Tripredacus

Why is that spam Tarun? The Conflicker scan took forever! Here's the results, along with the solitaire update: Next I'll run Malwarebytes. However I will garauntee that it will find cookies. I don't clean those often enough.

Ummm.... what is this: O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll Oh don't get yer hopes up yet, that file is simply "Client Service for NetWare Provider and Authentication Package DLL"... Rootkit Revealer came back with 12 discrepancies. They are all the "Key name contains embedded nulls" and one "Data mismatch between Windows API and raw hive data", which under most circumstances means absolutely nothing is wrong. But its funny that Conflicker was brought up. Its appearance was the number one reason why I had this thread idea going around in my head. When Conflicker came out, I was still on SP1 with no updates, other than my hacked USB 2.0 functionality. I am on SP2 now (as noted) but even a repair install wouldn't have removed it on me. Alas since the last test passed as far as I am concerned, I'll move onto the FixDownAdUp.exe from Symantec. And while I was waiting, I've been playing Solitaire, because being productive is key amongst us business types. I am playin 1 card vegas and sitting at a healthy score of -$26.

First up, TASK Manager. I opened it up when I got home, but I did close a few things first. The things I closed were LeetchFTP and Trillian, which were shrunk to the systemtray, and also the PunkBuster client which is opened by Quake 3 but doesn't get closed when you exit it. So I have these: 22 total, - the Epson service (I have a scanner), 2x ATi and taskmgr and we are at 18. I've tried running without the Epson software but when I try to use the printer it gives me errors so I just leave it there. Also I haven't gotten around to doing the driver-only install for ATI but it also doesn't cause me any problems. Oh and how about that uptime? First up, HiJackThis. Now of course, some of the info is different because I am also running these with Firefox open. The following log is edited to remove the trusted sites for IE. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:27:01 PM, on 6/15/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGA.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tripredacus.net/wiki/Main_Page O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\RunOnce: [Delete USB Error Key] "C:\Program Files\Samsung\Samsung PC Studio 3\USB Drivers\SPS3_USB_Driver_Setup.exe" O4 - HKCU\..\Run: [EPSON Stylus NX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGA.EXE /FU "C:\WINDOWS\TEMP\E_S932.tmp" /EF "HKCU" O4 - HKCU\..\Policies\Explorer\Run: [{E423C74E-069E-1033-0801-011008010001}] "C:\Program Files\Common Files\{E423C74E-069E-1033-0801-011008010001}\Update.exe" mc-110-12-0000272 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zones **** REMOVED FROM LIST O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{95A592CA-9194-48CD-AA23-4B7527E1FB01}: NameServer = x.x.x.x O20 - AppInit_DLLs: NVDESK32.DLL,wbsys.dll O20 - Winlogon Notify: ljhhg - C:\WINDOWS\System32\ljhhg.dll (file missing) O20 - Winlogon Notify: winilb32 - C:\WINDOWS\ O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 5165 bytes Rootkit Revealer up next Ummm.... what is this: O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

I have recently decided that it would be interesting to see just how well off my computer is at home. This computer is called 'Infocore' (as mentioned above) and has never had any anti-virus on it. Back in 2002, it used to have Zone Alarm and Adaware, but it has been anti-virus clean for at least 5 years. So I am going to try running some apps to see if it actually has anything on it! Here is some history. This PC was built in 2001 and had Windows XP Pro RTM installed on it. It stayed that way until a couple of months ago when I replaced the motherboard and had to do a repair install. It is now at SP2. The following are facts: 1. There is no anti-virus installed 2. There are no anti-spyware programs installed 3. It has never encountered a BSOD* 4. It has no firewall installed, but Windows ICF is enabled. There is a hardware firewall. 5. The system drive has never been reformatted and had Windows reinstalled. If you ignore the repair install, Windows is on its first install. 6. No Windows updates are installed on it except for what came with SP1 and/or the SP2 repair install. 7. Default browser is IE6, but only to launch HTML files. Used browser is Firefox with NoScript plugin. 8. CCleaner has been run twice ever, but those 2 times were both within the past 3 months, when I started using the program 9. System restore is disabled *BSOD was encountered once during a write operation to a failing storage hard drive. When I get home I will post a process list to start out. I will then run some apps. Those apps include: - gmer - rootkit revealer - hijackthis - malwarebytes antimalware app - Symantec Conflicker removal tool* Any other things I should test as well? And don't say PCMark, as I ran that after the repair install and it pulled a measely 800 marks, but it can play Crysis so *added per DigeratiPrime. Also wanted to add the other programs I used besides the ones listed in this thread: - UltraEdit - PE Explorer - Fireworks for the screenshots

I bought a PS2 just to watch DVDs so I don't have many games for it. I am also slowly running out of things to do in Morrowind so I am probably going to uninstall it and reply Oblivion as well. It will be a long install, that and Shivering Isles. I hope I saved my DLC from last time tho! I don't want to pay for it again lol.

