Tripredacus

I used to work at a college and one day we had no work to do. So my co-worker took a Hard Drive and decided to just format it all day. At first it was fine, but soon it started getting bad sectors. After 10 hours (yes he was kinda a weird guy) he got the bad sectors up to 41%. The only thing was that this was back in 2001 and HDD technology made have improved its resiliency (sic).

Welcome to the MSFN! Have you seen our vLite section yet?

Recently, I was playing Quake 3 on my normal server and a conversation came up about something about women. I then used the common meme of "there are no girls on the internet". Well wouldn't you know it, there were two girls on the server that day and one happened to have been an admin. To make matters worse, neither of them had ever heard of that term and didn't know it was internet schenanigans. So they took it personally and I almost got banned.

When you first make your PE, you should prep it before unmounting it. Make another one as a test, prep it and unmount. THen remount and peimg to see if you get different results. I've never made a PE WIM without prepping it.

In case anyone is confused, this is for soccer teams. I was going to vote the 49ers... PS: this should be in the Poll forum.

Back in the early days, we used to have monthly topics for people to post screenshots of their desktops. Nowadays, people post in a sticky for the year and, I guess, post other screenshots of their desktops in new threads if they want to change/improve something. <WWII rant>you see.... years ago... when roosevelt was president.... we had to post our screenshots in six feet of snow.... for thirty miles... up a hill...</WWII rant> Regular topics might include people who are making changes to their desktops, working on projects, designing wallpaper. Not necessarily those of us that just change our wallpaper every now and then and want to show it off.

Have you tried connecting it to another PC or another OS on that PC? Or boot using a LiveCD, a Win PE cd or NTFSDOS to see if it sees the proper size.

Yes but it is still in Beta. Its the Windows 7 Beta WAIK with Win PE 3.0. See the following: http://www.msfn.org/board/index.php?showtopic=128772

I get all my drivers nowadays for specific devices from DriverPacks.net. I have them all saved onto my workstation, then if I need to find a specific file, I search the whole folder for the Hardware ID of the device. They have Vista packs now, but you'll need to go into their forums, I don't think they have it on the front page yet.

That would be a step backwards. I seem to remember Windows 98 or 95 came with a separate IE install CD. I still have one somewhere.

I wouldn't say its terrible. Its very bright and colorful. My eyes hurt looking at it too long.

It was actually running fine anyways. I just decided to see if it had anything.

you might want to play with the attribute flag, in which you can specify file types. examples: /a:s = system files /a:h = hidden files /a:sh = hidden system files etc This works with the dir command as well.

Did you prep it after you initially made the PE? Also, did you happen to have upgraded or installed a new WAIK version since making that particular WIM?

I'll check it out. I've actually seen a lot of mention of PCcleanUp before on other forums. I only use MBAM because I found it could find rootkits. Oh and I knew I said I would run GMER but I don't have it on my keys, so I'll have to copy it tomorrow.

