Good morning,
I would be very grateful if someone has the time to help me with this problem. I will try and describe it as best I can here.
O/S:Windows XP SP2
MB: Gigabyte K8 Triton GA-K8NF-9
Memory: 2G
GFX: Radeon 850xt
Antivirus: Nod32
Firewall: Zone Alarm
spyware: Adaware
I returned to the desktop from an online game I play regulary to see the ad watch box displaying a warning with the option block or allow. Not having seen this on this PC before and having Adwatch installed for some time I blocked the request suspecting it malicious.
This prompt occured several times. I then noticed ALL of the icons on the desktop not showing their normal display but white. The link to the applications is now missing and I cant access much.
I have tried to download regedit programmes but the wont launch, I cant open reg edit / add remove etc etc very few programmes are working.
I visited http://www.kellys-korner-xp.com/xp_tweaks.htm and downloaded the left and right column of number 12 using firefox as internet explorer wont launch. However I cant get those files to run.
I had left my team speak on to see if a few freinds would know but after running Nod32 antivirus the system restarted and now i cant launch Teamspeak again.
Short of reformatting and losing info is there a way to get around this?
In anticipation thanks very much.
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues
Hi
Yes this can be fixed, it is a little involved but this process will resolve the shortcut issue. Are you using Ad-Aware SE or Ad-Aware 2007?
First download the appropriate registry file fixes from Doug Knox's web site at
http://www.dougknox.com/xp/file_assoc.htm
Download these and unzip them into a folder.
COM File Association Fix (Restore the default associations for COM files)
EXE File Association Fix (Restore default association for EXE files)
LNK (Shortcut) File Association Fix (Restores Default Shortcut Behavior)
Next if you are using Ad-Aware SE start Ad-watch, right click on the icon in the system tray, and select Ad-watch settings. Make sure the selection has a red cross against Automatic. If it is a green tick click on it to deselect automatic. If you are using Ad-Aware 2007 please post back.
The hardest part is to restore the exe association. Follow the instructions at the top of Doug Knox's web site on how to start Regedit from within Task Manager. Follow these instructions exactly and Regedit should start.
QUOTE
NOTE: If your EXE file associations are corrupted, it can be difficult to open REGEDIT, or to even import REG files. To work around this, press CTRL-ALT-DEL and open Task Manager. Once there, click File, then hold down the CTRL key and click New Task (Run). This will open a Command Prompt window. Enter REGEDIT.EXE and press Enter.
Now inport the reg files you downloaded above in turn. In regedit select file then select import and browse to each reg file in turn. If prompted to confirm merge select yes to accept. Ad-watch will pop an alert for each merge as well. Ensure you accept the changes in ad-watch.
Once all the reg files have been merged the file associations should now work OK.
QUOTE(Ad Astra @ Oct 14 2007, 09:34 AM) 
Hi
Yes this can be fixed, it is a little involved but this process will resolve the shortcut issue. Are you using Ad-Aware SE or Ad-Aware 2007?
First download the appropriate registry file fixes from Doug Knox's web site at
http://www.dougknox.com/xp/file_assoc.htm
Download these and unzip them into a folder.
COM File Association Fix (Restore the default associations for COM files)
EXE File Association Fix (Restore default association for EXE files)
LNK (Shortcut) File Association Fix (Restores Default Shortcut Behavior)
Next if you are using Ad-Aware SE start Ad-watch, right click on the icon in the system tray, and select Ad-watch settings. Make sure the selection has a red cross against Automatic. If it is a green tick click on it to deselect automatic. If you are using Ad-Aware 2007 please post back.
The hardest part is to restore the exe association. Follow the instructions at the top of Doug Knox's web site on how to start Regedit from within Task Manager. Follow these instructions exactly and Regedit should start.
Now inport the reg files you downloaded above in turn. In regedit select file then select import and browse to each reg file in turn. If prompted to confirm merge select yes to accept. Ad-watch will pop an alert for each merge as well. Ensure you accept the changes in ad-watch.
Once all the reg files have been merged the file associations should now work OK.
Yes this can be fixed, it is a little involved but this process will resolve the shortcut issue. Are you using Ad-Aware SE or Ad-Aware 2007?
First download the appropriate registry file fixes from Doug Knox's web site at
http://www.dougknox.com/xp/file_assoc.htm
Download these and unzip them into a folder.
COM File Association Fix (Restore the default associations for COM files)
EXE File Association Fix (Restore default association for EXE files)
LNK (Shortcut) File Association Fix (Restores Default Shortcut Behavior)
Next if you are using Ad-Aware SE start Ad-watch, right click on the icon in the system tray, and select Ad-watch settings. Make sure the selection has a red cross against Automatic. If it is a green tick click on it to deselect automatic. If you are using Ad-Aware 2007 please post back.
