Wednesday, April 30, 2008

How to copy data from a corrupted user profile to a new profile?

This article is taken from Help and Support of Microsoft.com
 
When you copy user data into a new profile, the new profile becomes a near duplicate of the old profile, and contains the same preferences, appearance, and documents as the old profile. If your old profile is corrupted in some way, you can move the files and settings from the corrupt profile to a new profile.

Note The method that is described in this article may not transfer the Outlook Express e-mail messages and address user data that are associated with the user profile where you are transferring data from. When you delete the old profile, you may delete that data if it you do not first transfer it by using other methods. For more information about transferring Outlook Express user data, click the following article number to view the article in the Microsoft Knowledge Base:
 

Create a New User Profile in Windows XP Professional

1. Log on as the Administrator or as a user with administrator credentials.
2. Click Start, and then click Control Panel.
3. Click User Accounts.
4. Click the Advanced tab, and then click Advanced.
5. In the left pane, click the Users folder.
6. On the Action menu, click New User.
7. Enter the appropriate user information, and then click Create.

 

Create a New User Profile in Windows XP Home Edition

1. Log on as the Administrator or as a user with administrator credentials.
2. Click Start, and then click Control Panel.
3. Click User Accounts.
4. Under Pick a task, click Create a new account.
5. Type a name for the user information, and then click Next.
6. Click an account type, and then click Create Account.

 

Copy Files to the New User Profile

1. Log on as a user other than the user whose profile you are copying files to or from.
2. In Windows Explorer, click Tools, click Folder Options, click the View tab, click Show hidden files and folders, click to clear the Hide protected operating system files check box, and then click OK.
3. Locate the C:\Documents and Settings\Old_Username folder, where C is the drive on which Windows XP is installed, andOld_Username is the name of the profile you want to copy user data from.
4. Press and hold down the CTRL key while you click each file and subfolder in this folder, except the following files:
Ntuser.dat
Ntuser.dat.log
Ntuser.ini
5. On the Edit menu, click Copy.
6. Locate the C:\Documents and Settings\New_Username folder, where C is the drive on which Windows XP is installed, andNew_Username is the name of the user profile that you created in the "Create a New User Profile" section.
7. On the Edit menu, click Paste.
8. Log off the computer, and then log on as the new user.

Note You must import your e-mail messages and addresses to the new user profile before you delete the old profile. For more information, click the following article number to view the article in the Microsoft Knowledge Base.

Friday, April 25, 2008

UBUNTU RELEASES HARDY HERON

April 2008 signals the release of Ubuntu 8.04, or Hardy Heron, and follows the Feisty Fawn and Gutsy Gibbon releases of 2007 with the intention of making Linux desktop friendly. People new to Linux can use Hardy to install Ubuntu directly from a Windows desktop using Wubi. This release will bring Linux a lot closer to challenging Windows and Mac OS X on the desktop.

Thursday, April 24, 2008

Is your MP3 Player or pen drive displaying 'file system error'?

It's likely that your portable MP3 player might be infected by viruses or something undesirable leading you to woes. And you might have formatted the MP3/MP4 player to remove those common hassels.

Hey, wait did you notice your MP3 player display file system error on its 3" TFT? You're a single minor mistake might have caused this. File System Error is displayed when incorrect file format is chosen while formatting the disk. If the disk is larger than 2GB, it's better to format in FAT32 File System and NTFS, is your choice.

Since most of the MP3 players or pen drives are around or less than 2GB, so format them using FAT file system. And you better convert your music from WMP if you like!

Read how to upgrade the MP3 player firmware from the geeklog!

Updates with Tech Industries: It's a business for Microsoft, Intel and AMD again!

Microsoft's Windows XP SP3 ready for a Hit

Finally, the software giant Microsoft is with a wrapper. End Users will be able to download the Service Pack, SP3 of XP starting next week. However, users will have to select the optional download in Windows Update or download a much larger-sized standalone installer from the Microsoft site. Chris Keroack has details at the Microsoft's Website. It's your turn to upgrade to XP SP3 Now!

