff and I think I posted some of them, but I don't remember what. Wait I think it had something to do with my network connections, remember that( Via vs Nvidia) that's all I remember at this time. I just ran Ewido and came up with one reg cooty. Atomica was all I got out of it and I cleaned it. I'm getting "Anti" poor. Everything you said is true(above post) but lets not forget the "stupid" I did when I tried to end process on lsass on the day that the error popped up.That still puzzles me a great deal. The 60 sec doom only happened once which still makes no sense at all. Will look at mail now EDIT Nothing in the MS mail, just wants me to update them on my :"progress" :roll: Quote Link to comment Share on other sites More sharing options...
cak46 Posted July 13, 2005 CID Share Posted July 13, 2005 If you ended that process today, the 60 second message would come up. Now, if something was updating like anti something, or adware something when you ended that process, maybe that triggered the corruption? I have to sign off for the eve but will return tomorrow. Quote Link to comment Share on other sites More sharing options...
rikkkki Posted July 13, 2005 Author CID Share Posted July 13, 2005 If you ended that process today, the 60 second message would come up. Quote Link to comment Share on other sites More sharing options...
cak46 Posted July 13, 2005 CID Share Posted July 13, 2005 No, cause I tried that later and it did not end or give me the doom, it just came up and said "important for windows to run, etc" EDIT Sorry you had to go but it's late for sure. I just got a flash, my AdWatch MIGHT have been running and it is one thing I have not U/Installed, cause it is a pain in the butt to do so,,,,,,,,,, still,,,,,,,,,,,it's a thought. I just ran AdWatch and AdAaware and on both ditties I got 3 different warnings that McAfart was trying to alter and or connect to the internet, which doesn't make too much sense since McAfart is supposed to be GONE I will run a search right now and check that out, Nighty Nite If I would have realized that before....... :oops: Damn, I'm gettin' old.... You probably ended a "cootie" as you call it. In the mean time, run your scans and Ewido, from safe mode, no networking. Try to update ewido first before you boot to safe mode. Something just ain't right in texas. One question, when your machine is just idling, (your not doing anything, do you have any activity on your cablem modem or router? (Make sure the kit. machine is down to look at this). Some bugs are good at staying ahead of the anti- virus, adware, etc. They update themselves automatically, and the remote servers can push an update if the spyware, etc. is running....... Also, before you reboot, shut down internet explorer or any other browser and wait a few minutes. Now, go to a command prompt and type netstat. This utility shows what ports are open and the remote and/or local machine ip address or computer name. If your machine does have active ports, list the foreign host and port names. BTW: This is my computer talking to itself...... You sould have no ports open. It will look something like this if there are ports open Quote Link to comment Share on other sites More sharing options...
cholla Posted July 13, 2005 CID Share Posted July 13, 2005 cak46 I checked out the Ewido link unfortunatly its for 2K up.I'm not having a spyware problem that I know of but it might have found something adaware & spybot haven't. Quote Link to comment Share on other sites More sharing options...
cak46 Posted July 13, 2005 CID Share Posted July 13, 2005 Cholla: Yeah, the problem is that even if you view your processes (2K or above, in TaskManager, the smart ones hit as a sub-process under Explorer or some other normal system process. We have msdos, we don't need ewido.... Quote Link to comment Share on other sites More sharing options...
rikkkki Posted July 14, 2005 Author CID Share Posted July 14, 2005 Hi guys. cak46. I will try what you said. Avast! so far has been updating defs everyday :D They seem to be on top of it, for sure. Also I will post my netstat now for the running part and then post the "non-running" part later. I also have to write to MS and skate on that deal for the time being,,, :roll: Quote Link to comment Share on other sites More sharing options...
cak46 Posted July 14, 2005 CID Share Posted July 14, 2005 Any idea why you would have a secure connection to an unamed microsoft server? See arin results for the https entry: IP Whois Results: Connecting to whois.arin.net... OrgName: Microsoft Corp OrgID: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US NetRange: 207.46.0.0 - 207.46.255.255 CIDR: 207.46.0.0/16 NetName: MICROSOFT-GLOBAL-NET NetHandle: NET-207-46-0-0-1 Parent: NET-207-0-0-0-0 NetType: Direct Assignment NameServer: NS1.MSFT.NET NameServer: NS5.MSFT.NET NameServer: NS2.MSFT.NET NameServer: NS3.MSFT.NET NameServer: NS4.MSFT.NET Comment: RegDate: 1997-03-31 Updated: 2004-12-09 TechHandle: ZM39-ARIN TechName: Microsoft TechPhone: +1-425-882-8080 TechEmail: noc@microsoft.com Could not resolve the hostname or ping the server or net device (timed out)?? Quote Link to comment Share on other sites More sharing options...
