• Content Count

  • Joined

  • Last visited

About Takitoes

  • Rank
    Full Member
  1. Okay, sorry for the late reply some problems with internet access. I've complete all of those steps and my computer seems to be running perfectly. The online scanners found a few small bits of spyware, nothing related to the problems i was having before, i think. Thankyou both for your time, its really put my mind at ease. I can really recommend Best Techie to anyone that might be reading through this thread, they do a first class job of keeping your computer healthy! Thanks again!
  2. :D Thats seems to have done the trick. Thanks very much. Funny that such a simple soloution to a problem that has pestered me for weeks. I'm not sure if there were other things you wannted me to clean up Pete? Either way a big thankyou to both of you! I really do appriciate the time you guys gave Please let me know if there is something i can do in return? Thanks again, probably ill be back soon enough to BestTechie with more problems
  3. I remember from when i had XP that you could drag it over the start menu and it would open up, it wont do that in vista now, apparetly...i tried unchecking the box and then re-checking it, but i didnt restart, ill try that now and if it makes a difference ill let you know straight away. Right clicking brings up 3 options, "browse the internet", "internet options" and "remove from this list" , non of which seem currently relevant.
  4. Okay, stupid mistake on my behalf, i had a setting disabled that allows me to right click in the start menu. So now i can right click Deleting and adding shortcuts is not possible though, at least not for IE. I am quiet sure that this is it is a windows option that controls this shortcut, not one that is determined by me or the common programs i am using. I will give you a screenshot of the options menu i use to control this short cut. You should see the Internet Link box ticked there, thats what controls this shortcut. Normaly with any other program I can right click and choose "Pin to Start menu" and have that program appear in that box without having to scroll through the "All Programs" list, but this is not the case for IE. Restarting in safe mode made no difference and for some reason apparently I dont have access to C:/Documents and Settings ??? but if i explore the start menu i can only find the shortcut in the "All programs" list which works fine anyway. Confusing...
  5. Unfortunatly I can't do either of those. Any other ideas?
  6. I've thought of this, the problem is that i cant right click this icon, im sorry im not sure if quick launch is the correct name for this icon? The shortcut is controled by the "Taskbar and Start Menu Properties" option menu. I can't replace it with one of the good shortcuts, at least i dont know any way of doing it. I've attached a screenshot with the shortcut im talking about highlighted with my mouse.
  7. Okay, thats made it a little clearer, thankyou. Here is the txt copy of the file you were asking for: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}] @="Internet" "LocalizedString"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\ 6f,00,6f,00,74,00,25,00,5c,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,\ 00,2e,00,65,00,78,00,65,00,2c,00,2d,00,37,00,30,00,32,00,34,00,00,00 "InfoTip"="@explorer.exe,-7004" [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,65,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\ 65,00,2c,00,2d,00,32,00,35,00,33,00,00,00 [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InProcServer32] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\ 64,00,6f,00,63,00,76,00,77,00,2e,00,64,00,6c,00,6c,00,00,00 "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance] "CLSID"="{25585dc7-4da0-438d-ad04-e42c8d2d64b9}" [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\Instance\InitPropertyBag] "Element"="{3c81e7fa-1f3b-464a-a350-114a25beb2a2}" "InitString"="StartMenuInternet" "opentext"="@shell32.dll,-12705" "properties"="C:\\Windows\\system32\\inetcpl.cpl" "propertiestext"="@shell32.dll,-12704" [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex] [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers] [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\ContextMenuHandlers\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}] [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\IconHandler] @="{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\shellex\MayChangeDefaultMenu] [HKEY_CLASSES_ROOT\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\ShellFolder] "Attributes"=dword:00000000 If you look a the first few posts of the this thread you will see one of the BT staff already showed me the Add-on Manager. I have played around with it, enabeling and disabeling the different add ons, to no effect. The strange thing is, regarless if i run with or without add-ons, only the internet explorer in the quick launch area when i first click the start menu seems to have the problem. I have also tried the reset Internet Explorer tool you talk about, again to no effect. I will try it again and post seperatly if it makes a difference. I always update Norton before a scan so there are no updates that i missed with that last scan, the same for the Ad-Aware. I have used both Opera and Firefox in the past, and i personaly preffer Internet Explorer. Maybe the best thing to do would just be to remove the Internet Explorer shortcut from the quick launch area of the start menu and use the desktop shortcut ? Anyway, i wil await your reply. Again my big thanks for your continued help.