Price of Chips lowered by Intel, Heavy pressure for AMD

Intel recently announced the cut in price of about a dozen processors.  Most of the processors under the reduced price include those built on 65 nanometer (nm) technology, which is being phased out in favor of its new 45nm chips. This is sure going to put heavy pressure on AMD. Hope this is going to relief all customers.

AMD LAUNCHES NEW LOW-POWER, DUAL-CORE ATHLONS

AMD has released two more 45W energy-efficient Athlon desktop processors - the Athlon X2 4450e and the Athlon X2 4050e. Both chips are dual-core processors designed to reduce power consumption and offer greater performance per watt. The release comes on the heels of AMD's early March announcement that the company was shipping the 45W, X2 4850E chip. The two new processors unveiled are designed for power users who run multiple processor-intensive applications at the same time, AMD said.

Friday, April 18, 2008

Create and Publish your own registry hacks

Want to deal with registry files. It's easy, Creating and Publishing your own registry files/hacks is as simple as abc. Here comes a little but sufficient guides. Create hacks from syntax given below and save the file with extension .reg, don't forget to put disclaimer or other safe points while publishing.

The syntax of the .reg file

Registry Editor Version
                          // a blank line
[RegistryPath1]
"DataItemName1"="DataType1:DataValue1"
"DataItemName2"="DataType2:DataValue2"
                          // a blank line
[RegistryPath2]
"DataItemName3"="DataType3:DataValue3"

Example:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Control Panel\Desktop]
"AutoEndTasks"="1"
"DragWidth"="4"
"FontSmoothing"="2"
"FontSmoothingOrientation"=dword:00000001
"FontSmoothingType"=dword:00000001
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"DesktopProcess"=dword:00000001

Remember that registry is backward compatible. Windows XP has Windows Registry Editor Version 5 while previous versions had Regedit 4. But regedit 4 work on XP besides Windows 98 and NT systems. Whereas Regedit 5 works only on XP/2000 not on 98/NT.

This hack related to desktop and Windows Explorer are taken from previous posts in this blog.

Thursday, April 17, 2008

Tweak UI Tips

Press Win+L to switch to the Welcome screen.
-----
Press Win+L to lock your workstation.
-----
You can switch users without going through the Welcome screen:  From Task Manager, go to the Users tab, right-click a user, and select Connect.
-----
Hold down the shift key in the shutdown dialog to change "Stand By" to "Hibernate".  Or just press H to hibernate instantly.  You can even use the Power Control Panel to configure your power button to hibernate.
-----
To disable the password when resuming from standby or hibernation, open the Power Control Panel and uncheck "Prompt for password after returning from standby" on the Advanced tab.
-----
You can rename multiple files all at once: Select a group of files, right-click the first file, and select "Rename". Type in a name for the first file, and the rest will follow.
-----
Hold down the shift key when switching to thumbnail view to hide the file names.  Do it again to bring them back.
-----
When dragging a file in Explorer, you can control the operation that will be performed when you release the mouse button:
 
Hold the Control key to force a Copy.
 
Hold the Shift key to force a Move.
 
Hold the Alt key to force a Create Shortcut.
-----
If you create a file called Folder.jpg, that image will be used as the thumbnail for the folder.  What's more, that image will also be used as the album art in Windows Media Player for all media files in that folder.
-----
From the View Menu, select "Choose Details" to select which file properties should be shown in the Explorer window. To sort by a file property, check its name in the "Choose Details" in order to make that property available in the "Arrange Icons by" menu.
-----
To display the volume control icon in the taskbar, go to the Sounds and Audio Devices Control Panel and select "Place volume icon in the taskbar".
-----
Hold down the shift key when deleting a file to delete it immediately instead of placing it in the Recycle Bin. Files deleted in this way cannot be restored.
-----
If you hold down the shift key while clicking "No" in a Confirm File Operation dialog, the response will be interpreted as "No to All".
-----
To save a document with an extension other than the one a program wants to use, enclose the entire name in quotation marks.  For example, if you run Notepad and save a file under the name
 
Dr.Z
 
it will actually be saved under the name Dr.Z.txt.  But if you type
 
"Dr.Z"
 
then the document will be saved under the name Dr.Z.  Note that a document so-named cannot be opened via double-clicking since the extension is no longer ".txt".
-----

