Solved

BSOD possibly caused by Norton Internet Security?

Posted on 2009-07-11
24
930 Views
Last Modified: 2013-12-06
After years of using Norton, I got tired of all the problems and switched to Zone Alarm for a couple of years. Computer Mags recommend NIS 2009 for people who no longer liked NOrton so I switched my laptop and a bunch of others. Have run trouble free for months until June.

I received identical blue screen crashes on 6/7, 6/24, 6/26, and 7/3. I used an app called WHo Crashed to determine that it was probably symevent.sys so I tried Norton Support. Since they were no help, I decided to uninstall and reinstall Norton Internet Security 2009. I had no problems for a week and today I walked in and saw another BSOD with the same Page_Fault message. I ran Who Crashed and go the same mini dump I have been getting all along (see code below). I searched for info and the only things I could find on MS KB and Symantec said the problem occurs with Servers. I am running Win XP SP3 on a laptop. I have noticed my computer seems a little slower the past month so I am worried I might be infected with some virus acting as a server? (even though I have been running NIS 2009 throughout). I did an online COnifcker test and the system passed. Oddly the time stamp of the crash was 1:23 PM but the crash occured before 8AM that day. I don't know if this matters. I ran RU Botted from Housecall during the same period and it occaisionaly said I had a bot installed but it would never remove it. I finally uninstalled RUBOTTED. Any ideas how to fix this?

On Sat 7/11/2009 1:23:51 PM your computer crashed

This was likely caused by the following module: symevent.sys

Bugcheck code: 0x10000050 (0xE871C000, 0x0, 0x89C313DE, 0x1)

Error: Unknown

file path: C:\WINDOWS\system32\drivers\symevent.sys

product: SYMEVENT

company: Symantec Corporation

description: Symantec Event Library

Open in new window

0
Comment
Question by:dheymann
  • 12
  • 10
24 Comments
 
LVL 27

Expert Comment

by:Jonvee
ID: 24830937
You could try the Kaspersky free online virus scanner which is a good way to find out if you have any viruses or spyware without having to uninstall your existing antivirus software.  If Kaspersky finds an infection it will not necessarily remove it, but at least it'll report back on exactly what you have >>
http://www.kaspersky.co.uk/virusscanner
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24830949
In the case of Malware you may also like to try downloading then updating Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php
When updated, reboot into Safe Mode by selecting F8 at bootup & run a scan.

Tutorial available, if you require >
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t169669.html
0
 

Author Comment

by:dheymann
ID: 24831277
Running Kapersky scan now. Will take hours to scan entire c drive. Will post results. If I am not infected, then what do I do about BSODs? No Norton solution covers a non server application.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24831803
If both Kaspersky and Malwarebytes find no infection, you may want to consider, at least temporarily, uninstalling NIS 2009 >
"Remove Norton Internet Security 2009 with Norton Removal Tool":
http://www.downloadatoz.com/howto/remove-norton-internet-security-2009.html

Then reboot and see if you still get a BSOD.   If there is, see if there are new dumps in
c:\windows\minidump\    
or  %systemroot%\minidump\

If yes, can you paste the latest dump(s) in the "Attach Code Snippet" box and i'll take a look.  You'll need to rename single minidump files first with a .txt extension, (do not rename the contents of the file).  Alternatively zip them before attaching, and rename the .zip to .txt for the attaching (the upload).

You may need to disable auto restart:
My Computer > Properties > Advanced > Startup and Recovery Settings, and uncheck Automatically Restart.

It's conceivable your computer has been slower during the past month due to NIS 2009 auto updating.

If the machine is infected we could consider running ComboFix .. details later, if we need them ..
0
 

Author Comment

by:dheymann
ID: 24831856
Kapersky scan was clean. I have already uninstalled and reinstalled Norton. Does anyone know what I can do?
0
 

Author Comment

by:dheymann
ID: 24831865
Jonvee: Computer does not appear to be infected. Since Blue Screens are a week apart, I hate to uninstall Norton for a week (or more). Is there any other way to diagnose other than going unprotected for a week?
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24831969
No need to go unprotected for a week as there are several good, free, virus & Malware scanners available for the public such as AVG Antivirus Free 7.5.488,   Trend Micro's online virus scanner, & others  ... i've used nothing else for at least six years.

However, as your wish is to retain Norton, that's fine .... let's instead wait until you have other minidumps and we'll analyse them & see if the reason is indeed due to Symevent.sys.

Running Malwarebytes is still recommended, it's considered to be about the best there is for Malware at this time, but i consider there is no point in running ComboFix.
0
 

Author Comment

by:dheymann
ID: 24832009
I will run Malwarebytes. All five blue screens have been caused by Symevent.sys according to Who crashed. It could be a conflict with something else. THe only changes I've made have been MS updates which could have caused a conflict I suppose.
0
 

Author Comment

by:dheymann
ID: 24832126
Malware bytes found one item which appears to be minor and was removed. I doubt this is causing my problem. The tech support for Norton from Asia is terrible. Any other idea how I can find out why this is happening. I suspect others have had this problem but I can only find posts about servers. THis is what Malwarebytes removed:

c:\documents and settings\Dave\favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24832168
Thanks for the reports.   Incidently there is still ample time to receive further comments in this zone, but to speed the process up you can post your question in up to two other zones (most questions can be posted in up to three Zones).   As you'd expect there's usually less activity at a weekend.

