Over 1 million tech questions and answers.

Netsky Worm-Popups-The Three Icons - "Error Cleaner" "Privacy Protector" "Spyware..."

Q: Netsky Worm-Popups-The Three Icons - "Error Cleaner" "Privacy Protector" "Spyware..."

I am infected with this crap and have used the following tools to try to get rid of it:
Windows Defender, Unible PowerSuite (SpeedUpMyPC, Registry Booster & Spyware Protector) and Norton's One Button Checkup and WinDoctor.

Not sure if it's related, but my DISPLAY is locked at 640 X 480.

Atempted the 5 Step Process before posting and Panda ActiveScan froze and crashed after scanning 59253 files, but not before identifying 28 spyware files.

Here's my extra.txt log from Deckard's:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1277.95 MiB / 810.39 MiB
Pagefile Memory (total/avail): 1516.89 MiB / 1165.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.88 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 18.7 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST340014A - 37.25 GiB - 1 partition
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TRIBASH
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\TRIBASH
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=TRIBASH
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Sharon (admin)
Thom (admin)
Robert Christensen (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe? Photoshop? Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Bonus --> MsiExec.exe /I{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}
Broadcom 440x 10/100 Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
CC_ccProxyExt --> MsiExec.exe /I{779F426C-A8F3-414B-B7AF-B6BDC9B8E040}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
ccPxyCore --> MsiExec.exe /I{AB70ABEC-771B-47CB-9E41-DF77DE4FFC5C}
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
CIB --> MsiExec.exe /I{E8176C35-0C2D-4142-9ED4-81861ECAB403}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Connection Keep Alive --> MsiExec.exe /I{77364F85-6219-4CB8-AAA0-6D53368D683D}
DAZzle --> C:\PROGRA~1\ENVELO~1\DAZzle\UNWISE32.EXE C:\PROGRA~1\ENVELO~1\DAZzle\INSTALL.LOG
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Harmony Remote Software 7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe" -l0x9 -removeonly
MGI PhotoSuite 8.1 (Remove Only) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\PhotoSuite 8.1\Uninst.isu" -c"C:\Program Files\MGI\PhotoSuite 8.1\CustomUninstall.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint 2003 --> MsiExec.exe /I{90180409-6000-11D3-8CFE-0150048383C9}
Microsoft OpenType Font File Properties Extension --> MsiExec.exe /I{45EA11B5-874D-480E-89B9-2545505BBE3E}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mobipocket Reader 5.2 --> MsiExec.exe /I{20370E2E-E19B-4D8D-A6D4-81C1D268F6EA}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSRedist --> MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
Norton Add-on Pack (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_2_0_0_61\Setup.exe" /X
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{D4BB907A-623E-4F07-8787-041ABAE088E4}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Cleanup --> MsiExec.exe /I{CA31120D-2101-484D-9FF1-195DE96FE346}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton GoBack 4.2 --> MsiExec.exe /I{1F76ACFA-22FE-49F6-BC05-F4EC835F48CC}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton SystemWorks --> MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton SystemWorks (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{707D28BF-E145-4a9b-B97E-94FA586D05F3}\{707D28BF-E145-4a9b-B97E-94FA586D05F3}.exe" /X
Norton SystemWorks 2007 --> MsiExec.exe /I{FB55BB78-2BC2-43E9-80FF-517A8D1AE3AD}
Norton SystemWorks Basic Edition --> MsiExec.exe /I{707D28BF-E145-4a9b-B97E-94FA586D05F3}
Norton Utilities --> MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Parental Control --> MsiExec.exe /I{66B9BD1F-4189-4f35-BD82-9948720A04CF}
Philips Device Manager --> C:\Program Files\InstallShield Installation Information\{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}\setup.exe -runfromtemp -l0x0009 -removeonly
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
Quicken Online Backup --> C:\Program Files\Quicken Online Backup\CBUninst.exe
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Savings Bond Wizard --> C:\WINDOWS\unvise32.exe C:\Program Files\Savings Bond Wizard\uninstal.log
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Uniblue PowerSuite --> "C:\Program Files\Uniblue\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type35954 / Error
Event Submitted/Written: 12/30/2007 00:45:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type35952 / Error
Event Submitted/Written: 12/30/2007 00:24:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type35950 / Error
Event Submitted/Written: 12/30/2007 00:08:02 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type35945 / Error
Event Submitted/Written: 12/30/2007 11:52:01 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type35943 / Error
Event Submitted/Written: 12/30/2007 11:36:00 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type91332 / Error
Event Submitted/Written: 12/30/2007 00:20:38 PM
Event ID/Source: 6161 / Print
Event Description:
http://www.techsupportforum.com/secu...g-OwnerLexmark X63LEMF330459344240\\TRIBASH232 (0xe8)

Event Record #/Type91252 / Error
Event Submitted/Written: 12/30/2007 09:31:06 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type91251 / Error
Event Submitted/Written: 12/30/2007 09:31:06 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type91235 / Error
Event Submitted/Written: 12/30/2007 09:24:25 AM / 12/30/2007 09:25:25 AM
Event ID/Source: 1 / sr
Event Description:
The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

Event Record #/Type91183 / Error
Event Submitted/Written: 12/30/2007 08:55:37 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2007-12-30 1344 ----------
Here's the main.txt log from Deckard's:

Deckard's System Scanner v20071014.68
Run by Owner on 2007-12-30 13:02:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
60: 2007-12-30 19:02:23 UTC - RP853 - Deckard's System Scanner Restore Point
59: 2007-12-30 18:55:37 UTC - RP852 - Software Distribution Service 3.0
58: 2007-12-30 18:53:47 UTC - RP851 - Software Distribution Service 3.0
57: 2007-12-29 18:48:39 UTC - RP850 - Restore Operation
56: 2007-12-29 18:43:18 UTC - RP849 - Restore Operation


-- First Restore Point --
1: 2007-11-07 0927 UTC - RP794 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:31 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Quicken Online Backup\AgentSrv.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton SystemWorks Basic Edition\Norton GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Quicken Online Backup\CBSysTray.exe
C:\WINDOWS\system32\LXAMSP32.EXE
C:\Documents and Settings\Owner\Desktop\Deckards System Scanner.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {82de967b-6db5-4ac2-8450-c732f8358a43} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: The emlkdvo - {9E1833D1-423D-4485-950E-0A417C2C15CA} - C:\WINDOWS\emlkdvo.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Quicken Online Backup TaskBar Icon.LNK = C:\Program Files\Quicken Online Backup\CBSysTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47...amesLoader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553545000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: bvtqfvx - {C3D19FAE-7651-43EE-B74F-6488FA897FC7} - C:\WINDOWS\bvtqfvx.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Quicken Online Backup\AgentSrv.EXE
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks Basic Edition\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10567 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 GBDevice - c:\windows\system32\drivers\gbdevice.sys <Not Verified; Symantec Corporation; Norton GoBack>
R0 GoBack2K - c:\windows\system32\drivers\goback2k.sys <Not Verified; Symantec Corporation; Norton GoBack>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 GBFSHook - c:\windows\system32\drivers\gbfshook.sys <Not Verified; Symantec Corporation; Norton GoBack>
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>