Put a shortcut to your favorite editor in your Send To folder and it will appear in your "Send To" menu. You can then right-click any file and send it to your editor.
-----
Ctrl+Shift+Escape will launch Task Manager.
-----
To arrange two windows side-by-side, switch to the first window, then hold the Control key while right-clicking the taskbar button of the second window.  Select "Tile Vertically".
-----
To close several windows at once, hold down the Control key while clicking on the taskbar buttons of each window.  Once you have selected all the windows you want to close, right-click the last button you selected and pick "Close Group".
-----
You can turn a folder into a desktop toolbar by dragging the icon of the desired folder to the edge of the screen. You can then turn it into a floating toolbar by dragging it from the edge of the screen into the middle of the screen.  (It helps if you minimize all application windows first.)

-----

You can turn a folder into a taskbar toolbar.
 
First, unlock your taskbar.
 
Next, drag the icon of the desired folder to the space between the taskbar buttons and the clock. (Wait for the no-entry cursor to change to an arrow. It's a very tiny space; you will have to hunt for it.)
 
You can rearrange and resize the taskbar toolbar you just created.
 
You can even turn the taskbar toolbar into a menu by resizing it until only its name is visible.
-----
In the Address Bar, type "microsoft" and hit Ctrl+Enter.  Internet Explorer automatically inserts the "http://www." and ".com" for you.
-----
To remove an AutoComplete entry from a Web form, highlight the item in the AutoComplete dropdown and press the Delete key.
 
To remove all Web form AutoComplete entries, go to the Internet Explorer Tools menu, select Internet Options, Content, AutoComplete, then press the "Clear Forms" button.
-----
To organize your Favorites in Explorer instead of using the Organize Favorites dialog, hold the shift key while selecting "Organize Favorites" from the Favorites menu of an Explorer window.
-----
You can organize your Favorites by dragging the items around your Favorites menu.
 
Alternatively, you can open the Favorites pane and hold the Alt key while pressing the up and down arrows to change the order of your Favorites.
-----

To run Internet Explorer fullscreen, press F11. Do it again to return to normal mode.
-----
If your "Printers and Faxes" folder is empty, you can hide the "Printers and Faxes" icon when viewed from other computers by stopping the Print Spooler service.
-----
To add or remove columns from Details mode, select Choose Details from the View menu, or just right-click the column header bar.
-----
In Internet Explorer, hold the Shift key while turning the mouse wheel to go forwards or backwards.
-----
In Internet Explorer, hold the Shift key while clicking on a link to open the Web page in a new window.
-----
In Internet Explorer, type Ctrl+D to add the current page to your Favorites.
 
This and many more keyboard shortcuts can be found by going to Internet Explorer, clicking the Help menu, then selecting Contents and Index.  From the table of contents, open Accessibility and click "Using Internet Explorer keyboard shortcuts".
-----
In some applications (such as Internet Explorer), holding the Control key while turning the mouse wheel will change the font size.
-----
To shut down via Remote Desktop, click the Start button, then type Alt+F4.
-----

Wednesday, April 16, 2008

Microsoft Unrolls Details of Silverlight DRM

Microsoft unveiled details of a new DRM technology for streaming live content called Silverlight DRM, this Monday. The technology is based on Microsoft's PlayReady technology and is expected to be available later this year when Microsoft releases Silverlight 2.

Microsoft said Tuesday that Silverlight DRM will be compatible with Windows Media DRM 10 content and is aimed at protecting content that is streamed live or on-demand. The company is giving NAB 2008 attendees demonstrations of Silverlight DRM in its booth at the conference.

Microsoft unveiled Silverlight last year to compete with Adobe's Flash multimedia runtime and player; however, Microsoft has optimized Silverlight for HD video content in particular as a way to differentiate its technology from Flash.

According to Microsoft, Silverlight is logging about 1.5 million downloads per day, which includes downloads spurred by Microsoft running Silverlight on its own Web sites and for company Webcasts.

Saturday, April 12, 2008

How to obtain Windows XP Setup boot disks?

Microsoft Windows XP Setup boot disks are available only by download from Microsoft. The Setup boot disks are available so that you can run the Setup program on computers that cannot use a bootable CD-ROM.