The hardest part is to restore the exe association. Follow the instructions at the top of Doug Knox's web site on how to start Regedit from within Task Manager. Follow these instructions exactly and Regedit should start.
Now inport the reg files you downloaded above in turn. In regedit select file then select import and browse to each reg file in turn. If prompted to confirm merge select yes to accept. Ad-watch will pop an alert for each merge as well. Ensure you accept the changes in ad-watch.
Once all the reg files have been merged the file associations should now work OK.
Mate ( If I can call you that ) you are nothing short of a genius, I would like to give a heart felt thanks. You have saved me alot of time and effort re formatting.
It didn't work initially but I retried, most applications I have tested work. The only difference is the short cut images are all still white and not of their origin colours / format/
Will this fix on reboot or is there a further process I will have to take?
Oh, adaware professional Se is the version not installed 2007 yet. Do you know why this happened in the first place? Is it a worm? or should I allways say yest to edits that ad watch throws up ?
Hi
Difficult to say what caused the initial probelm with the file extensions. Certainly malicious malware do this to make it harder to remove them. Also there seems to be a rare sequence of events that involve ad-watch SE resulting in these file extensions getting corrupted. I haven't heard of this occuring in Ad-Aware 2007. Certainly worth running a scan with your Anti-virus to double check.
For the icon issue try the follwoing to see if it will restore them.
Download TweakUI from Microsoft.
http://www.microsoft.com/windowsxp/downloa...ppowertoys.mspx
On the right-hand side scroll down to TweakUI.exe. Download and install this tool.
Then run TweakUI. This program allows you to set various system settings not easily set via control panel etc. The one we want is repair on the left-hand menu. Select this then on the right-hand side use the drop-down menu to ensure "Rebuild Icons" is selected then press the "Repair Now" button. This will rebuild the icon cache and hopefully restore your icons to normal view.
Difficult to say what caused the initial probelm with the file extensions. Certainly malicious malware do this to make it harder to remove them. Also there seems to be a rare sequence of events that involve ad-watch SE resulting in these file extensions getting corrupted. I haven't heard of this occuring in Ad-Aware 2007. Certainly worth running a scan with your Anti-virus to double check.
For the icon issue try the follwoing to see if it will restore them.
Download TweakUI from Microsoft.
http://www.microsoft.com/windowsxp/downloa...ppowertoys.mspx
On the right-hand side scroll down to TweakUI.exe. Download and install this tool.
Then run TweakUI. This program allows you to set various system settings not easily set via control panel etc. The one we want is repair on the left-hand menu. Select this then on the right-hand side use the drop-down menu to ensure "Rebuild Icons" is selected then press the "Repair Now" button. This will rebuild the icon cache and hopefully restore your icons to normal view.
QUOTE(Ad Astra @ Oct 14 2007, 10:59 AM)
Hi
Difficult to say what caused the initial probelm with the file extensions. Certainly malicious malware do this to make it harder to remove them. Also there seems to be a rare sequence of events that involve ad-watch SE resulting in these file extensions getting corrupted. I haven't heard of this occuring in Ad-Aware 2007. Certainly worth running a scan with your Anti-virus to double check.
For the icon issue try the follwoing to see if it will restore them.
Download TweakUI from Microsoft.
http://www.microsoft.com/windowsxp/downloa...ppowertoys.mspx
On the right-hand side scroll down to TweakUI.exe. Download and install this tool.
Then run TweakUI. This program allows you to set various system settings not easily set via control panel etc. The one we want is repair on the left-hand menu. Select this then on the right-hand side use the drop-down menu to ensure "Rebuild Icons" is selected then press the "Repair Now" button. This will rebuild the icon cache and hopefully restore your icons to normal view.
Difficult to say what caused the initial probelm with the file extensions. Certainly malicious malware do this to make it harder to remove them. Also there seems to be a rare sequence of events that involve ad-watch SE resulting in these file extensions getting corrupted. I haven't heard of this occuring in Ad-Aware 2007. Certainly worth running a scan with your Anti-virus to double check.
For the icon issue try the follwoing to see if it will restore them.
Download TweakUI from Microsoft.
http://www.microsoft.com/windowsxp/downloa...ppowertoys.mspx
On the right-hand side scroll down to TweakUI.exe. Download and install this tool.
Then run TweakUI. This program allows you to set various system settings not easily set via control panel etc. The one we want is repair on the left-hand menu. Select this then on the right-hand side use the drop-down menu to ensure "Rebuild Icons" is selected then press the "Repair Now" button. This will rebuild the icon cache and hopefully restore your icons to normal view.