S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AgentSrv (Connected Agent Service) - c:\program files\quicken online backup\agentsrv.exe -asv
R2 Speed Disk service - c:\progra~1\norton~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_01601028&REV_01\3&172E68DD&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_01601028&REV_01\3&172E68DD&0&10
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-12-30 09:43:13 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-12-29 13:17:52 338 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2007-12-24 12:00:00 318 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
2007-12-24 01:00:00 620 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Thom.job


-- Files created between 2007-11-30 and 2007-12-30 -----------------------------

2007-12-30 13:05:16 0 d-------- C:\Program Files\Trend Micro
2007-12-30 12:43:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2007-12-30 11:40:17 0 d-------- C:\Program Files\SpywareBlaster
2007-12-30 09:51:28 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 09:51:27 0 d-------- C:\WINDOWS\LastGood
2007-12-30 09:45:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-12-30 00:23:00 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-12-29 12:50:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2007-12-29 12:50:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-12-29 10:50:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2007-12-28 19:50:00 0 dr-h----- C:\Documents and Settings\Thom\Recent
2007-12-28 18:15:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-12-28 18:15:08 0 d-------- C:\Documents and Settings\Thom\Application Data\Uniblue
2007-12-28 18:14:45 0 d-------- C:\Program Files\Uniblue
2007-12-25 21:28:24 77824 --a------ C:\WINDOWS\fvkwdrt.exe
2007-12-25 21:28:24 200704 --a------ C:\WINDOWS\emlkdvo.dll <Not Verified; ; emlkdvo Module>
2007-12-25 21:28:24 208896 --a------ C:\WINDOWS\bvtqfvx.dll
2007-12-25 21:27:26 0 d-------- C:\Program Files\MediaSupplyCodec
2007-12-25 19:00:39 0 d-------- C:\Program Files\Full Tilt Poker.Org
2007-12-23 01:30:04 0 d-------- C:\Program Files\Video Add-on
2007-12-21 21:47:40 0 d-------- C:\Program Files\Nufsoft
2007-12-21 16:27:49 0 d-------- C:\Documents and Settings\Robert Christensen\Application Data\Apple Computer
2007-12-21 11:17:09 0 d-------- C:\Documents and Settings\Robert Christensen\Application Data\Sonic
2007-12-21 11:01:58 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-12-21 11:00:25 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-12-21 11:00:20 0 d-------- C:\Program Files\AVSMedia
2007-12-21 11:00:01 0 d-------- C:\Program Files\Common Files\Download Manager
2007-12-21 02:53:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SwiftSwitch
2007-12-21 02:53:16 0 d-------- C:\Program Files\SwiftSwitch
2007-12-10 01:05:05 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2007-12-09 17:19:11 0 d-------- C:\Documents and Settings\Robert Christensen\Application Data\Datel
2007-12-05 20:07:41 0 d-------- C:\Netgear


-- Find3M Report ---------------------------------------------------------------

2007-12-30 13:05:11 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-30 1134 0 d-------- C:\Program Files\Windows Defender
2007-12-30 11:04:38 0 d-------- C:\Program Files\Norton Internet Security
2007-12-30 11:03:42 0 d-------- C:\Program Files\Quicken Online Backup
2007-12-30 11:03:32 0 d-------- C:\Program Files\Norton SystemWorks Basic Edition
2007-12-30 11:03:16 0 d-------- C:\Program Files\Messenger
2007-12-30 09:48:00 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-12-30 09:07:55 0 d-------- C:\Program Files\Datel
2007-12-28 23:42:24 0 d-------- C:\Program Files\Common Files
2007-12-28 23:33:32 0 d-------- C:\Program Files\Yahoo!
2007-12-28 21:16:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-28 19:44:25 0 d-------- C:\Program Files\Cheat Engine
2007-12-27 06:50:41 0 d-------- C:\Program Files\RegSweep
2007-12-26 15:03:13 0 d-------- C:\Program Files\RuneHQ_Browser_Bar
2007-12-25 20:15:21 0 d-------- C:\Program Files\Quicken
2007-12-05 16:38:54 0 d-------- C:\Program Files\Symantec
2007-11-29 01:13:28 0 d-------- C:\Program Files\Siber Systems
2007-11-21 23:47:05 0 d-------- C:\Program Files\3D Kit Builder
2007-11-21 22:41:39 1156 --a------ C:\WINDOWS\mozver.dat
2007-11-21 22:38:29 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-13 22:57:54 223744 --a------ C:\WINDOWS\system32\b4fm.dll
2007-10-03 20:35:37 2147483647 --ahs---- C:\gobackio.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 09:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
10/04/2007 05:43 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 09:51 PM 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/23/2007 04:18 PM]
"lxamsp32.exe"="lxamsp32.exe" [10/21/2001 07:12 PM C:\WINDOWS\system32\LXAMSP32.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [03/24/2007 06:52 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [12/11/2007 10:55 AM]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [12/11/2007 10:55 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Quicken Online Backup TaskBar Icon.LNK - C:\Program Files\Quicken Online Backup\CBSysTray.exe [6/14/2007 11:02:01 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bvtqfvx"= {C3D19FAE-7651-43EE-B74F-6488FA897FC7} - C:\WINDOWS\bvtqfvx.dll [12/25/2007 12:33 PM 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AcBtnMgr_X63.exe.lnk]
backup=C:\WINDOWS\pss\AcBtnMgr_X63.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ACMonitor_X63.exe.lnk]
backup=C:\WINDOWS\pss\ACMonitor_X63.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Harmony Remote Software 7.lnk]
backup=C:\WINDOWS\pss\Logitech Harmony Remote Software 7.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
backup=C:\WINDOWS\pss\Norton GoBack.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Online Backup TaskBar Icon.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Online Backup TaskBar Icon.LNK
backup=C:\WINDOWS\pss\Quicken Online Backup TaskBar Icon.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexStart]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxamsp32.exe]
lxamsp32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobipocket Reader Notifications]
C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSWosCheck]
C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton Internet Security\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegSweep]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue PowerSuite]
C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
"C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

*Newly Created Service* - COMHOST
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK



-- End of Deckard's System Scanner: finished at 2007-12-30 1344 ---------

RELEVANCY SCORE 200
Preferred Solution: Netsky Worm-Popups-The Three Icons - "Error Cleaner" "Privacy Protector" "Spyware..."