If your computer does support booting from a CD-ROM, or if network-based installation is available, Microsoft recommends that you use those installations methods instead.

Future products will no longer support installation by using the Setup boot disks. Installation of future Microsoft operating systems will require the ability to start from the CD-ROM drive or by using PXE boot from the network. For more information about how to use PXE boot, visit the following Microsoft Web site:
 
There are six Windows XP Setup boot floppy disks. You must have the files and the drivers that these disks contain to access the CD-ROM drive and to start the Setup process.

Create the Setup disks

When you download the Setup disks, the download contains only one large program file. When you run the downloaded file, it extracts the files. You receive the following prompt:
This program creates the Setup boot disks for Microsoft Windows XP. To create these disks, you need to provide 6 blank, formatted, high-density disks.

Please specify the floppy drive to copy the images to:
Type the drive letter for the floppy disk drive (this is typically drive A). After you type the floppy disk drive letter, you receive the following prompt:
Insert one of these disks into drive drive letter:. This disk will become the Windows XP Setup Boot Disk.

Press any key when you are ready.
When you press a key, the downloaded file starts to extract and copy the files. Continue to insert the blank disks as you are prompted to do so until all six disks are created. If the process is interrupted, you must run the downloaded program file again to create all six disks.

Make sure to label each disk appropriately with the number that is specified by the program. You must use the disks in the correct order during the Setup process.

Use the Setup disks

After you create all six disks, insert the first disk in the floppy disk drive, and then restart the computer. The computer must be configured to boot from the floppy disk drive. You may have to modify the BIOS settings on your computer to do this.

The Setup process starts. Insert the other floppy disks as you are prompted to do so. You must use the Windows XP CD-ROM to finish the Setup process.

Download the Setup disk program file

Windows XP original release

For information about the Setup boot disk versions that are available for download, visit the following Microsoft Web sites:

Windows XP Service Pack 1 (SP1)

Note Windows XP CD-ROMs that include SP1 have the text "Includes Service Pack 1" on the CD-ROM.

For information about the Setup boot disk versions that are available for download, visit the following Microsoft Web sites:

Windows XP Service Pack 2 (SP2)

For information about the Setup boot disk versions that are available for download, visit the following Microsoft Web sites:
 
This article is taken from http://support.microsoft.com/!

Monday, April 07, 2008

Dealling with ActMon Computer Monitoring an Spyware

Type: Spyware
Name: ActMon Computer Monitoring
Version: 5.20
Publisher: ActMon Software
Risk Impact: High
Systems Affected: Windows 98, Windows 95,  Windows Me, Windows NT, Windows 2000, Windows XP

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

  • Disable System Restore (Windows Me/XP).

  • Update the virus definitions.

  • Run a full system scan.

  • Delete any values added to the registry.

For specific details on each of these steps, read the following instructions.

1. To disable System Restore (Windows Me/XP)

If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:

How to disable or enable Windows Me System Restore?
How to turn off or turn on Windows XP System Restore?

Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, reenable System Restore by following the instructions in the aforementioned documents.

2. To update the virus definitions

Update your Antivirus Program and  Virus Definitions ASAP.

Running LiveUpdate, which is the easiest way to obtain virus definitions.
Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted daily. You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to Virus Definitions (Intelligent Updater).

3. To run a full system scan

Run a full system scan.
If any files are detected, follow the instructions displayed by your antivirus program.
Important: If you are unable to start your Symantec antivirus product or the product reports that it cannot delete a detected file, you may need to stop the risk from running in order to remove it. To do this, run the scan in Safe mode. For instructions, read the document, How to start the computer in Safe Mode. Once you have restarted in Safe mode, run the scan again.

After the files are deleted, restart the computer in Normal mode and proceed with the next section.

Warning messages may be displayed when the computer is restarted, since the threat may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following:

Title: [FILE PATH]
Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

4. To delete the value from the registry

Important: Back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry?.

Click Start > Run.
Type regedit
Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.