 Select "Asking Questions", then see Step 3: Select One or More Zones >
http://www.experts-exchange.com/help.jsp

May i suggest this is one of them>
http://www.experts-exchange.com/Virus_and_Spyware/HijackThis/
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24832197
>> c:\documents and settings\Dave\favorites\Online Security Test.url (Rogue.Link) <<

A google search reveals this entry being 'quarantined and deleted successfully' on a number of sites, so maybe Malwarebytes has found the problem.
 
Example>
http://209.85.229.132/search?q=cache:SWvBWoMuZyQJ:www.bleepingcomputer.com/forums/lofiversion/index.php/t160500.html+c:%5Cdocuments+and+settings%5C+favorites%5COnline+Security+Test.url+(Rogue.Link)&cd=2&hl=en&ct=clnk&gl=uk
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:dheymann
ID: 24832199
I will post there. I looked to see what had been installed during the 30 days before the first crash. Only two items matched that date range. I suspect there were others since a lot of MS updates don't have install dates in the add/remove programs list. Here are the two I could identify:

Update to Outlook calendar printing asst  Installed day of first crash
Security update for powerpoint 2007 installed 21 days before first crash.

I can't imagine either of these is an issue. What do you think?
0
 
LVL 23

Expert Comment

by:Admin3k
ID: 24833924
symevent.sys is a problematic driver in many Symantec products , I have seen it causing BSODs in many machines with different setups,in many causes because of a conflict with SuperAntispyware or other antispyware program, usually the latest release of the product solves the issue, however you may need to go through symantec support forums for other possible solutions /workarounds till this is solved in the next release.
http://www.symantec.com/avcenter/security/Content/2006.09.20a.html
the above link contains a link to download the latest versions of Symevent driver installer 



0
 

Author Comment

by:dheymann
ID: 24839836
Admin 3K. I clicked on that link and it said internal server error
0
 
LVL 27

Accepted Solution

by:
Jonvee earned 500 total points
ID: 24843777
dheymann .... i have no problem at all opening the link from Admin3k using two different computers, & i'm wondering if you have a browser problem (because of a remaining infection?), as well as a possible problematic symevent.sys driver.

Therefore it would be very useful if you could install and run Trend HijackThis 2.02 to see if we can spot anything nasty>
http://majorgeeks.com/Trend_Micro_HijackThis_d5554.html

Create a folder where you would like the HijackThis file to reside and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile.  Then click the "Attach Code Snippet" box, paste the logfile into the "Code Snippet" page and then it can be analysed.
0
 

Author Comment

by:dheymann
ID: 24844029
I tried again and it worked. Have no idea why it didn't work this morning. That page is dated 2006. I bought NIS 2009 so I would assume that my Symevent.sys is way too new for that. My system also runs Norton Live Update so if they push a new version it should work. I will run Hijack this as you recommended. I really appreciate your helping me Jonvee. This is very nice of you.
0
 

Author Comment

by:dheymann
ID: 24844099
Hijack file is attached. THank you. I really hope you find something wrong because this is driving me nuts.
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:18:14 PM, on 7/13/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\digtizer.exe

C:\YouGetItBack\LaptopSuperHero\eTagService.exe

C:\YouGetItBack\LaptopSuperHero\eTagReportLostApp.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\SYSTEM32\WISPTIS.EXE

C:\WINDOWS\System32\tabbtnu.exe

C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\windows\system32\KADxMain.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Fujitsu\Utils\FjDspMon.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Fujitsu\Utils\fjevents.exe

C:\Program Files\Fujitsu\Utils\FjMnuIco.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe

C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\palmOne\Hotsync.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\DOCUME~1\Dave\LOCALS~1\Temp\hpfpaste.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Great Game Products\Bridge Baron 13 ENG\Baron.exe

C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\DavesDocs\Downloaded Files\Freeware, Shareware, Demo versions\HiJackThis.exe
 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run

O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

O4 - HKLM\..\Run: [FjStrtAp] c:\Program Files\Fujitsu\Utils\FjStrtAp.exe

O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [KADxMain] C:\windows\system32\KADxMain.exe

O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe

O4 - HKLM\..\Run: [eTag] C:\YouGetItBack\LaptopSuperHero\\eTagClient.exe /auto

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2218770524-2224255202-3220774220-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-2218770524-2224255202-3220774220-1009\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User '?')