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Netsky Worm-Popups-The Three Icons - "Error Cleaner" "Privacy Protector" "Spyware..."

Bump.

Read other 14 answers
RELEVANCY SCORE 260.8

hello,

This site helped me cure my Laptop in the past and now I am in the process of aiding a friend whose IE is being hijacked to a suspected Anti-malware site for a product known as "Ultimate Cleaner 2007". He also keeps getting repetative pop-ups for an alleged virus known as "Worm.Win32.NetSky" which redirects you again to an unknown site.

here is his HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:27:09 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Docume... Read more

A:HJT log for "Ultimate Cleaner 2007" browser hijacking and "Worm.Win32.NetSky" warning

Welcome to TSG

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 3 answers
RELEVANCY SCORE 255.2

So my PC (Windows XP) got the red "biohazard" wallpaper ("YOUR PRIVACY IS IN DANGER! DOWNLOAD PRIVACY PROTECTION SOFTWARE NOW"), along with the new icons "Error Cleaner", "Privacy Protector", & "Spyware & Malware Protection".

I get the window that says "Windows has detected an Internet attack attempt...someone's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from internet attacks, hijacking attempts, and spyware! Click here to download spyware remover for total protection."

I've searched around and seen several posts regarding this malware. I may be a bit worse off, though, because I can't explore or run any programs! I tried inserting a disc of anti-spyware programs, and it wouldn't let me open/explore the disc. Not even in Safe Mode. The "Start" button at the bottom left of the screen is gone, and when I try to run anything, I get a message that says something like "Windows cannot find the .exe file"...

That seemed to happen right after I ran KillBox and let it delete a file called "Spools.exe" that Ad-Aware found. Yes...my computer is really screwed up.

I'm using a borrowed computer right now, and disconnected the other one from the internet. Since I can't run anything or explore on that computer, I'm not sure how I'm going to fix it, or run any kind of Hijack This log, etc.

When I hit Ctrl/Alt/Del, my "... Read more

A:Red Biohazard wallpaper, "Error Cleaner/Privacy Protector" icons

Hi penkosey,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on ... Read more

Read other 1 answers
RELEVANCY SCORE 229.6

In Windows XP, fully updated, I have several folders full of mp3's and want to see the bit rate and duration. I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

But all the figures in the "Duration" column appear to be in "hours" and "minutes", so I see "00:04" or "00:03", but what I want is "minutes" and "seconds".

Any thoughts as to how to change this?
 

A:Solved: Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

Read other 16 answers
RELEVANCY SCORE 226.8

I am running Windows XP SP3, fully updated, on an Acer lap top PC.

I have several folders full of .mp3's and want to see the bit rate and duration. To do this I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

The two new columns appear, but the format of the "Duration" column appears to be "hours:minutes", so I see "00:04" or "00:03" for most .mp3's, when what I want to see is 'hours:minutes:seconds", e.g. "00:03:45".

This also happens for video files (.avi files), e.g. all my episodes of "Heroes" (sad, I know) have a duration of "00:42" instead of "00:42:xx".


Here are two pictures showing the problem with the .mp3's. The first is of Explorer showing the Duration as "Hours:Minutes":




The second picture is of the properties window of the first .mp3 in the list above:




I copied some .mp3 files to another (old) PC on my home network, and it displayed the duration field correctly:




Also, the properties window correctly shows the duration also:





I'm not the only person to have this problem. I received a private message from a member of another forum where I posted about this problem several weeks ago. That person also has the same problem with the duration field.

The tech guys on that forum were unable to find the source... Read more

A:Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

* bump *

Tricky, this one!

Read other 8 answers
RELEVANCY SCORE 223.6

I have followed pre-steps. My computer is running Win 98 (don't ask why), and when I went to Windows update page I got a message saying that the updates page was for Windows not Mac users? Many pop-ups are saying that they are from Drive Cleaner, but Drive Cleaner search programs haven't helped. Many thanks for any who can provide help cause I'm gettin' lotsa lotsa pop ups. Phil

Panda Soft and Hijack This logs attached.

Logfile of HijackThis v1.99.1
Scan saved at 7:17:19 PM, on 3/20/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\KEM.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\MEMOREX\TRAVELDRIVE003C\UFDSE98.EXE
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGR... Read more

A:"Drive Cleaner" "Oinadserver" and Misc popups

Quote:





Originally Posted by Iguana07


I have followed pre-steps. My computer is running Win 98 (don't ask why), and when I went to Windows update page I got a message saying that the updates page was for Windows not Mac users? Many pop-ups are saying that they are from Drive Cleaner, but Drive Cleaner search programs haven't helped. Many thanks for any who can provide help cause I'm gettin' lotsa lotsa pop ups. Phil

Panda Soft and Hijack This logs attached.

Logfile of HijackThis v1.99.1
Scan saved at 7:17:19 PM, on 3/20/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\KEM.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\MEMOREX\TRAV... Read more

Read other 5 answers
RELEVANCY SCORE 216.8

My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar was represented with a big custom icon to save eye strain. I had them installed in opposite vertical margins, and they were set on auto-hide to keep them out of the way when not being used. Just move your mouse pointer to the left or right margin, and BAM! Sorry for the cliche, but I really got used to the convenience of what I had set up, and I just don't think I can be as efficient without anything comparable.

Now there appears to be nothing comparable in the Windows 7 GUI, and it's making me sick with rage! I see only the option to put a "toolbar" on an existing "taskbar", and no option to create any additional taskbars! This cramps up your one-and-only taskbar, plus the tiny toolbar access buttons require way too much precision for anything that's supposed to be quick. When you've figured out how to bring up that ridiculous button, the list that it yields is small enough to cause painful eyestrain - nothing efficient, much less cool about this at all! I have seen customization options in other OS GUIs that may have resolved some of these issues, but I see none such in W7.

I have tried every google search string that I can think of, and found... Read more

A:Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"

Several possibilities here: Second taskbar in windows7? [Solved] - Windows 7 - Windows 7

Read other 1 answers
RELEVANCY SCORE 216.4

Hi,

When our website users click on an html attachment embedded on a web-page in IE9, the download manager will not display the "Open" option. It will only display "Save" and "Cancel" which our users don't like, having to save the
html document in a folder to open it. Whereas, when downloading attachments like pdf, word etc. all three options are displayed. 

Is there any setting to tweak , which will display all the 3 options for HTML attachments as well?

A:IE9 download manager will not display "Open" option (only "Save" and "Cancel" is displayed) for downloading HTML documents.

Hi,
As you know, the Open-Save-Cancel dialog box helps you prevent your computer from affecting by virus while downloading. 
So I suggest you test to reset all zones to a lower level temporarily and then please attempt to download this html attachment again.