Navigate to and delete the following entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"srvprc" = ""%System%\srvprc.exe" -at"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"wskrnl" = ""%System%\wskrnl.exe" -at"

Navigate to and delete the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\srvprc
HKEY_LOCAL_MACHINE\SOFTWARE\wskrnl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wskrnlc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wskrnlc

Restore the following registry entries to their original values, if required:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\"UpperFilters" = "kbdclass[EXTENDED ASCII CHARACTER 191]wskrnlc"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\"UpperFilters" = "kbdclass[EXTENDED ASCII CHARACTER 191]wskrnlc"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\PNP0303\4&5289e18&0\Control\"ActiveService" = "wskrnlc"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0303\4&5289e18&0\Control\"ActiveService" = "wskrnlc"


Exit the Registry Editor.

Voila, there you are safe of the ActMon. This article has been prepeared by the ActMon removed file report from Symantec's Antivirus Program. For more on removing viruses, refer to the following links or search the GeekLog.

Thursday, April 03, 2008

Removing boot.vbs or virusremoval.vbs by deleting wscript.exe

Are you annoyed by your PC, showing Windows cannot find Virus Removable .vbs or similar Script host setting at start up.

Removing boot.vbs or virusremoval.vbs is as easy as abc, just two simple steps to go thru!

  1. Go to your system partition ie C:\WINDOWS\system32 and find or search 'wscript.exe'

  2. Delete it. If you can't delete it, just use unlocker from http://ccollomb.free.fr/unlocker/  

Ensure that you don't delete or modify any Windows System file. You will get rid of this problem. By this way, you don't need any antivirus for boot.vbs.

 

You may also like to read:

Wednesday, April 02, 2008

Registry Tweaks : Better perform with your system

Please, copy the code below onto the notepad and save the file with the extension .reg. Registry Tweaks : Better perform with your system

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Control Panel\Desktop]
"AutoEndTasks"="1"
"HungAppTimeout"="100"
"WaitToKillAppTimeout"="100"
"ActiveWndTrkTimeout"=dword:00000000
"CaretWidth"=dword:00000001
"CoolSwitch"="1"
"CoolSwitchColumns"="7"
"CoolSwitchRows"="3"
"CursorBlinkRate"="530"
"DragFullWindows"="1"
"DragHeight"="4"
"DragWidth"="4"
"FontSmoothing"="2"
"FontSmoothingOrientation"=dword:00000001
"FontSmoothingType"=dword:00000001
"ForegroundFlashCount"=dword:00000003
"ForegroundLockTimeout"=dword:00030d40
"GridGranularity"="0"
"HungAppTimeout"="5000"
"LowPowerActive"="1"
"LowPowerTimeOut"="0"
"MenuShowDelay"="0"
"PaintDesktopVersion"=dword:00000000
"PowerOffActive"="1"
"PowerOffTimeOut"="0"
"ScreenSaverIsSecure"="0"
"ScreenSaveTimeOut"="600"
"ScreenSaveActive"="0"
"TileWallpaper"="0"
"UserPreferencesMask"=hex:9e,3e,07,80
"WaitToKillAppTimeout"="100"
"WheelScrollLines"="3"

[HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics]
"BorderWidth"="0"
"CaptionFont"=hex:f3,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,\
00,00,00,01,00,00,00,00,54,00,72,00,65,00,62,00,75,00,63,00,68,00,65,00,74,\
00,20,00,4d,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CaptionHeight"="-375"
"CaptionWidth"="-270"
"IconFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,\
00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"IconSpacing"="-1125"
"IconTitleWrap"="1"
"IconVerticalspacing"="-1125"
"MenuFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,\
00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"MenuHeight"="-285"
"MenuWidth"="-270"
"MessageFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,\
00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ScrollHeight"="-255"
"ScrollWidth"="-255"
"Shell Icon BPP"="16"
"SmCaptionFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,\
00,00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"SmCaptionHeight"="-255"
"SmCaptionWidth"="-255"
"StatusFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,\
00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"AppliedDPI"=dword:00000060
"Shell Icon Size"="32"
"MinAnimate"="0"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"DesktopProcess"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"CacheHashTableBucketSize"=dword:00000001
"CacheHashTableSize"=dword:00000180
"MaxCacheEntryTtlLimit"=dword:0000fa00
"MaxSOACacheEntryTtlLimit"=dword:0000012d