O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://us.fujitsu.com/computers

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197035374828

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab

O16 - DPF: {9B8D3E79-A732-4EC0-AEEE-8AF8CDF10D8A} (PalmSourceInstallerX) - http://installer.palmsource.com/PSIWebStub.dll

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe

O23 - Service: Laptop Superhero (ETagClient) - Yougetitback Limited - C:\YouGetItBack\LaptopSuperHero\\eTagService.exe

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O24 - Desktop Component 0: (no name) - (no file)
 

--

End of file - 13042 bytes

Open in new window

0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24844507
Could have been your Server this morning >
What's an "Internal Server Error" and how do I fix it?
http://ask-leo.com/whats_an_internal_server_error_and_how_do_i_fix_it.html

Checking a few HijackThis log entries at the moment, and this one looks suspicious>
O24 - Desktop Component 0: (no name) - (no file)

Try this>
Start > control panel > Display properties > Desktop > Customize Desktop .... then select the 'Web' tab.  

Make a written note of what you see, then uncheck everything except for "My current Home page".
Also remove the checkmark from the the "Lock Desktop Items" box *if it is checked*.
Apply, then Exit the Display props.

[You may have to delete these 'unwanted entries' later, but leave them untouched for now]
Now run HijackThis again.  If the "Desktop Component" entry is still there, we'll get HijackThis to FIX it.

0
 

Author Comment

by:dheymann
ID: 24844642
Under the web tab there was only one item and it was blank (except for a 0 so it may be the item you were looking for). I saw an unchecked check box with no other description. Since it was unchecked, I deleted it and followed your other instructions. A new hijack this is attached
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:30:50 PM, on 7/13/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\digtizer.exe

C:\YouGetItBack\LaptopSuperHero\eTagService.exe

C:\YouGetItBack\LaptopSuperHero\eTagReportLostApp.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\SYSTEM32\WISPTIS.EXE

C:\WINDOWS\System32\tabbtnu.exe

C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\windows\system32\KADxMain.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Fujitsu\Utils\FjDspMon.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Fujitsu\Utils\fjevents.exe

C:\Program Files\Fujitsu\Utils\FjMnuIco.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe

C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\palmOne\Hotsync.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\DOCUME~1\Dave\LOCALS~1\Temp\hpfpaste.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\WINDOWS\system32\spider.exe

C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\DavesDocs\Downloaded Files\Freeware, Shareware, Demo versions\HiJackThis.exe
 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run

O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

O4 - HKLM\..\Run: [FjStrtAp] c:\Program Files\Fujitsu\Utils\FjStrtAp.exe

O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [KADxMain] C:\windows\system32\KADxMain.exe

O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe

O4 - HKLM\..\Run: [eTag] C:\YouGetItBack\LaptopSuperHero\\eTagClient.exe /auto

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2218770524-2224255202-3220774220-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-2218770524-2224255202-3220774220-1009\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User '?')

O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://us.fujitsu.com/computers

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197035374828

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab

O16 - DPF: {9B8D3E79-A732-4EC0-AEEE-8AF8CDF10D8A} (PalmSourceInstallerX) - http://installer.palmsource.com/PSIWebStub.dll

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe

O23 - Service: Laptop Superhero (ETagClient) - Yougetitback Limited - C:\YouGetItBack\LaptopSuperHero\\eTagService.exe

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
 

--

End of file - 12989 bytes

Open in new window

0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24844942
So under the 'Web' tab, are you saying that there was no "My current Home page" entry?  Unusual if so.

Thanks for the HijackThis log, it now appears clean.   This entry is not harmful, and can be FIXed if you wish>
O2 - BHO: (no name) - AutorunsDisabled - (no file)

Have to log off, it's past midnight over here ... can't help feeling we're getting close .. will call by in the morning & hopefully it will not blue screen.
0
 

Author Comment

by:dheymann
ID: 24860054
Jonvee:

Just to confirm the web tab now had nothing listed since I deleted that 0 entry. I will wait a week or two and see if it blue screens. If it does, I will dump Norton for AVG and see if it blue screens after that. It will take a month but I am assuming this is the only way to resolve at this point. I will award points now since you did yeoman's work for me and I really appreciate it. If there is something else I should try please post.
0
 

Author Closing Comment

by:dheymann
ID: 31602427
Jonvee is amazing. I am floored that guys like him are so generous in willing to help knuckleheads like me. thank you so much.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24863397
Ok, thanks for the report.  If at any time you need to respond with an update, we'll be monitoring.
Thank you.

Should you blue screen, then personally i would uninstall Norton and try one of these scanners ... they are all good >

Kaspersky free online virus scanner:
http://www.kaspersky.co.uk/virusscanner

AVG Antivirus Free 7.5.488 >>
http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10645435.html

"Trend Micro's FREE online virus scanner":            
http://housecall.trendmicro.com/uk/
Ideal for scanning online, using "Safe Mode with networking".
     
http://www.pandasoftware.com/activescan/com/activescan_principal.htm


For Malware, Malwarebytes' Anti-Malware can be complimented with Superantispyware, both excellent:                        
http://www.superantispyware.com/
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
ISA & antivirus 10 70
Ransom.CRYPTXXX Activity 2 9 89
We got ransomware on the server fileserver 2012 17 127
svg file 10 37
Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now