hi all

no one reply to Alxander when he tel this:

>> I can not go to the display property anymore ....

i have the same problem after i have this virus i cant lunch display property anymore...

Please help... because i dont find solution... just 1 format my hard drive my god 200 mb

Please help

So what happens when you try launching Display Properties?
Are you getting an error message? And if so, which one?

We could start by having a closer look at your configuration:
Go to http://tomcoyote.org/hjt/ , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

_________________
Tony CLSID List

hi quick reply

when i launching Display Properties i have nothink no error... just the mouse change sand wait (like u execute a program) like 1 second and after nothing like u do nothing...

thx for ur help

i put the scan Log:
---------------------



Logfile of HijackThis v1.97.6
Scan saved at 02:57:06, on 17/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\stardock\TrayServer.exe
C:\WINDOWS\MXOaldr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Nabuco\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubic.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Fichiers communs\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Recherche (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37868.672349537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12118/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB11BA61-EAB6-4136-B0AE-F71C606E5B38}: NameServer = 194.117.200.10,194.117.200.15

That's a clean log.

I suggest you start by doing the following:

Click Start , and then click Run .
In the Open box, type sfc /scannow (Note: there's a space following "sfc"!), and then click OK . You may be prompted to insert the Windows XP installation CD-ROM.

Windows will verify the integrity of the system files, will detect whether any system files are missing or corrupted, and will restore the correct version from either the Windows CD-ROM, or from your Windows\ServicePackFiles folder.

Now test to see whether the issue is resolved.

Good luck,

_________________
Tony CLSID List

what i do when u tell me this:

> or from your Windows\ServicePackFiles folder

what the command ? un use pack sp1a i decompact in a folder in my desktop what i do or i put to tel him go to this folder ???

because i put my xp pro cdrom and when i clik in information he tel me the cd windows xp is not the same of the installed system...

thx again

You'll need to insert the original Windows CD-ROM, not the SP1 Upgrade disk.

Windows will know where to look for the Service Pack files.

_________________
Tony CLSID List

hi again

i dont put the sp1 disk.. i put the original disk "Windows XP Pro" but this version of my XP have SP1 integrated by microsft... no the "A" version but just the sp1...

i downloaded the "SP1a" and i run and i do all Windows Update...

what i do to specifi folder ? possible o impossible ?

because the msg its the same he tell me to put the same installed windows xp disk its the same i install with the same cd but i do all Windows Update... and sp1a...

thxx for ur help

hmm i dont see this thx a lot my problem its resolved i dont see Just4Info wrote

thx all

Glad to hear the problem is resolved.

Hi Bulldog!

Good to see you've started posting! Looking forward to seeing you join the team!

_________________
Tony CLSID List