However, since you can normally download the other documents, I suspect there is some restriction in the website which you are trying to view. I recommend you to contact the administrator of that website if possible.
could you please send me the link of the website from where you are trying to download the html attachment?
Thanks!


We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Read other 6 answers
RELEVANCY SCORE 216

I've been having some problems with my computer and I've always somehow managed to work my way around the issues spyware/malware etc. have created but lately it's been getting out of hand.. Some time ago I got a virus or something that made the entire tab under "Processes" dissapear. So I could not see process-names in the task-manager. I have re-installed XP but this problem persists. I have been using a different application to monitor and handle processes.

The problem now is the constant pop-ups generated from this fake anti-virus program calling itself "Anti Virus Pro 2007" or something.. It pops up with fake commercials, and even attach itself into other explorer-windows while I view other pages.

As popups and messageboxes keep popping up, I close them, but after a while windows will open a messagebox telling me "Buffer overrun detected in e:\Windows\system32\explorer.exe" (or \\windows\explorer.exe I don't remember really but you get the idea) and explorer.exe will be terminated, sometimes taking some internet explorer windows along with it, other times explorer.exe just starts up again and all my windows remain.

I used to have Norton but was forced to remove it as it was sucking up all my CPU. It rendered my computer useless, as I mainly use it for gaming.

I've also experienced having the connection between me and my modem broken while beeing on the internet, and I don't know if my computer actually is offline or if -I'm- just... Read more

A:Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or something++

Hello and welcome to TSF

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers. Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

You are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
Come back here to this thread and paste the log in your next reply.
Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.

Expected logs:

Combofix.txt
HijackThis log

Read other 19 answers
RELEVANCY SCORE 216

I got my dell few days ago. Installed it with Samsung EVO 850 SSD 500 Gb and Kingston 8GB PC3L - 12800 SODIMM.The Windows 10 Home OEM home is installed on HDD 1TB so I decided to use Samsung Data Migration software to clone the data to SSD. However, the OS crashed and decided to install a fresh Windows 10 Enterprise to SSD and deleted the previous OS on HDD using diskpart.Now after Installing Windows 10 Ent OS files. Every after BIOS run, I got BSOD errors "MEMORY MANAGEMENT" + "Page Fault it non paged area" + "IRQL NOT LESS OR EQUAL" 

Read other answers
RELEVANCY SCORE 214.4

After privacy protection installed itself I no longer have a desktop. The task bar is still on the screen as well as the start menu. But when I click on the start menu there is nothing on it. The only programs that are running are " privacy protection", "windows security center", and "XP anti-virus 2012". All three of these are running completely by themselves and I never installed or downloaded any of them. I cannot get on the internet or do anything with my computer. I know that privacy protection and XP anti-virus 2012 are fake virus protection but when my computer was still somewhat functional, these programs did not allow me to run anything which made it hard to fight it off. I have some really important stuff on my computer and I would hate to lose it all.
 

Read other answers
RELEVANCY SCORE 213.6

Ok, so im new here so hey everybody..

to the point: my laptop is "stuttering"/lagging/skipping.
whatever you wanna call it its doing it.
my video/music/and cursor skip every second for a splt second it starts on start-up and dont stop til i turn my laptop off. it happens in a pattern its not random, ive done checked my drivers, spyware, and m RAM is good.. so can someone please help me? ***could it be because my battery wont hold a charger? so it has to be hooked up to the charger at ALL times or it dies Example: is the charger not got the "juice" to run the laptop by itself so it studders/skips..*** i dont know if this has anything to do with my problem but i ran "event viewer" and found this : The following boot-start or system-start driver(s) failed to load:
Cdrom
Imapi
redbook

PLEASE HELP




OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 502 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 224 Mb
Hard Drives: C: Total - 39723 MB, Free - 23484 MB; D: Total - 12684 MB, Free - 3633 MB;
Motherboard: Dell Inc., 0FF049, , .HWPLLB1.CN1296167S5169.
Antivirus: McAfee VirusScan, Updated: Yes, On-Demand Scanner: Disable
 

A:Solved: Whole computer "studders"/"skips"/"lags" .. have event viewer report (PLEASE

Read other 6 answers
RELEVANCY SCORE 213.6

I double-click and get "search" instead of "open"--only when I click a disk, like Hard Drive C: or Floppy A: or CD F: and so on.

It didn't used to do this, so I must've inadvertently changed some setting somewhere, but darned if I can find it now.

Any ideas?
 

A:Solved: On the "my computer" list, I double-click on disks and get "search" instead of "open"

Read other 12 answers
RELEVANCY SCORE 213.6

It seems that no matter how I set this, after the next start-up it reverts to "15 minutes".  What registry key controls this?

Read other answers
RELEVANCY SCORE 213.2

I think I am infected with Malware, Spyware, or some type of virus. My desktop background has become a bright red screen with a toxic symbol on it and underneath it, it says "Your Privacy Is In Danger!" On the bottom right, in the taskbar, right next to the time and date, it says "Virus Alert!" My computer is also attempting to run anti-Spyware programs all by itself, opening browsers with websites to Spy programs and pop-ups warning me of possible hackers. Below is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:36: VIRUS ALERT!, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched... Read more

Read other answers
RELEVANCY SCORE 212.8

Windows XP
SP 2

I have two main problems and from some of the other threads I've viewed they might be related. 1) Whenever I try to open "My Computer" or "Control Panel", etc. I get this "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience." Then my system freezez up for a while until I CTRL ALT DEL and end "drwtsn" manually. 2) I think I have some adware. My internet hope page keeps reverting to "blank: about" regardless of what I change it to. I am also getting some porn links in my "favorites" list and if I delete them they just go back. I've run scans with Norton, AdAware SE, SpyBot, and Nod32 and I also have SpywareBlaster running. I don't know what to do! Please help!

Here's my hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:20 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Fil... Read more

Read other answers
RELEVANCY SCORE 212.8

Windows XP
SP 2

I have two main problems and from some of the other threads I've viewed they might be related. 1) Whenever I try to open "My Computer" or "Control Panel", etc. I get this "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience." Then my system freezez up for a while until I CTRL ALT DEL and end "drwtsn" manually. 2) I think I have some adware. My internet hope page keeps reverting to "about:blank" regardless of what I change it to. I am also getting some porn links in my "favorites" list and if I delete them they just go back. I've run scans with Norton, AdAware SE, SpyBot, and Nod32 and I also have SpywareBlaster running. I don't know what to do! Please help!

