YOU MAY WANT TO RUN COMBOFIX AS WELL, YOU WILL FIND IT AND INSTRUCTIONS ON THE MAJORGEEKS WEB SITE.
John....You have probably taken a "hit" to your disk. Here is what you need to do in sequence.
1. Run scandisk in "through" mode.
2. Download Ccleaner and run the registry cleaner (also the Application and Windows portions if you like). It's free.
3. Download Wise registry cleaner (also free) and run it but only delete the "green checked" boxes unless you really understand your registry.
4. Check and see if the above fixes the problems.
5. If not, one at a time, delete the "offending icon" and going to the application folder file, send a shortcut to the desktop for the .exe application. One at a time so you don't get confused. If not familiar with this simply right click on the application and follow look for "send to"....click and go from there.
6. If (and perhaps you should just do a couple initially and test them) this does not fix the problem then write down the value %thisdirname% and using regedit do a find (and find next) for this value. To run regedit type the name in the "run" box. BE VERY CAREFUL YOU DO NOT DELETE ANYTHING EXCEPT THE KEY (NOT JUST THE DATA) OR KEYS THAT HAVE THIS VALUE.
7. If that does not do it get back to me...there are other things to do.
8. FYI.....when you click on a icon....a hyperlink....all it does (as shown in properties) is execute whatever the file is there.
9. One last thing I did not mention....or ask...is what O/S are you using and does it have "restore" ability...as in ME and subsequent Windows versions. If so...you might also try this or a repair (O/S dependent). If you attempt the latter after the former has failed make sure you go back to a time frame immediately before the problem you encountered.
10. This somewhat general dialog applies to many Windows problems by the way...not all...with the exception of the regedit step.
11. If you have a problem a month and spend a couple hours each time (part of the user friendly learning since Macroshaft refuses to make a reliable O/S) I have written a generic step by step solution to "any" problem. I occassionally give it away free but more often charge $5.00 for it...(that way I know some really wants it and I am not wasting my time). It will keep you out of "repair shops" 99% of the time and addreses (which repair shops do not) software issues. Their modus operandi (as is much of the dialog you have apparently received) is format and reinstall...well, the repair shops do it as it can hours (days?) to track down a software issue (particularly when they are combinatorial) and few customers can afford the price. Those who have not been through the pain....and many that have who wish to avoid it...just do the format / reinstall thing. Being Norwegian I have this (ahem) stubborn streak and have wasted days "figgering out" what the problem really is / was.
Let me know if the above does not work....and if you do not do the following on the following schedule I suggest you do.
-Have an active anti-virus (I use Avast - it's free)
-Run Ccleaner at least weekly (and two other safe registry cleaners - can give you name - all are free)
-Benchmark yourself with HIjackthis...what is there / not what crap programs add.
-Run both Spybot search and destroy and Ad-aware weekly (or more often).
-Run scandisk weekly and once a month (overnite) in through mode).
-Defrag one monthly.
If you do all this you will defeat Macroshaft and purveyors of both non-quality software and malicious software. The defeat of MS is imperative....I'll explain. Since Win 3.1 (although Vista may have something) MS has never developed a real registry cleaner. Why not? It's simple....the registry is nothing more than a look up table. To clean it would reduce the time it takes to find something (response time). It's far better to create bloat ware and sell more operating system cuz' the dumb dumb user just thinks his machine is old and getting slower (an interesting concept but only valid to living organisms). FYI left unattended the registry can become huge...I have cleaned machines with 1/2 million entries....I run different operating systems but my Windows 98 machine has 67,000 entries and is as fast as XP on the identical dsl line....and xp has twice the memory and 8 times the cpu horsepower....kinda gives ya something to think about.
End of sermon....good luck. Let me know. Tango.
If you can right click on your icon you will discover it pops up a menu. Select properties and then modify the command to point to where the .exe, .bat, or .com (all executable files) are. An easy way to find them is to use Windows Explorer, go the application folder (typically under Program files), open it and find the (major) .exe file. You can also send a new icon to the desktop by right clicking and creating a shortcut.
Post back if this does not work with a precise description of what occured. If this fixes the problem I suggest you take the windows tour. It will save you a lot of time in the future. Tango.
You did not comment about higack this.....run it (scan mode) and paste it back to me. Also run Spybot search and destroy and let me know results....also what version of windows are you running...can you do either a restore to a known good time of system files or a repair.....(not a reinstall)? Tango.