  8. Okay, I completed Norton and Ad-aware Scan's, restarted in safe mode and completed the smitfraud fix and HijackThis scan. Unfortunatly this dosnt seem to have changed th problem. Here are the logs anyway SmitFraud ----- SmitFraudFix v2.274 Scan done at 23:13:27,71, 2008-01-21 Run from C:\Users\User\Desktop\SmitfraudFix OS: Microsoft Windows [Version 6.0.6000] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts localhost ::1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CS2\Services\Tcpip\..\{329252E1-54D8-41A8-BCDB-E56B10A8468D}: NameServer= »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End HijackThis-------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:16:29, on 2008-01-21 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Safe mode Running processes: C:\Windows\explorer.exe C:\Users\User\HJT\HJTInstall.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -auto O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O17 - HKLM\System\CS2\Services\Tcpip\..\{329252E1-54D8-41A8-BCDB-E56B10A8468D}: NameServer = O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: SessionLauncher - Unknown owner - C:\Users\User\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6924 bytes I also tried one of the first things you mentioned I found the the Showinfo Tip and changed the value data to 0, again to no avail should i change it back to 1? i have the backups you recommended aswell. I also couldnt find the "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" in this section? maybe im not looking in the write spot? I really have only a small understanding about what all this is, so probably it something im doing? I will wait and see what you have to say about what i have completed so far before i continue on with you other suggestions. Again thankyou for your time and effort [edit] PS i noticed the Java in my HJT log was still outdated i addressed that: O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll from the scan i just completed.
  9. Okay, first thing: I think the shortcut on my desktop was there from the start, probably from vista was installed onto the computer, although im not sure. The link in my start menu is automatically created because i have set it as my browser in the start menu and taskbar properties options. It appears as one of the quick launch items in the list when i first click the start button (ie not listed under the "all programs" list). Answering a few of Pete's questions. The problem only started after the malware had been removed. The webpage that you mentioned is the default when i purchased the laptop. It is a site asking for registration of the NEC product and then a thankyou for registering, my current hompage is just a blank page. I don't speficicaly remember installing something called BEEFC, but if it was run through Install shield Setup like most other install files i can probably say i knew what it was at the time. I still have the temp.000 at that location, I will complete another virus scan with norton and spyware with adaware and see if they pick it up. The C:\temp has 2 small notepad files in it to do with GPGnet (Gas Powered Games Net) the online multiplayer program for Supreme Commander that i have on my computer. E:\ Is my DVD RW optical drive. I have also just updated my Java as per your advice Just going to finish these scans and I will post the new log reports. I also had a look through the Event logs, i couldnt find anything to do with the problem, but there is a big possibility i missed something, i have never used Event Viewer before and i have no idea how to use it properly. Think thats it for now new post with the logs soon BTW thanks for all the help
  10. Okay, another wierd thing. I have just discovered that if i run IE from my desktop via a shortcut then i dont get the error message. I tried to make a new shortcut on the start menu list where i would normaly open IE from but that dosnt work. Make my problem any easier?
  11. Weird....There are only 2 add-ons listed as Enabled under "Add-ons Currently Loaded in IE" Adobe PDF reader and Sun Java console. I disabled both and restarted IE and i still get the error message. There is an add on listed there "IE Anti-Spyware" that i believe is assosiated with the Malware i removed, 2 programs called IE Saftey Features and IE custom tools, i remember one of the things they did was to open a pop-up about spyware removal tools. Anyway the add-on is said to be Disabled. I tried making it Enabled to see what would happen, but i still get the same error.
  12. Hello After having some problems with malware, which i resolved with help from a best techie malware removal staff member, i am left with a strange error message when i start up Internet Explorer. Specifically: "Cannot find '::{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}'. Make sure the path or internet address is correct." After i click "Ok" Internet Explorer starts up as normal and seems to work fine. Not a particuarly bad problem, nonetheless one i would like to fix if possible. I thought prahaps the best thing to do would be to un-install and re-install IE 7 and hope that worked, but since i am running Vista it seems this is impossible? Another interesting thing is that if i start IE with the Right-Click function "Start without Add-ons" I don't get the message. This is the link to the post i created in the Malware Removal section to deal with the problems that started all this: http://www.besttechie.net/forums/index.php...mp;#entry106645 Any help is greatly appriciated! Thankyou
  13. Okay, I will have a look more on the net and see if there is more help around, im sure there is an answer out there somewhere! Thanks heaps for your time and help! Very simple and easy to follow, but also effective advice! Greatly appresiate your time
  14. Hi, i did as you asked and checked through the files looking for things to do with Internet explorer, errors or failures and the bunch of numbers. I found 2 ections of the txt both that related to Internet Explorer, there was nothing else i could find that seemed relevant to my problems. The txt file i created should be attached Thanks sfcscannow_selections.txt
  15. ahhh, okay i looked up some other help on the net and got a bit off advice for opening that file, so after i restarted in safe mode i was able to view the file and copy the contents into another file i created for view later. Its an extremly long file so maybe there is just a portion that you want to see? or some way i can get it to you? not sure what the best action is?