Here's my hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:20 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common File... Read more

Read other answers
RELEVANCY SCORE 212.8

Windows XP
SP 2

I have two main problems and from some of the other threads I've viewed they might be related. 1) Whenever I try to open "My Computer" or "Control Panel", etc. I get this "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience." Then my system freezez up for a while until I CTRL ALT DEL and end "drwtsn" manually. 2) I think I have some adware. My internet hope page keeps reverting to "about:blank" regardless of what I change it to. I am also getting some porn links in my "favorites" list and if I delete them they just go back. I've run scans with Norton, AdAware SE, SpyBot, and Nod32 and I also have SpywareBlaster running. I don't know what to do! Please help!

Here's my hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:20 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common File... Read more

Read other answers
RELEVANCY SCORE 212.4

One feature I really liked in XP was the ability to look in a folder through My Computer and sort the files by extension. For example if I wanted to get all .jpg files to one side of the folder as I looked for a file, I could click View, Arrange Icons By, Type and make that happen. I don't see that feature in Windows 7. I'm using W7Pro and can't find that or a similar feature anywhere. Is it here and I just haven't found it? TIA

A:Where is "VIEW", "ARRANGE ICONS BY", "TYPE"

open a window ,click organise/layout /menubar.
then when you click view in the menu bar group by is in the list

Read other 3 answers
RELEVANCY SCORE 211.6

Ok, so im new here so hey everybody..

to the point: my laptop is "stuttering"/lagging/skipping.
whatever you wanna call it its doing it.
my video/music/and cursor skip every second for a splt second it starts on start-up and dont stop til i turn my laptop off. it happens in a pattern its not random, ive done checked my drivers, spyware, and m RAM is good.. so can someone please help me? ***could it be because my battery wont hold a charger? so it has to be hooked up to the charger at ALL times or it dies Example: is the charger not got the "juice" to run the laptop by itself so it studders/skips..*** i dont know if this has anything to do with my problem but i ran "event viewer" and found this : The following boot-start or system-start driver(s) failed to load:
Cdrom
Imapi
redbook

PLEASE HELP
 

A:Whole computer "studders"/"skips"/"lags" .. have event viewer report (PLEASE HELP)

**(DONT KNOW IF THIS WILL HELP..)***

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 502 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 224 Mb
Hard Drives: C: Total - 39723 MB, Free - 23484 MB; D: Total - 12684 MB, Free - 3633 MB;
 

Read other 2 answers
RELEVANCY SCORE 210.8

ok!!!!!!!!!! what is it and how do i fix it,,,, eyes crossed knees woobly help?????????????????????
 

A:[Solved] mplay32.exe,1"/play/close"%L"." and sndrec32.exe"%L"."

Read other 9 answers
RELEVANCY SCORE 208.4

Hi everyone!

Yesterday my HP laptop (Windows 7) started getting BSOD with various types of errors (mostly "STOP: 0x00000F4", "STOP: 0x0000007A", "c00021a" and one "missing %hs, c0000135"). Most of the time it restarts without any issues and works fine right after the BSOD and then an hour or two later I get a BSOD again.

I have tried restoring to Last Known Good Configuration, startup repair, hard disk check, virus scans and I also uninstalled any recently added programs I could think of and cleared up more than 50% of my hard disk space. None of these seem to have helped and I still get BSOD regularly.

I have attached the folder from the SF Diagnostic Tool and would appreciate any advice!
Thank you!

A:BSOD every few hours: mostly "STOP: 0x00000F4", "c00021a" & "c0000135"

Welcome to the forum.

MSINFO32:
Please go to Start and type in "msinfo32.exe" (without the quotes) and press Enter
Save the report as an .nfo file, then zip up the .nfo file and upload/attach the .zip file with your next post.
Also, save a copy as a .txt file and include it also (it's much more difficult to read, but we have greater success in getting the info from it).
------------------------
Upload a screenshot using: CrystalDiskInfo For how to upload a screenshot or file, read here
Test your Hard Drive(s) by running: Hard Drive Diagnostic Procedure
------------------------
Test and Diagnose RAM Issues with Memtest86+: RAM - Test with Memtest86+


   Tip
Pay close attention to Part 3 of the tutorial "If you have errors"
Test the RAM with Memtest86+ for at least 7-10 passes. It may take up to 22 passes to find problems. Make sure to run it once after the system has been on for a few hours and is warm, and then also run it again when the system has been off for a few hours and is cold.


------------------------
Monitor hardware temperature with system monitoring software like Speccy or HWMonitor. Upload a screen shot of the Summary tab as well:Piriform - Speccy
CPUID - HWMonitor
For how to upload a screenshot or file, read here

Code:
*******************************************************************************
* *
* Bugche... Read more

Read other 5 answers
RELEVANCY SCORE 208.4

Ok so I'm using a custom visual style made by another user however I don't really like the buttons used that I mentioned above. The creator states it is acceptable to change the theme to however you like as long as you don't redistribute it anywhere.

Ok so I opened up the .msstyles file (using Restorator) located in the theme folder of this VS. I went into the images directory and located what seems to be the images used for the buttons. Intuitively, it seems like it would make sense to replace those images with different ones (perhaps from another visual style) and it should change them. However, would this actually work? Could the theme get messed up in some other way (like proportions or something if the new button images are smaller)? I don't know of any other way to change them that would be easy.

But I did run into another problem. For some visual styles I can't even locate those buttons in the images directory. Where else would they be?

A:Changing the "minimize" "maximize" and "close" buttons of a theme

Use Windows Style Builder to do that...

Read other 9 answers
RELEVANCY SCORE 208.4

I am using Windows 7 on my laptop and I have question about when to use "Home", "Work" and "Public" profile.

If I am logging in without setting password, and I am logging in network with "Public" profile, then will any other user, who can see my computer, be able to enter my computer and check the contents on my computer ?

I am connecting to a network and there are 6 other users connected to this network. In the set network location window, if I select the netwoek as "Home", does it mean that other 6 users will not be able to see my computer on network and if I use "Public", then all other six users will be able to see my computer on network ?

Thanks

Read other answers
RELEVANCY SCORE 208.4

Hi all,

So I'm kind of stuck.. I currently have the problem where I am in an endless cycle of "loading files" -> "Windows Boot Manager" (see: How To Boot Into Safe Mode On Windows 8 (The Easy Way)).
I have tried to load all of the options -- and none successfully load.
I also end up at a OneKey Recovery as well.. unfortunately, the laptop does not have initial backup or user backup images.
I have a Windows 8 CD for repairing purposes.. however, I cannot load the BIOS/UEFI to change the boot order to load the optical drives first. I have also tried to remove the CMOS battery to fix it.. did not work. .
Also - Windows Boot Manager:
Windows Setup [EMS Enabled] -- does not load properly (leads to OneKey Recovery) Safe Mode (does not load properly) Safe Mode with Networking (does not load properly) Safe Mode with Command Prompt (doesn't load - tries to boot and load all files onto partition that is too small.. can't change partition?)
Enable Boot Logging Enable Low-Resolution Video Debugging MOde Disable automatic restart on system failure Disable Driver Signature Enforcement Display Early Launch Anti-Malware Driver
Start Windows Normally
Any ideas would be greatly appreciated! Thanks!