Absolutely fabulous, again my sincere thanks - works fine.
Thanks Astra
QUOTE(baroneq @ Oct 14 2007, 02:23 PM)
Absolutely fabulous, again my sincere thanks - works fine.
Thanks Astra
Thanks Astra
Hi,
Ive not noticed this bit before until i have rebooted the PC, so ive rebooted several times and it occurs each time.
When starting the PC just before the windows screen kicks in I am prompted with a box, the box containts this [] [] with the only option of hitting yes, I do this and the windows starts? Do you know what this is ? I have also installed Ad aware 2007. this happens before and after doing this
Hi
Could you post a HijackThis log so we can see what is starting at boot time.
Download TrendMicro™ HijackThis™ from this web site e.g. zip format.
http://www.trendsecure.com/portal/en-US/to...ools/hijackthis
Unzip and run HijackThis.exe. Select the option "Do a system scan and save a log"
When the scan completes the log file will open in Notepad. Cut and paste the contents and we can check to see what is running at boot time.
Could you post a HijackThis log so we can see what is starting at boot time.
Download TrendMicro™ HijackThis™ from this web site e.g. zip format.
http://www.trendsecure.com/portal/en-US/to...ools/hijackthis
Unzip and run HijackThis.exe. Select the option "Do a system scan and save a log"
When the scan completes the log file will open in Notepad. Cut and paste the contents and we can check to see what is running at boot time.
Sorry for the delay long hours at work. Here is the log file - thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:34, on 17/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\James\Desktop\Firefox1\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://www.windowsecurity.com/trojanscan/axscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6300 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:34, on 17/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\James\Desktop\Firefox1\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://www.windowsecurity.com/trojanscan/axscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6300 bytes
Hi
Apologies for the late reply. The HijackThis log looks OK.
Some things we can try to see if we can isolate the item causing the odd message window.
1) Try a full scan with Ad-Aware. Does this find any items? The file extensions we corrected: .com .exe and .lnk are the usual ones that get corrupted. If you scan with Ad-Aware it will pick up any others that may have also got corrupted. If a scan finds any of these try allowing Ad-Aware to fix them.
2) If you do not click on yes will Windows still boot or does it pause waiting for you to click yes? If it boots and leaves the message window open can you post a fresh HijackThis log with the window still open?
3) Do you have a SoundBlaster card installed or use any CD-ROM tools from Creative? If so do you have the latest version of the driver installed?
4) If the above do not help we would need to turn of each start item one at a time to find which one was causing the problem. A neat tool to do this with is Autoruns.
Download Autoruns from
http://www.microsoft.com/technet/sysintern...s/AutoRuns.mspx
Simply unzip and then run autoruns.exe to start the GUI version. First time this runs your firewall may alert that autoruns is trying to connect to the Internet, accept this so that autoruns can get the latest trusted certificate information. Try scanning with Hide Signed Microsoft Entries selected (check the entry under the options tab). This will reduce the number of items. Then select the logon tab. Unchecking and checking the check box will disable and reenable an item. Pick one at a time and ignore those that are related to your Antivirus and other security tools. Maybe you have some item that you nolonger use and is still running at startup so these would be good to disable initially.
By simply unchecking the box autoruns allows you to reenable an item later by rechecking the box so this is a good tool to do some detective work on the items running at startup.
Apologies for the late reply. The HijackThis log looks OK.
Some things we can try to see if we can isolate the item causing the odd message window.
1) Try a full scan with Ad-Aware. Does this find any items? The file extensions we corrected: .com .exe and .lnk are the usual ones that get corrupted. If you scan with Ad-Aware it will pick up any others that may have also got corrupted. If a scan finds any of these try allowing Ad-Aware to fix them.
2) If you do not click on yes will Windows still boot or does it pause waiting for you to click yes? If it boots and leaves the message window open can you post a fresh HijackThis log with the window still open?
3) Do you have a SoundBlaster card installed or use any CD-ROM tools from Creative? If so do you have the latest version of the driver installed?
4) If the above do not help we would need to turn of each start item one at a time to find which one was causing the problem. A neat tool to do this with is Autoruns.
Download Autoruns from
http://www.microsoft.com/technet/sysintern...s/AutoRuns.mspx
Simply unzip and then run autoruns.exe to start the GUI version. First time this runs your firewall may alert that autoruns is trying to connect to the Internet, accept this so that autoruns can get the latest trusted certificate information. Try scanning with Hide Signed Microsoft Entries selected (check the entry under the options tab). This will reduce the number of items. Then select the logon tab. Unchecking and checking the check box will disable and reenable an item. Pick one at a time and ignore those that are related to your Antivirus and other security tools. Maybe you have some item that you nolonger use and is still running at startup so these would be good to disable initially.