You had (or have) at least one trojan. That could have been responsible for all problems, only one, or only be partially responsible and you could still have problems (only you can tell). In any event glad you found the one trojan and trust you either deleted or quarrantinned it. Back to your hijack this log....A) You are running a lot of memory resident stuff. B) Based on the fact that your are runnng wndows 2k as well I conclude you are also runnning on an older machine. C) I therefore conclude you machine is probably not very quick...(it's overloaded). D) I also have this fundamental belief that the more you load the greater the chance of conflict. I suggest you get rid of at least half of the stuff you autoload. That's all.....Tango.,
Suggest you do some homework on the specific trojan found and what happens long term when you execute that file (past tense). Being a packrat of tools, utilities and applications you use, even only once in a great while is fine. Every guy and a gal with even a minor geek bone in them does the same......but the difference is they know what they are and what they do. Having chastised you let me now explain. You have 7 web addresses in your log. Those lines are unnecessary. If they are important to you put a shortcut on your desktop for when you need to go there as opposed to keeping them memory resident. You are running simultaneously two antivirus packages.....I suggest you get rid of Norton and use only AVG. These take a lot of time to "check" "everything". And I could go on with recommendations but I think you need to spend some time (if you want a machine that performs at some reasonable standard) learning a bit more. The other "stuff" you have memory resident perhaps does not need to be? i.e. How often do you use skype, connect your ipod? etc.?
Another item to possibly address is going to add/remove programs and getting rid of everything you have not used in three months.
A summary....Despite being a packrat and running a ton of stuff memory resident you were unable to avoid a trojan. Why? Because an "essential" to safe computing, Spybot S&D, wasn't there. Are there other essentials....yes...will I serve them up carte blache.....no...but if you poke around CNet downloads, and DO YOUR HOMEWORK, or google for information you can find the basics. Have a good one....Tango
×
There are now several versions of the basic Futura software and AutoPunch available on the market. The most current is version 1.0.0.2. To determine what version of either software you have, you will find this information around the inside rim of the CD at approximately 4 o'clock. Before loading any of the Options into your computer, check the version and then follow the steps below. The following steps will update your software so that you will now have the latest 1.0.0.2 version of the basic program and all options.
To load base software 1.0.0.0 with AutoPunch 1.0.0.0 or base software 1.0.0.1 with Autopunch 1.0.0.1
To load base software 1.0.0.0 with AutoPunch 1.0.0.1 or base software 1.0.0.1 with Autopunch 1.0.0.0
To load base software 1.0.0.0 or 1.0.0.1 with Autopunch 1.0.0.2
To load base software 1.0.0.2 with Autopunch 1.0.0.0 or 1.0.0.1
To load base software 1.0.0.1 with Autopunch 1.0.0.1 with Hyperfont 1.0.0.2 or Photo Stitch 1.0.0.2
* Must open the program after installing each Option with CD in tray and type in Access Code before installing next Option.
To load base software 1.0.0.2 and adding all Options - Hyperfont 1.0.0.2, PhotoStitch 1.0.0.2, Autopunch 1.0.0.2 and Cross Stitch 1.0.0.1
* Must open the program after installing each Option with CD in tray and type in Access Code before installing next Option.
921 views
Usually answered in minutes!
Hi Tangoblue,
RT clicking the icon to go to Properties is how I find the path to open a program now by pasting it into RUN and it opens,
for instance the target for MSWORD is C:\Programfiles\MSOFFICE\OFFICE11\WINWORD.exe, having this in RUN will open the program but not from the icon, although it is in Properties target.
Clicking on Find Target will open the address window with all the files in OFFICE11 (204), WINWORD.exe is highlighted as the target for running the program, but on the left below the address where it should be saying "OFFICE11", it says
"%THISDIRNAME%" (no quotes). So this may be the problem. But how do you change that?
As a matter of fact every target I open for all the different programs have the right address but they all show
%THISDIRNAME% for the folder name, although it gives the right files for the selected program.
Comparing to my other computer that runs W2K also, icons do not change when I move the cursor over them, only when I click on them. Also in Properties and Find Target it gives me the right name of the folder that has all the right files for the program.
If we can find a way to give the folders the right names we'd probably have the answer...