Also your web browser reports your OS as well, and they could easily keep that information and use it for metrics. If you've ever run any stat programs on a webserver, you can see it can see just about every OS.

RAID can't span controllers or hubs like that. You can't have an IDE and SATA drive in the same array. You need two RAID drives, but make sure you are using RAID edition drives for better reliability.

Quoting is fun.

Usually these programs only change the MTU and other things that you can do yourself. Not worth the money if you ask me.

That might be caused by having a tiny PSU. LOL. I gotten similar just from plugging another HDD with a 90 W (or about that) PSU on a 2001 Gateway LOL. That image is actually Symantec Ghost 7.5 Client for DOS.

uTorrent uses UDP and not TCP. This is a known behaviour of UDP vs TCP torrents. UDP lets you download the files faster but has no bandwidth cap and takes bandwidth away from other protocols. Also it depends on how many active downloads you are using. uTorrent using UDP was a direct response to Comcast (among others) attempting to limit standard BitTorrent clients bandwidth. Further Reading: http://arstechnica.com/old/content/2008/12...snt-falling.ars http://bennett.com/blog/2008/12/bittorrent...n-the-internet/ As far as your internet speeds, online speed tests are not reliable. If you've ever downloaded something large "the old fashioned way" you'll notice your speed is very fast at the start. These online speed tests will send a very small file and you see your speed is very high. But try doing a full on FTP download from your ISP (if they allow you that option) to do a real speed test. ISPs can only garauntee the speed within their network. Also, your upload speed on uTorrent should be 0KB because sharing files (99% of the time) via P2P is illegal.

Its that "some kinda wonderful" song... and hours later, listening to something better... Yu Miyake - WANDA WANDA

You may get this message if you change your default address or try to specify another one. Paypal recently did an overhaul and honestly, I added my bank account over 5 years ago so I can't remember if something like that happened to me.

OK, open up the PE Tools command prompt and run all your commands until you get this error. Then post everything in the command prompt window.

I understood what you meant before and I can imagine the flow of such a program. However I haven't the time to develop a program for you. Sooner or later you are going to have to learn how to write scripts yourself, you make it very far if you refuse to learn this. My recommendation would be to start looking at AutoIT or KIXtart, which are both fairly easy scripting languages. AutoIT should be able to accomplish this, but going onto their forum and requesting them to write you a program might not work out well either.

http://www.microsoft.com/resources/documen...r.mspx?mfr=true example: rmdir c:\temp\*.* /s /q You'll have to play with it, as the above example deletes the files but leaves the folders. I use this in one of my scripts but never bothered fixing it.

Oh noes! Two threads for the same thing. This is an older one... maybe too old to merge, but still funny looking back. http://www.msfn.org/board/index.php?showtopic=46922

Ah HA! i knew this thread existed! It had to! Anyways, here's me: PC Elder Scrolls III: Morrowind Quake III Arena PS2 Katamari Damacy Black

SR for this issue requested to Microsoft. Until a resolution can be reached, this project is on hold. I held a meeting and it was determined we will use SoftThinks for the moment until this issue is resolved. Update: XP support in the OEM channel is done so I couldn't get a real answer. However, I did get this info. Imagex isn't designed with XP in mind, only Vista, 2008 and 7. The problems I experienced were only with XP recoveries and not the others. There is a point, x% of the time, the recovery fails. With no official support option for XP anymore, this project is halted. I forgot to update this thread, we have indeed started using the netbooks with SoftThinks because it works 100% of the time. I did sure learn alot about HTA, VBScript and the MBR, so thanks all you chipped in!

That option is an available feature in this board design. I do not like it because its very easy to not know who anyone is anymore, and users end up losing their identity. I am a member on another forum that uses that feature and it becomes very confusing.

I would need to duplicate your environment. I need to know the following: 1. What OS on the technician PC 2. Using WAIK or OPK Tools and what version 3. What OS or PE version inside the WIM

That sounds great. I'll put in a request for it now. So far my WDS testing is done on a 2003, but my 7server has 2008 R1. So when R2 comes out I'll upgrade it, so just have to do a migration.

make sure you use mountrw switch: imagex /mountrw c:\winpe_x86\winpe.wim 1 c:\winpe_x86\mount and when finished imagex /unmount c:\winpe_x86\mount /commit Change folder and wim names as necessary. If you use /mount, you may or may not be able to change the files, but the results won't be saved. Make sure you open the PE Tools Command Prompt with elevated rights.

IE will be there, just no icon or branding. I never understood why everyone makes a big deal about IE being in Windows. Its not like they are taking steps to stop you from using other browsers. Just because its there doesn't mean you have to use it.

A batch/cmd file can be run from the PE.