By simply unchecking the box autoruns allows you to reenable an item later by rechecking the box so this is a good tool to do some detective work on the items running at startup.
QUOTE(Ad Astra @ Oct 21 2007, 04:34 PM)
Hi
Apologies for the late reply. The HijackThis log looks OK.
Some things we can try to see if we can isolate the item causing the odd message window.
1) Try a full scan with Ad-Aware. Does this find any items? The file extensions we corrected: .com .exe and .lnk are the usual ones that get corrupted. If you scan with Ad-Aware it will pick up any others that may have also got corrupted. If a scan finds any of these try allowing Ad-Aware to fix them.
2) If you do not click on yes will Windows still boot or does it pause waiting for you to click yes? If it boots and leaves the message window open can you post a fresh HijackThis log with the window still open?
3) Do you have a SoundBlaster card installed or use any CD-ROM tools from Creative? If so do you have the latest version of the driver installed?
4) If the above do not help we would need to turn of each start item one at a time to find which one was causing the problem. A neat tool to do this with is Autoruns.
Download Autoruns from
http://www.microsoft.com/technet/sysintern...s/AutoRuns.mspx
Simply unzip and then run autoruns.exe to start the GUI version. First time this runs your firewall may alert that autoruns is trying to connect to the Internet, accept this so that autoruns can get the latest trusted certificate information. Try scanning with Hide Signed Microsoft Entries selected (check the entry under the options tab). This will reduce the number of items. Then select the logon tab. Unchecking and checking the check box will disable and reenable an item. Pick one at a time and ignore those that are related to your Antivirus and other security tools. Maybe you have some item that you nolonger use and is still running at startup so these would be good to disable initially.
By simply unchecking the box autoruns allows you to reenable an item later by rechecking the box so this is a good tool to do some detective work on the items running at startup.
Apologies for the late reply. The HijackThis log looks OK.
Some things we can try to see if we can isolate the item causing the odd message window.
1) Try a full scan with Ad-Aware. Does this find any items? The file extensions we corrected: .com .exe and .lnk are the usual ones that get corrupted. If you scan with Ad-Aware it will pick up any others that may have also got corrupted. If a scan finds any of these try allowing Ad-Aware to fix them.
2) If you do not click on yes will Windows still boot or does it pause waiting for you to click yes? If it boots and leaves the message window open can you post a fresh HijackThis log with the window still open?
3) Do you have a SoundBlaster card installed or use any CD-ROM tools from Creative? If so do you have the latest version of the driver installed?
4) If the above do not help we would need to turn of each start item one at a time to find which one was causing the problem. A neat tool to do this with is Autoruns.
Download Autoruns from
http://www.microsoft.com/technet/sysintern...s/AutoRuns.mspx
Simply unzip and then run autoruns.exe to start the GUI version. First time this runs your firewall may alert that autoruns is trying to connect to the Internet, accept this so that autoruns can get the latest trusted certificate information. Try scanning with Hide Signed Microsoft Entries selected (check the entry under the options tab). This will reduce the number of items. Then select the logon tab. Unchecking and checking the check box will disable and reenable an item. Pick one at a time and ignore those that are related to your Antivirus and other security tools. Maybe you have some item that you nolonger use and is still running at startup so these would be good to disable initially.
By simply unchecking the box autoruns allows you to reenable an item later by rechecking the box so this is a good tool to do some detective work on the items running at startup.
Some things we can try to see if we can isolate the item causing the odd message window.
1) Try a full scan with Ad-Aware. Does this find any items? The file extensions we corrected: .com .exe and .lnk are the usual ones that get corrupted. If you scan with Ad-Aware it will pick up any others that may have also got corrupted. If a scan finds any of these try allowing Ad-Aware to fix them.
Completed full scan and allowed Ad-Aware to fix / delete as prompted
2) If you do not click on yes will Windows still boot or does it pause waiting for you to click yes? If it boots and leaves the message window open can you post a fresh HijackThis log with the window still open?
It pauses waiting for me to click, yes with a different arrangement of messages each time that it will not allow me to take a screen shot og e.g. [] [][] ~[][ and so on
3) Do you have a SoundBlaster card installed or use any CD-ROM tools from Creative? If so do you have the latest version of the driver installed?
I have a sound blaster live soundcard. I have just this evening removed old driver and installed Live driver uni-pack and rebooted twice, the prompt still occurs
4) If the above do not help we would need to turn of each start item one at a time to find which one was causing the problem. A neat tool to do this with is Autoruns.
Download Autoruns from
Ill give this a go and let you know how I get on. Thanks for the reply
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.