I figured that Malwarebytes would find something. I must confess however. A long time ago I had purposely infected my PC with an AIM trojan so that I could learn how to remove it. I did this because a friend of mine had gotten it, but I didn't use AIM. Of course it did nothing on my PC but perhaps one of these are its remnants: Mirar Adware.Mirar attempts to find Web pages that are related to the Web page currently being viewed. It also displays advertisements based on the URLs and search terms used while navigating the Internet. It will also attempt to download and install the Mirar toolbar from a predetermined Web site. This toolbar is also detected as Adware.Mirar. My current settings block all domains unless I say so, especially scripts. This being present doesn't cause a security breach for me. You may have noticed I have IE as my default browser, however, I only use it to display local files and my website, nothing else. Netmon.exe netmon.exe is a process which is registered mass-mailing worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open its hostile attachment. The worm has it's own SMTP mailing engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. This process is a security risk and should be removed from your system. With exception to the Microsoft tools of the same name (sneaky they are eh) but I have not installed netmon on this computer. Alas, STMP port is blocked by the hardware firewall, and even so, I have no default Email client anyways. But from its own log, you can see it hasn't run in a while: 06-09-28 11.23.13: *** WAITING 240 SECS *** 06-09-28 11.27.13: *** FETCHING *** 06-09-28 11.27.14: *** SKIPPING POST *** 06-09-28 11.27.14: *** WAITING 240 SECS *** 06-09-28 11.31.14: *** FETCHING *** 06-09-28 11.31.14: *** SKIPPING POST *** 06-09-28 11.31.14: *** WAITING 240 SECS *** 06-09-28 11.35.14: *** FETCHING *** 06-09-28 11.35.15: *** SKIPPING POST *** 06-09-28 11.35.15: *** WAITING 240 SECS *** 06-09-28 11.39.15: *** FETCHING *** 06-09-28 11.39.15: *** SKIPPING POST *** 06-09-28 11.39.15: *** WAITING 240 SECS *** 06-09-28 11.43.15: *** FETCHING *** 06-09-28 11.43.16: *** SKIPPING POST *** 06-09-28 11.43.16: *** WAITING 240 SECS *** 06-09-28 11.47.16: *** FETCHING *** 06-09-28 11.47.16: *** SKIPPING POST *** 06-09-28 11.47.16: *** WAITING 240 SECS *** 06-09-28 11.51.16: *** FETCHING *** 06-09-28 11.51.17: *** SKIPPING POST *** 06-09-28 11.51.17: *** WAITING 240 SECS *** 06-09-28 11.55.17: *** FETCHING *** 06-09-28 11.55.18: *** SKIPPING POST *** 06-09-28 11.55.18: *** WAITING 240 SECS *** 06-09-28 11.59.18: *** FETCHING *** 06-09-28 11.59.19: *** SKIPPING POST *** 06-09-28 11.59.19: *** WAITING 240 SECS *** 06-09-28 12.03.19: *** FETCHING *** 06-09-28 12.03.20: *** SKIPPING POST *** 06-09-28 12.03.20: *** WAITING 240 SECS *** 06-09-28 12.07.20: *** FETCHING *** 06-09-28 12.07.21: *** SKIPPING POST *** 06-09-28 12.07.21: *** WAITING 240 SECS *** 06-09-28 12.11.21: *** FETCHING *** 06-09-28 12.11.21: *** SKIPPING POST *** 06-09-28 12.11.21: *** WAITING 240 SECS *** This makes sense, if you ever look in your spam folder. You get a lot of emails with the wrong year on them. Probably coming from trojans like this. Too bad they are still out there. Only makes sense for Tbird, and OE/Outlook clients, perhaps others. Webmail clients (as I exclusively use besides at work) automatically sort these incorrect year emails into the spam/bulk folder. Pretty stupid for the worm to log that info tho. atmtd.dll cmdService, also known as Command Service, is adware that displays commercial advertisements and opens annoying pop-ups. The parasite is usually installed through drive-by downloads. Its makers are able to partially control the compromised system by disabling or removing any other advertising-supported programs installed. cmdService runs a service on every Windows startup. This malware also appears to be non-functional. idt0.dll This is a "Quake" variant! HA I think I'll keep it. MShosts.exe Looks bad, I think I'll remove it. http://www.bleepingcomputer.com/startups/m....exe-23825.html Unist1.htm and Uninst2.htm Source <html> <title>SearchB</title> <body bgcolor='#eeeeee'> <font size=+2><b>Search The Web</b></font> <form method=post action='http://www.openforum.com/search.php'> <input name=searchTerms value=''> <input type=submit value='Search'> </form> <br> <br> Type The Letters Below To Verify You Wish To Uninstall <table bgcolor=#FFFFFF><tr><td><font size=+3>X475Q</font></td></tr></table> <form action=Uninst2.htm Method=GET> <input type=text name=verifyText> <input type=submit value='uninstall'> </form> Source <html> <title>SearchB</title> <body bgcolor='#eeeeee'> <center> <table width=60% border=0> <tr> <td colspan=3><font size=+1>Do you want to continue to enhance your internet?</font> </td> </tr> <tr> <td> <form method=Get action='java script:window.close();'> <input type=submit value='YES'> </form> </td> <td width=100%> </td> <td> <form method=Get action="uni_eh.exe"> <input type=submit value='no'> </form> </td> </table> </center> </body> </html> I think I'll remove this also. ... oh noes Vundo... Last few things from Security Center, those are my doing. All in all, it isn't as bad as I thought. But that is all for tonight, I make decide to try more things tomorrow night if you are interested.

Why is that spam Tarun? The Conflicker scan took forever! Here's the results, along with the solitaire update: Next I'll run Malwarebytes. However I will garauntee that it will find cookies. I don't clean those often enough.

Ummm.... what is this: O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll Oh don't get yer hopes up yet, that file is simply "Client Service for NetWare Provider and Authentication Package DLL"... Rootkit Revealer came back with 12 discrepancies. They are all the "Key name contains embedded nulls" and one "Data mismatch between Windows API and raw hive data", which under most circumstances means absolutely nothing is wrong. But its funny that Conflicker was brought up. Its appearance was the number one reason why I had this thread idea going around in my head. When Conflicker came out, I was still on SP1 with no updates, other than my hacked USB 2.0 functionality. I am on SP2 now (as noted) but even a repair install wouldn't have removed it on me. Alas since the last test passed as far as I am concerned, I'll move onto the FixDownAdUp.exe from Symantec. And while I was waiting, I've been playing Solitaire, because being productive is key amongst us business types. I am playin 1 card vegas and sitting at a healthy score of -$26.