rikkkki Posted July 14, 2005 Author CID Share Posted July 14, 2005 No. And I just ran same netstat after being off my browser and mail. One entry remained and it is the same 207,,,,, address as above listing. I don't get it at all. Could it be an MS cootie I also ran PC rescue and had a hell of a time getting rid of the last two McAfart reg entries. Both start-up items. AdWatch popped up with both of them, too. Seems to be gone now, though. Quote Link to comment Share on other sites More sharing options...
php Posted July 14, 2005 CID Share Posted July 14, 2005 maybe automatic updates? Quote Link to comment Share on other sites More sharing options...
rikkkki Posted July 14, 2005 Author CID Share Posted July 14, 2005 maybe automatic updates? Hey php I just checked my update status and I had the middle choice "notify me before installing update" so I just now turned it off. I'll check later and see if that made a diff. Quote Link to comment Share on other sites More sharing options...
rikkkki Posted July 14, 2005 Author CID Share Posted July 14, 2005 Any idea why you would have a secure connection to an unamed microsoft server? Quote Link to comment Share on other sites More sharing options...
rikkkki Posted July 14, 2005 Author CID Share Posted July 14, 2005 I have pinged the ip from two different places( TUT and command prompt) and all attempts timed out. And unfortunatley I cannot block it with the ZoneAlarm freebie that I have, if that would make any difference in the first place. Quote Link to comment Share on other sites More sharing options...
cak46 Posted July 14, 2005 CID Share Posted July 14, 2005 Yeah, I think php is right. With the mcafee, good that they are gone! Been working on that hp for a while. Keeps coming up with a trojan-dropper, but ewido intercepts it. Still getting the error on boot after getting rid of the mcafee on-boot loads? PHP is probably right, especially since update was active on your machine. (Good Catch, PHP!) Quote Link to comment Share on other sites More sharing options...
rikkkki Posted July 14, 2005 Author CID Share Posted July 14, 2005 Yeah, I think php is right. Quote Link to comment Share on other sites More sharing options...
php Posted July 14, 2005 CID Share Posted July 14, 2005 Yeah, I think php is right. With the mcafee, good that they are gone! Been working on that hp for a while. Keeps coming up with a trojan-dropper, but ewido intercepts it. Still getting the error on boot after getting rid of the mcafee on-boot loads? PHP is probably right, especially since update was active on your machine. (Good Catch, PHP!) Thanks.. I thought of it because the machine I'm working on has a nasty virus that blocks explorer.exe, iexplore.exe, and Automatic Updates from running (maybe more that I haven't found yet) Quote Link to comment Share on other sites More sharing options...
rikkkki Posted July 14, 2005 Author CID Share Posted July 14, 2005 OH BOY. I thought we may have had something there for a minute Quote Link to comment Share on other sites More sharing options...
cak46 Posted July 14, 2005 CID Share Posted July 14, 2005 I will reboot now and see what happens. BTW, TUT does not have anything good to say about any auto-updates. says that they can cause problems down the road,,,,,,,I will make sure one more time that Mcafart is gone and then re-boot. BTW I'm sure it was running when the error came up as I have always had it operational. Do a search for the two files being referenced. If they are there, then it might not be them... If they aren't, it is possible the keys are the issue. Disable system restore and try killbox to remove the files. (You can disable adwatch temporarily while you edit the reg., I believe) http://www.scancomplete.com/download/killbox/ I must bid you adeiu for the night. 5:00 am eastern comes pretty quick. If you could, run another bootlog.txt (Hit F8 then select boot logging and then post it. Also note if it drops you into safe mode or regular boot. Might want to consider manually removing entries for dlls, exes that don't load when the system boots. This depends on whether you go into safemode or not, and I can't remember. That samsung cd driver comes to mind. Do you remember if that was the manufacturer of your prior cd-rom? Catchya in the afternoon......(your time) Your machine is makin' me :haha: Quote Link to comment Share on other sites More sharing options...
rikkkki Posted July 14, 2005 Author CID Share Posted July 14, 2005 Do a search for the two files being referenced. Quote Link to comment Share on other sites More sharing options...