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisable8dot3NameCreation"=dword:00000000
"Win31FileSystem"=dword:00000000
"Win95TruncatedExtensions"=dword:00000001
"NtfsDisableLastAccessUpdate"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="100"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction]
"Enable"="N"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc]
"Start"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"NoNetCrawling"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRemoteRecursiveEvents"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL]
@="1"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"LargeSystemCache"=dword:00000001

[HKEY_CLASSES_ROOT\lnkfile]
"IsShortCut"=-
[HKEY_CLASSES_ROOT\piffile]
"IsShortCut"=-
[HKEY_CLASSES_ROOT\InternetShortcut]
"IsShortCut"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug]
"Auto"="0"
"Debugger"="drwtsn32 -p %ld -e %ld -g"
"UserDebuggerHotKey"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Tour]
"RunCount"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\Tour]
"RunCount"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"=dword:00000000
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=dword:00000000
"{871C5380-42A0-1069-A2EA-08002B30309D}"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell]
"BagMRU Size"=dword:000000FA
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam]
"BagMRU Size"=dword:000000FA

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
;"ThumbnailSize"=dword:00000020
"ThumbnailQuality"=dword:0000001E

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"DisableThumbnailCache"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ListviewWatermark"=dword:00000000
"ListviewShadow"=dword:00000001
"ListviewAlphaSelect"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects]
"VisualFXSetting"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\AnimateMinMax]
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ComboBoxAnimation]
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\CursorShadow]
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DragFullWindows]
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DropShadow]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\FontSmoothing]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListBoxSmoothScrolling]
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewAlphaSelect]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewShadow]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewWatermark]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\MenuAnimation]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\SelectionFade]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TaskbarAnimations]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\Themes]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TooltipAnimation]
"DefaultValue"=dword:00000001
"DefaultApplied"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\WebView]
"DefaultApplied"=dword:00000001

Tuesday, April 01, 2008

Dealing and removing dxdlg.exe (Trojan/Backdoor)

I wonder why people get infected with minor viruses.(oops! while considering viruses and infections not a single virulent action might be neglected!) This blog post is a brief of how to remove dxdlg.exe? as asked to me by one of the visitor of the geeklog.
 
I recommend that you remove dxdlg.exe from your system ASAP because dxdlg.exe is a Trojan/Backdoor activity. If you got a registered version of TuneUp Utilities Process Manager (which allows you to manage currently running programs) just kill the process dxdlg.exe and remove dxdlg.exe from Windows startup. You can always opt for 2nd tab(Processes) of Windows Task Manager(Alt+Ctrl+Del).
Google Search for Rootkits/Adware/Spyware can result into losts of free softwares but read in advance before considering them.
 
My search discovered into another worm named W32/Isetspy-B for Windows plateform which mainly spreads via removable storage devices and network shares.

When run W32/Isetspy-B installs the following files:
<Profile>\Application Data\dxdlls\dxdlg.exe
<Profile>\Application Data\dxdlls\imapd.exe
<Profile>\Application Data\dxdlls\imapdb.dll
<Profile>\Application Data\dxdlls\imapdb.exe
<Profile>\Application Data\dxdlls\imapdc.dll
<Profile>\Application Data\dxdlls\imapdd.dll
<Profile>\Application Data\dxdlls\imapde.dll
<Profile>\Application Data\dxdlls\boot.vbs
<System>\wproxp.exe
<System>\rbwinx1.dll
<System>\boot.vbs
<System>\imapd.exe
<System>\imapdb.dll
<System>\imapdb.exe
<System>\imapdc.dll
<System>\imapdd.dll
<System>\imapde.dll
<System>\dxdlg.exe

Boot.vbs is detected as W32/Isetspy-B. rbwinx1.dll is a data file and may be safelydeleted. All other files are detected as Mal/EncPk-AO.
 
The ONLY remedy is get your antivirus program updated with the latest virus definitions. Visit the website of your antivirus program. Some of the websites of the antivirus program manufacturers scan for viruses and similar threats by uploading files on the net and all for free, try a Google search or go thru the following links.
 
Recommended Reading:

Subscribe to geeklog feed Bookmark and Share

Design by Free blogger template