First up, TASK Manager. I opened it up when I got home, but I did close a few things first. The things I closed were LeetchFTP and Trillian, which were shrunk to the systemtray, and also the PunkBuster client which is opened by Quake 3 but doesn't get closed when you exit it. So I have these: 22 total, - the Epson service (I have a scanner), 2x ATi and taskmgr and we are at 18. I've tried running without the Epson software but when I try to use the printer it gives me errors so I just leave it there. Also I haven't gotten around to doing the driver-only install for ATI but it also doesn't cause me any problems. Oh and how about that uptime? First up, HiJackThis. Now of course, some of the info is different because I am also running these with Firefox open. The following log is edited to remove the trusted sites for IE. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:27:01 PM, on 6/15/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGA.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tripredacus.net/wiki/Main_Page O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\RunOnce: [Delete USB Error Key] "C:\Program Files\Samsung\Samsung PC Studio 3\USB Drivers\SPS3_USB_Driver_Setup.exe" O4 - HKCU\..\Run: [EPSON Stylus NX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGA.EXE /FU "C:\WINDOWS\TEMP\E_S932.tmp" /EF "HKCU" O4 - HKCU\..\Policies\Explorer\Run: [{E423C74E-069E-1033-0801-011008010001}] "C:\Program Files\Common Files\{E423C74E-069E-1033-0801-011008010001}\Update.exe" mc-110-12-0000272 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zones **** REMOVED FROM LIST O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{95A592CA-9194-48CD-AA23-4B7527E1FB01}: NameServer = x.x.x.x O20 - AppInit_DLLs: NVDESK32.DLL,wbsys.dll O20 - Winlogon Notify: ljhhg - C:\WINDOWS\System32\ljhhg.dll (file missing) O20 - Winlogon Notify: winilb32 - C:\WINDOWS\ O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 5165 bytes Rootkit Revealer up next Ummm.... what is this: O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

I have recently decided that it would be interesting to see just how well off my computer is at home. This computer is called 'Infocore' (as mentioned above) and has never had any anti-virus on it. Back in 2002, it used to have Zone Alarm and Adaware, but it has been anti-virus clean for at least 5 years. So I am going to try running some apps to see if it actually has anything on it! Here is some history. This PC was built in 2001 and had Windows XP Pro RTM installed on it. It stayed that way until a couple of months ago when I replaced the motherboard and had to do a repair install. It is now at SP2. The following are facts: 1. There is no anti-virus installed 2. There are no anti-spyware programs installed 3. It has never encountered a BSOD* 4. It has no firewall installed, but Windows ICF is enabled. There is a hardware firewall. 5. The system drive has never been reformatted and had Windows reinstalled. If you ignore the repair install, Windows is on its first install. 6. No Windows updates are installed on it except for what came with SP1 and/or the SP2 repair install. 7. Default browser is IE6, but only to launch HTML files. Used browser is Firefox with NoScript plugin. 8. CCleaner has been run twice ever, but those 2 times were both within the past 3 months, when I started using the program 9. System restore is disabled *BSOD was encountered once during a write operation to a failing storage hard drive. When I get home I will post a process list to start out. I will then run some apps. Those apps include: - gmer - rootkit revealer - hijackthis - malwarebytes antimalware app - Symantec Conflicker removal tool* Any other things I should test as well? And don't say PCMark, as I ran that after the repair install and it pulled a measely 800 marks, but it can play Crysis so *added per DigeratiPrime. Also wanted to add the other programs I used besides the ones listed in this thread: - UltraEdit - PE Explorer - Fireworks for the screenshots

I bought a PS2 just to watch DVDs so I don't have many games for it. I am also slowly running out of things to do in Morrowind so I am probably going to uninstall it and reply Oblivion as well. It will be a long install, that and Shivering Isles. I hope I saved my DLC from last time tho! I don't want to pay for it again lol.

Also your web browser reports your OS as well, and they could easily keep that information and use it for metrics. If you've ever run any stat programs on a webserver, you can see it can see just about every OS.

RAID can't span controllers or hubs like that. You can't have an IDE and SATA drive in the same array. You need two RAID drives, but make sure you are using RAID edition drives for better reliability.

Quoting is fun.

Usually these programs only change the MTU and other things that you can do yourself. Not worth the money if you ask me.