Read other answers
RELEVANCY SCORE 208.4

Hello guys, the last week I've been strugling with these nasty BSODs. At first I thought it was my HDDs as ntoskrn.exe somewhat hinted towards that from googling it. My HDDs have been causing a lot of trouble earlier as well due to their somewhat long years of service. However, I've recently reformated my computer and installed W7 on a brand new Corsair Force GT 120GB SSD hoping the BSODs would go away, they didn't.

I googled BSOD and I stumbled upon this forum and I thought I'd give it a try. I'm somewhat desperate, as I need my computer working for both work, school and amusement.

I've been trying to run Memtest in order to test my memory but without any results. I'm also currently running on only on 4GB chip instead of two, to see if the problem still exists. Also, without any results.

This is the second time I'm writing this thread btw, I was just about to post it and my PC crashed.

Here is my two logs + dxdiag (last crash didn't generate a log oddly enough).

Here is additional hardware/gear that I use:

Razer Megalodon 7.1 Headset
Razer Naga
Logitech G19
Logitech C920 (Webcam)
Corsair 750W PSU

My temperatures are also good. Both CPU and MB idles at around ~25. GPU's all good too. I'm also using a Corsair 650D chassi with dustfilters at both air-income so dust is minimal. On top off this, I use airpressure to clean away dust somewhat regularly and I also did exactly this 2 days ago when I reinstalled the pc.
... Read more

A:BSOD - "Memory management", "Bad pool header", "ntoskrnl.exe"

Are you over-clocking? Is the bios set to its defaults? Is the SSD set on a SATA 3 port in AHCI mode?
 

Read other 5 answers
RELEVANCY SCORE 208.4

Example sentence: vrytim I prss ths kys, nothing happns. Now I'm writing with my on-sreen keyboard. I'm clueless when it comes to computer stuff. How do I fix this? Is this a software problem, or a hardware problem?Help is much appreciated!

A:Kyboard deos not respond to the keys: "e", "d", "c" and "3"

My keyboard hath the thame problem with the thupid eth key. The blathted thing ith driving me nutth.

All theriousneth...er...seriousness aside, usually, that is a hardware problem. Can you find or borrow another keyboard and see if it will work correctly on your machine?

Read other 6 answers
RELEVANCY SCORE 207.2

Hi
I'm currently trying to finalise group policy settings for my Windows 8 students. All seems to be going well except, I cant for the life of me find out hide to hide 2 remaining items under "This PC", these being the "Access
Media" & "Add a Network Location" icons on the File ribbon (image below), can anyone help please.

A:Hide "Access Media" & "Add a Network Location" icons using Group Policy

Hi,
I think we can deploy script with set-acl powershell command to take ownership with Administrator of following keys, and set Deny permission on Users:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.AddMediaServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.AddNetworkLocation
SET-ACL on registry key
http://blogs.technet.com/b/brad_rutkowski/archive/2008/09/29/set-acl-on-registry-key.aspx
Image like this:

After doing this, my explorer appears like this: No these 2 options



Kate Li
TechNet Community Support

Read other 3 answers
RELEVANCY SCORE 207.2

PLEASE HELP. I have been struggling to remove this worm for over a week now. I have tried using the Smitfraudfix but it hasn't worked. Within a few hours the icons and pop-ups are back. Is there any fix for this albeit a complete re-format? I'm running an XP system and McAfee suite.

A:worm.Win32.netsky/privacy protector/error cleaner/spyware protenction icons & popups

Please follow MicroBell's 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 206.4

Hello,

I'm running Windows XP SP 3. I have fake "Security Center Alert" popups and "Security Center" popups. A program called "Malware Defense" has also seemed to installed itself onto my computer. And I've just noticed porn icons appearing on my desktop. It's also disabled my Avira software.

GMER doesn't seem to run. I've clicked on it a couple of times but it doesn't seem to do anything. The DDS logs are attached/follows.

Thanks in advance!

DDS (Ver_09-12-01.01) - NTFSx86
Run by zili at 23:28:31.96 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1022.493 [GMT 11:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WI... Read more

A:"Security Center Alert" popups, "Malware Defense" self install

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Read other 4 answers
RELEVANCY SCORE 206

When I go to insert a picture in a certain program the "picture services" window pops up. I go to choose the "icon size" for my photos and it will not remember the selection, "medium icons" for the size of my photos in the selection window. It always reverts back to "large icons". I can only see 2 pictures at a time with "large icons" instead of 8 with "medium icons". No matter which option I choose to view my pictures it always reverts back to "large icons". Does anyone know how to fix this?

A:clicking "insert picture" it always defaults back to "large icons"

"A certain program " is not much help, be more explicit.

Read other 2 answers
RELEVANCY SCORE 206

Does anybody know how I can change these icons?

I changed the default icon for the network one in HKEY_CLASSES_ROOT\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} but it didn't change.
Appreciate any help,

B

A:Changing "Computer" and "Network" icons in explorer navigation pane

Hello, and welcome to Seven Forums.

If you like, you could use the method in the tutorial below to change the icon of "Computer" and "Network" to what you like, and have it applied everywhere in Windows.

Desktop Icons - Change or Restore Default Icon

Read other 3 answers
RELEVANCY SCORE 206

I don't have a clue where to begin trying to fix this problem. Spybot doesn't seem to fix the problem. I keep getting random icons on my desktop and start menu called "online security guide" and "live saftey center". There are also many fake balloon warnings appearing and a window titled "Critical System Warning!" that wants me to download stuff. What process can I go through to clean my system. Any help would be great...thank you!

A:i need help - "online security guide" & "live safety center" icons!!

Please follow MicroBell's 5 Step process outlined here:

http://www.techsupportforum.com/secu...tml#post342651

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 206

Hello
Ive managed to change all the icons on my system to custom ones apart from devices and printers and recorded tv on the right of the start menu.(the ones that appear over your user picture when you hover over them) Ive searched everywhere for their location in the registry but cant find them anywhere.(spent 3 hrs today searching the reg for them)
Please does anyone know the keys for these 2 items.Ill be suprised if no-one on here has a list of them all somewhere

Thankyou

A:change start menu icons "devices and printers" and "recorded tv"

Hello Danny,

The default icon for Devices and Printers is located at the registry locations below. This will also change the icon in all other locatations as well. For example in the Control Panel.

HKEY_CLASSES_ROOT\CLSID\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\DefaultIcon

I have not found the Recorded TV one yet though.