cak46 Posted July 14, 2005 CID Share Posted July 14, 2005 Had to post again. My post number was at 666, not a good number to leave it on. Good evening! Quote Link to comment Share on other sites More sharing options...
rikkkki Posted July 14, 2005 Author CID Share Posted July 14, 2005 Well, this is NOT good news. I can't run bootlog :? It takes me straight to Windows and the desktop The first time it took me to the DT so I clicked on my wheel button to bring up the window for shutdown/restart/sleep, etc, like I always do and all of a sudden the error went away and it re-booted So I did it again, selected "enable bootlogging", and hit enter and it took me to the DT again What the hey. I don't figure this at all, I mean, it's a boot thing, it's not supposed to be in windows,,,, BTW McAfart is gone so no need to run the Kill thing, but this other problem has ME :icon_shaking: BTWX2 My DVD Rom(old unit) and my combo drive(new unit) are both LiteOn brands. The DVD Rom drive is JVC LiteOn (mfg) and I'm assuming that the combo is too. But if I had to find out for sure, I would have to take it out of the machine to take a peek. Any ideas :? Quote Link to comment Share on other sites More sharing options...
cak46 Posted July 14, 2005 CID Share Posted July 14, 2005 If you selected bootlogging after hitting F8, then there should be a new log entry in the bootlog.txt for that boot. Try this to increase the amount of info put into your event logs and possibly the bootlog.txt file: Obtained from: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/RegistryTips/Eventlog/W2KXP.NETenableverboseeventmessages.html Use reistry editor and change/add this DWORD value: go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem See if this DWORD already exists and if not, add it by right mouse clicking on the system(folder shaped in left window) then select New DWORD then name it VerboseStatus Next, double click on the new verbosestatus entry and set it to 1 If it already existed, change the value to 1 Now, go ahead and check for this under the same key (system): An additional value called "DisableStatusMessages" forces status messages to be disabled, make sure this value does not exist or is set to "0". (DisableStatusMessages REG_DWORD 0x00000000 (0)) More instructions: http://www.techspot.com/vb/topic12413.html If you are uncomfortable with registry editing, use the alternate way in the first link to turn on verbose logging. Alway remember, backup the registry prior to editing it! Edit: For various reasons........ Quote Link to comment Share on other sites More sharing options...
rikkkki Posted July 15, 2005 Author CID Share Posted July 15, 2005 Hey cak46. Before I do the reg thing I just want to show you my mail I sent to MS(on the bottom) and their reply(on the top) that I got at 6:00 AM this morning. I read it and replied with something like "how bout my boot.ini. Will that stay intact?" (paraphrase) BUT you will notice that NOW he's talking about being able to transfer my sutff over to the new install. Well, I don't remember getting that from the previous mail. Remember the "test"part he was talking about in that one? And there was never an indication from his previous mail that what he told me to do was only step 1. Hmmmmmmmm. Well, anyhow, see what you think about it.OK, off to the reg, back soon,,,,,,,,,, Quote Link to comment Share on other sites More sharing options...
cak46 Posted July 15, 2005 CID Share Posted July 15, 2005 Hey cak46. Before I do the reg thing I just want to show you my mail I sent to MS(on the bottom) and their reply(on the top) that I got at 6:00 AM this morning. I read it and replied with something like "how bout my boot.ini. Will that stay intact?" (paraphrase) BUT you will notice that NOW he's talking about being able to transfer my sutff over to the new install. Well, I don't remember getting that from the previous mail. Remember the "test"part he was talking about in that one? And there was never an indication from his previous mail that what he told me to do was only step 1. Hmmmmmmmm. Well, anyhow, see what you think about it.OK, off to the reg, back soon,,,,,,,,,, You will be able to transfer data files just fine. It's your installed programs and personalized settings that will need to be redone. (Along with the parallel install). Ask him directly if there is a way to transfer your programs and settings and see what he says. Of course, one of those programs might be the problem too....... I had a thought on your mouse. Why not uninstall any software associated with it, then delete it from the device manager, then shut down, hook up your other mouse, then restart. Just make sure to uninstall any software involved with it first. Try it for a day or two and see what happens? The wheel thing bothers me... sometimes it works, sometimes it doesn't. Could be a short there causing the problem.... Quote Link to comment Share on other sites More sharing options...
rikkkki Posted July 15, 2005 Author CID Share Posted July 15, 2005 You will be able to transfer data files just fine. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.