Best Regards,
John Hilger
Hi Tango,
thank you so much for trying.Here is what's been happening:
The scandisk in MyComputer-Prop.-Tools-Check Now- will not work: Access Denied.So I used Start Run "scf /scannow", did not detect any problems. Ccleaner found 2767 problems, 619 safe to fix: two problems, "Remove Key" failed to fix, 1) RootHeader... and Root\Typelib....
In Registry Cleaner: 1127 junk.
Reboot, no option to restart in menu (used to be), shut down.
No changes...
Go to Windows Explorer, only way to get there through RUN "%SYSTEMROOT%\Explorer.exe", then rt clk on applic. file-no "send to" in dialogue, just Create Shortcut. Using that will only place another file in same folder (%THISDIRNAME%) but no icon on Desktop.
Ccleaner and WiseReg have put icons on my desktop but they will not open the program. Rt clk Prop. gives the right target etc, but folder name is still %THISDIRNAME%, only way I can start Ccleaner is to put the path "C:\ProgramFiles\Ccleaner\Ccleaner.exe" into RUN, then the program will open.
BTW, after downloading the program when it asks whether to run the program I got "Access Denied" with both programs. Had to download it to my thumb drive, open and run it from there.
So I can't put any shortcuts from my programs on the desktop.
Other info: OS W2k Pro ver 5.02195 SP4.
RT clk on MyComputer: Access Denied,
a few icons will start a program but they are the ones that have the Target greyed out in Prop. All others that have the Target in bold will not start when clicked on icon. To find "%THISDIRNAME% in the Registry was unsuccessful in both computers running the same OS. That was one of the first things I was looking for when the problem occured. One computer runs as it should, the other is problematic!
Other things I tried: Antivirus-Symantic Corp. Edition,(no problems) AVG (no problems) repaired IE6.
I will look for AVAST and give that a try too.
Thanks again for all your patience, hopefully success will be ours.
Kind Regards,
John Hilger
Hi Tango,
here is the HighjackThis log file.
Logfile of HijackThis v1.99.1
Scan saved at 21:35:26, on 08-02-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office\OFFICE11\winword.exe
C:\WINNT\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.waystowisdom.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Spamihilator] "C:\Program
Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
/minimized
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Guidescope.lnk = Guidescope\guide.exe
O8 - Extra context menu item: &Dictionary -
http://www.ezreference.com/_/ie-com-sp.h...
O8 - Extra context menu item: &Encyclopedia -
http://www.ezreference.com/_/ie-com-e-sp...
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
https://www-307.ibm.com/pc/support/IbmEg...
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www.ca.com/us/securityadvisor/vir...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/Mes...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-lo...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program
Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation -
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner -
C:\WINNT\SYSTEM32\LxrSII1s.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec
Corporation - C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\Program Files\Norton SystemWorks\Norton
Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINNT\system32\nvsvc32.exe
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. -
C:\WINNT\System32\pctspk.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINNT\system32\ZoneLabs\vsmon.exe
I ran Spybot and it found 1 problem
"Microsoft.Windows.File.exe" expanding that it gave me "Settings
HKEY_CLASSES_ROOT\exe\!=exefile"
Then a Warning: Problems in the include file "C:\ProgramFile\Spybot-Search_Destroy\Includes\Trojan.sbi"
See include error log for details.Click OK.That must have done some good, since I can open programs with clicking on the icons now.
Hi Tango,
Thank you so very much for being of assistance.The comp. runs better than it has in a long time. I think the major problem was in the registry entry "Microsoft.Windows.File.exe" expanding that it gave me "Settings
HKEY_CLASSES_ROOT\exe\!=exefile", after that got fixed all changed for the better. What exactly does that entry do? I don't know what happened to that trojan.sbi file, it did not say. Although Spybot seems to know about it and the have a patch to download. Only problem I still have is the "%THISDIRNAME% on my folders. I will take SirHanz's advice (thank you SirHanz) and run combofix.
I know I got a lot of junk on my comp. but I am a packrat!
How do I interpret the HighJackThis logfile and remedy the situation? It will never boot up as fast as my 3.11 system but I can strive for it! As usual, any help is greatly appreciated.
Best regards,
John Hilger
P.S. all my icons have gone back to their original symbols!!
Hello John, I hope we can help you here. First I am curious as to the problem at hand. You said "clicking on the icons will not open my programs", does your cursor recognize the icon, I.E. does it change as you move over the icon. If it doesnt let me know.
×