Read other 1 answers
RELEVANCY SCORE 206

I am trying to rebuild by search index because my computer won't let me arrange items using the "Arrange By" option... However, when I try and load my indexing options to rebuild the index it will sit there and say "Waiting to receive indexing status". If I click the "Advanced" button it will freeze... I also receive an icon and loading display problem SEE PIC#1. Also when I click on "My Computer" it sometimes will sit there searching and it won't load. SEE PIC#2

I have tried the following:
1. Restarting the "Windows Search" service multiple times at different boots.
2. Deleting the files contained in the folder "C:\Windows\System32\config\TxR\". http://support.microsoft.com/kb/2484025
3. Stopping the "Windows Search" service then I opened up "regedit". I went to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSearch, SetupCompletedSuccessfully" I changed the value from a 0 to a 1. Then I rebooted my PC. I then went back to the same key and changed it back to a 0 and rebooted my PC again.
4. Turning the "indexing service" on and off from the "Turn Windows Features on or off" menu.
5. Microsoft Fixit Indexing Troubleshooter
6. Sfc /scannow
7. Tried this hotfix http://support.microsoft.com/kb/977380
8. Tried another user account and creating a new user account
9. Tried resetting folder view to "defaults" http://www.sevenforums.com/tutorials/15692-... Read more

A:"My Computer" won't load, Disappearing Icons, & "Arrange By" option won't work. Help?

Read other 13 answers
RELEVANCY SCORE 204.4

Hey guys, Ive run Adaware, Spybot, and Symantec in safemode. Adaware and Symantec successfully removed some entries but the problem still persists. Im getting constant popups including "netster", "heavy.com", "smashits", and others. Heres my log, and thank you in advance!

Logfile of HijackThis v1.99.1
Scan saved at 8:43:05 PM, on 7/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1... Read more

A:"Byte.Verify", "Downloader" virus, and endless popups

Also Backdoor.DSNX, Dropper.Agent.PP and Trojan.Dropper

Was looking around in the root C drive and found some interesting things there as well, but didnt want to do anything without advice first. Heres a "dir" listing

07/22/2006 04:38 PM 586,928 626_101newer.exe
09/25/2005 11:25 PM 219,412 adlog.txt
07/22/2006 08:44 PM 627 asdf.txt
07/26/2004 06:18 PM 0 AUTOEXEC.BAT
08/26/2005 07:53 PM 11,859,569 AVG7QT.DAT
07/26/2004 06:18 PM 0 CONFIG.SYS
07/26/2004 06:28 PM 10 csb.log
05/17/2006 10:47 PM 81 CTX.DAT
07/22/2006 04:37 PM 73,728 dfndred_7.exe
07/22/2006 04:38 PM 27,648 dist13.exe
07/26/2004 06:22 PM <DIR> Documents and Settings
06/30/2006 10:41 PM <DIR> Downloads
07/22/2006 08:44 PM 32,768 drsmartload.exe
07/22/2006 08:45 PM 20,480 drsmartload45a7d.exe
07/22/2006 08:45 PM 20,480 drsmartload46a7d.exe
07/22/2006 08:45 PM 20,480 drsmartload849a7d.exe
07/22/2006 08:45 PM 578,560 Installer3.exe
07/22/2006 08:45 PM 290,816 installerwnusnewer.exe
11/16/2004 05:11 PM <DIR> KPCMS
07/22/2006 04:37 PM 28,672 kybrded_7.exe
07/29/2004 02:16 PM <DIR> mj-comp-files
07/22/2006 08:45 PM 25,105 MTE3NDI6ODoxNg.exe
07/22/2006 08:44 PM 25,105 MTE3NDI... Read more

Read other 19 answers
RELEVANCY SCORE 203.6

hi,

OK, this is a weird one.

I wanted to move the "My Music", "My Pictures", "My Videos" folders to another HDD. I moved the "My Documents" Folder to this HDD without a problem but the others I accidentally set the whole HDD as the folder (if that makes sense). So now the music, videos and pictures folders are set to this HDD and dont have an actual folder to change the properties of. Therein lies my dilema.

If anyone can offer any advice on this curly issue it would be greatly appreciated.

Shane

A:Remaking "My Music", "My Pictures", "My Videos" folders

  
Quote: Originally Posted by Legume


hi,

OK, this is a weird one.

I wanted to move the "My Music", "My Pictures", "My Videos" folders to another HDD. I moved the "My Documents" Folder to this HDD without a problem but the others I accidentally set the whole HDD as the folder (if that makes sense). So now the music, videos and pictures folders are set to this HDD and dont have an actual folder to change the properties of. Therein lies my dilema.

If anyone can offer any advice on this curly issue it would be greatly appreciated.

Shane


You have a backup from before the problem started? a win 7 dvd to do a repair install?
ken

Read other 4 answers
RELEVANCY SCORE 203.6

Guys,

I am a little confused with regard to some of the mail options in Outlook Express. (I have version 6) What is the difference between the "Drafts" and "Outbox" folders?

Further how does the "Send Later" option work from the file menu? I always thought that "Send Later" was the same as using "Drafts" but what happend was that I was doing an e-mail, went to Drafts, or clicked on "Send Later" or Outbox and then after I clicked on "Send" doing a regular send, I checked my Sent folder and about 3 copies of the same message were delivered to the same person! (I only sent one message-not 3!)

What is the deal with the "Outbox" folder? Apparently that is not like the Drafts folder....correct?

What's the difference between doing a Save, Save As, and Send Later with regard to OE functions? If I want to save a message that isn't done yet, which of these 3 options should I use? (I.e, I want the message to go to the Drafts folder for example and stay there until I TELL OE to send it.) I think whatever I did above was that I modified my message and then click on where it just automatically sent next time I opened the message. A review of these features would be helpful!

Just for the record, I also use Yahoo Mail and find that so much easier!

Jack
 

A:Please Review OE "Send", "Drafts", and "Outbox" Options

Jack
To save an E-Mail to your Drafts folder for work on later then you use the File\Save option.
If you wish to save the E-Mail in another format such as .EML or .TXT or .HTM then you use the Save as function. You will also be required to specify a folder to save in or use its "My Documents" default.
Send later function if only one e-mail account exists will place the e-mail in the outbox and send it the next time you click on the send receive button. If you have multiple accounts then you can specify which account to send it from.

Dave
 

Read other 2 answers
RELEVANCY SCORE 203.6

I tried to associate the file extension .txt to a new editor program
with the well known cmdline programs ASSOC and FTYPE.

No, assigning them through WinExplorer menu does not work.
But this is another problem which should not discussed here.

When I type now one of the following alternative commands at the CommandPrompt then Win7 returns me something like:

assoc .txt=txtfile

"Access denied"
The following error occurs: .txt"

or

ftype txtfile=D:\notepad++\notepad++.exe "%%1"

"Access denied"
The following error occurs: txtfile"

Why?

The command above work fine under WinXP

Peter

A:"access denied" when using "assoc" and "ftype" from cmdline?

Question:

Did you run cmd.exe with administrative previlliges?
Elevated Command Prompt

Read other 3 answers
RELEVANCY SCORE 203.6

Ok, so basically, whenever I turn the computer on, 3 error messages appear:

- A virtual driver failed to inicialize DLL. Chose close to end the program. H:/Windows/system32/code/pRee.exe

- A virtual driver failed to inicialize DLL. Chose close to end the program. H:/Windows/system32/code/pRee1.exe

- Error loading H:/Archiv~/GBPLUG~/gbiehcef.dll. Couldn't find specific module.

(sorry if some terms are incorrect, my computer is in Spanish, to I tried to translate as best as possible)

Please help me solve this terrible problem, it is really getting me on my nerves! (oh, and if this helps, I've recently donwloaded this so called "Limewire acceleration", and whenever I ran the setup, it didn't work. I don't really remember the name of the website I downloaded it from, sorry...)

A:Can't Open "My Documents", "Trash" or other files in "My Computer"!?

Hi and Welcome to the forum

I am almost certain that you have malware problems. Most like caused by you doing file sharing/ P2P - Limewire.

Suggest that you go here and follow the directions:

http://www.techsupportforum.com/secu...oval-help.html

Please be advised that the malware people are very busy and it could take a couple days to assist you.

BG

Read other 1 answers
RELEVANCY SCORE 203.6

OK.....
As I said I am new.....
Hope this info is the way you need it.
MANY MANY THANKS IN ADVANCE FOR THE TIME & HELP !!!
Check out the following .....HHEELLLPPP


Logfile of HijackThis v1.98.2
Scan saved at 12:38:36 PM, on 11/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\Promon.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\interMute\AdSubtract\AdSub.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee.com\VSO\mcshield.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Frank M. Gazzo\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Micro... Read more

A:NEW THREAD / "xads", "xlime", "Context3.kanoodle"

hi

how to create a folder ?

right click anywhere in your desktop
click new,a tab opens ,click folder ,name it hjtantivirus .

download again hijackthis and install it in the new created folder .

your hjt is here now
C:\Documents and Settings\Frank M. Gazzo\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

it will not work properly if it stays there .

and don t create a new thread ,keep only one thread .this one ,now .

Read other 1 answers
RELEVANCY SCORE 203.6

Hi:

Looking for insight/advice re: KB3054476.

According to Infoworld, it was "Optional" in May, but I was not offered it then.
This week, it was offered as "Important" and "Recommended" (!), but only for one of my 2 Win7/64 boxes.

I have read the MS KB article, as well as THIS FORUM THREAD, the latter of which includes a report of a BSOD due to this particular update.

However, there isn't much out on the web about it.
And most of the discussion about it is overly technical for me.
And I am confused as to why it was previously offered as "Optional", but now is "Important" or "Recommended".

I don't *think* I "need" it (as I have no webcam on this box). And I don't like to tempt fate by fixing things that are not broken.

So, 3 questions:
Is it safe to install?
Is it really necessary/important?
Or would I be OK to hide it?
Thanks very much in advance!

A:KB3054476 offered as "Important"/"Recommended"/"Optional"

The status of updates changes with circumstances.
If an update isn't relevant, it won't be offered at all.
If however it's relevant but the related software is not apparently in use, it may be 'optional' - and gravitate to 'Recommended' or 'Important' if the related software is in use.
It can also be promoted through the hierarchy by MS depending on feedback through WU and error-trapped feedback.


If you have (and use) a webcam, then it's probably best to install the update.

Read other 4 answers
RELEVANCY SCORE 203.6

I have a 7200rpm hard drive that shows up as 3 separate partitions on my MacBook Pro desktop. They are "System Reserved", "Untitled 1" and "Untitled". When looking at them in the Disk Utility program, they show up as "System
Reserved",  "disk2s1" and "disk2s3". I can't seem to find a way to wipe the drive and just have 1 partition. I don't need to save anything on it so it can all be deleted and consolidated. Not sure if this helps but the previous
owner told me that he had accidentally erased another partition that prevented the hard drive from being reconsolidated. It also may have been a Windows boot drive. Any help in restoring this hard drive would be appreciated. Thank you.

Read other answers
RELEVANCY SCORE 203.6

I thought I was computer savvy until this problem came up. When I double click my computer, recycle bin, control panel, etc, the hourglass comes up for a few seconds, goes off, and nothing else. No error messages or anything, just nothing. I have viewed a few of the threads covering this and a common link was the hijack this result. I have posted that here, and really hope that someone can help me with this. I have run SpyBotSD and adaware, I have run mutiple virus scans, I did an SFC, and the final thing was to repair windows using the original disk, none of which has help. I am running Window XP w/SP2. Any other suggestions would be certainly appreciated. Hope to here from someone soon. MTCS, out.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TDSTEL~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusCl... Read more

A:I cannot open "my computer" "control panel" "recycle bin", etc...

You may want to reinstall the operating system.

Backupthe files that are importantto you before you reinstall.

The "New" installation will overwrite the current one

If you do not format your hard drive before the reinstall the installation should not harm your files (That's why I suggest backingup your files) and will speed up the installation process.
 

Read other 1 answers
RELEVANCY SCORE 203.2

First things first, thanks to all who can help.....





I need to programmatically make some adjustments to the Internet Explorer security settings. Most of these settings I have found but there are a few I have not been able to get a clear exact location for in the registry. I will be using a .BAT file to make
the adjustments on 100+ PCs.





Here is what I am looking for.....





Under the "Internet  Properties" found in control panel, under the "Privacy" tab there is an "Advanced" option button. When I click on it I get an "Advance Privacy Settings" options box. On it are several settings.
The first setting, "Override automatic cookie handling" needs to be checked in order to access the other options. I can do that by adjusting the DWord value of "PrivacyAdvanced" under the "Internet Settings" key in the registry,
"HKCU\Software\Microsoft\Windows\CurrentVersion\Internet settings", to be specific.





What I have not been able to find are the registry entries for the "First-party Cookies" "Accept, Block, or Prompt" options, the "Third-party Cookies" "Accept, Block, or Prompt" options, and the "Always allow
session cookies" check box. Please see picture below....















I have seen references to the following settings as being where those options exist, but nothing that explains ... Read more

Read other answers
RELEVANCY SCORE 202.8

Hiya

This is doing the rounds a lot. Seems to be causing no end of trouble for people with IIS.

http://www.kav.ch/avpve/worms/iis/bady.stm

Regards

eddie
 

A:I--Worm.Bady (aka "Code Red","CodeRed") Update

Found this also:

http://www.cert.org/advisories/CA-2001-19.html

Unix or NT:

http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

Regards

eddie
 

Read other 1 answers