# What is THIS? - Search_Glow Attack?!!



## Rivera42 (Aug 3, 2007)

I've got a brand new computer, and I've been having some problems with it.
There are threads here describing those problems:

http://forums.techguy.org/hardware/708577-keyboard-lagging-while-everything-else.html
http://forums.techguy.org/windows-nt-2000-xp/708473-system-restore-good-idea.html

Today I have full-scanned my system back to back to back with ad-aware 07, spybot, a-squared free, windows defender and avast. All clean results. 
Following all this, I initiated an online windows onecare virus scan. 
While these scans were taking place I was using firefox to browse the web, mostly zshare because I was watching tv on it.
My browser kept freezing and crashing, and finally I looked in taskman and saw something I have never heard of, search_glow, running in applications.
I googled it and saw enough to lead me to think malware...
I tried to end the task and it took the browser with it, so there went my onecare scan.
I assume I'm going to need hjt. Please post a current link.
If this thread is in the wrong area please move it.


----------



## Cheeseball81 (Mar 3, 2004)

Go to here and download 'Hijack This!' self installer. 
Save it to the desktop or other suitable place. * DO NOT just press run from the website* 
Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu. 
Click on the entry in start menu to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log. 
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, 
so *do NOT fix anything yet.*


----------



## Rivera42 (Aug 3, 2007)

Thank you. Here's my log.

(I know you guys might flag Viewpoint, you often do. It's on here because of AIM6, in case that should happen to come up. Whether I keep it or not, that's where it came from.)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:28 PM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRAM FILES\ADOBE\ACROBAT 8.0\ACROBAT\ACROTRAY.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080418
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080418
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/options&s=gGfvcSX3_Ej2CkYx1zSKU2BJX9o
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\DOCUME~1\DATELI~1\LOCALS~1\Temp\E_S5B.tmp" /EF "HKCU"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209003885046
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5280/mcfscan.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 17119 bytes


----------



## Cheeseball81 (Mar 3, 2004)

Is search glow still running?

Run *Kaspersky* online virus scan here: http://www.kaspersky.com/virusscanner

When given the option, choose the "Extended database" for the scan.
When it's finished, save the results from the scan and post them here.


----------



## Rivera42 (Aug 3, 2007)

Working on this right now.

Have not observed our buddy Search Glow since the time of that posting. The problems to which I have linked persist.

In the Kaspersky scan window, the status bar says "error on page" and when i try to maximize the window it won't go past a square shape in the upper lefthand portion of the screen. For some reason the window constrains itself, but if I don't maximize it works fine, and I can drag the edges wherever I like. Hmm. Weird. In any case the scan _appears_ to be running. And yes, I'm using IE for it.


----------



## Rivera42 (Aug 3, 2007)

Goodness gracious, even with a fast computer this took forever. Here it is:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 06, 2008 3:08:56 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/05/2008
Kaspersky Anti-Virus database records: 741640
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 204597
Number of viruses found: 5
Number of infected objects: 24
Number of suspicious objects: 0
Duration of the scan process: 03:45:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04232008-012049.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\SingleClick Systems\HomeNet Manager\Logs\hnm_svc.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log	Object is locked	skipped
C:\Documents and Settings\Dateline 420 Online\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Dateline 420 Online\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Dateline 420 Online\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Dateline 420 Online\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{88613D80-2739-4A26-B2F3-407D47863200}	Object is locked	skipped
C:\Documents and Settings\Dateline 420 Online\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNSD.XML	Object is locked	skipped
C:\Documents and Settings\Dateline 420 Online\Local Settings\Application Data\SupportSoft\DellSupportCenter\Dateline 420 Online\state\logs\sprtcmd.log	Object is locked	skipped
C:\Documents and Settings\Dateline 420 Online\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Dateline 420 Online\Local Settings\History\History.IE5\MSHist012008050520080506\index.dat	Object is locked	skipped
C:\Documents and Settings\Dateline 420 Online\Local Settings\Temp\fla5B.tmp	Object is locked	skipped
C:\Documents and Settings\Dateline 420 Online\Local Settings\Temp\~DF179C.tmp	Object is locked	skipped
C:\Documents and Settings\Dateline 420 Online\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Dateline 420 Online\My Documents\My Random Crap\Applications\Installers\Hard Disk Imaging Utilities\UBCD4WinV313.exe/file4206	Infected: not-a-virus:NetTool.Win32.Portscan.c	skipped
C:\Documents and Settings\Dateline 420 Online\My Documents\My Random Crap\Applications\Installers\Hard Disk Imaging Utilities\UBCD4WinV313.exe/file4427	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c	skipped
C:\Documents and Settings\Dateline 420 Online\My Documents\My Random Crap\Applications\Installers\Hard Disk Imaging Utilities\UBCD4WinV313.exe/file4432	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c	skipped
C:\Documents and Settings\Dateline 420 Online\My Documents\My Random Crap\Applications\Installers\Hard Disk Imaging Utilities\UBCD4WinV313.exe/file4485	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Dateline 420 Online\My Documents\My Random Crap\Applications\Installers\Hard Disk Imaging Utilities\UBCD4WinV313.exe/file4488	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4	skipped
C:\Documents and Settings\Dateline 420 Online\My Documents\My Random Crap\Applications\Installers\Hard Disk Imaging Utilities\UBCD4WinV313.exe/file4489	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4	skipped
C:\Documents and Settings\Dateline 420 Online\My Documents\My Random Crap\Applications\Installers\Hard Disk Imaging Utilities\UBCD4WinV313.exe/file4490	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4	skipped
C:\Documents and Settings\Dateline 420 Online\My Documents\My Random Crap\Applications\Installers\Hard Disk Imaging Utilities\UBCD4WinV313.exe/file4734/data.rar/xpkey.exe	Infected: not-a-virusSWTool.Win32.RAS.g	skipped
C:\Documents and Settings\Dateline 420 Online\My Documents\My Random Crap\Applications\Installers\Hard Disk Imaging Utilities\UBCD4WinV313.exe/file4734/data.rar/officekey.exe	Infected: not-a-virusSWTool.Win32.RAS.a	skipped
C:\Documents and Settings\Dateline 420 Online\My Documents\My Random Crap\Applications\Installers\Hard Disk Imaging Utilities\UBCD4WinV313.exe/file4734/data.rar	Infected: not-a-virusSWTool.Win32.RAS.a	skipped
C:\Documents and Settings\Dateline 420 Online\My Documents\My Random Crap\Applications\Installers\Hard Disk Imaging Utilities\UBCD4WinV313.exe/file4734	Infected: not-a-virusSWTool.Win32.RAS.a	skipped
C:\Documents and Settings\Dateline 420 Online\My Documents\My Random Crap\Applications\Installers\Hard Disk Imaging Utilities\UBCD4WinV313.exe	Inno: infected - 11	skipped
C:\Documents and Settings\Dateline 420 Online\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Dateline 420 Online\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log	Object is locked	skipped
C:\Program Files\Dell Network Assistant\Logs\ezi_hnm.log	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\chandir.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\chandir.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\chn.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\chn.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\D0000000.FCS	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\inuse.txt	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\L0000003.FCS	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\main.log	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\prs.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\prs.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\prs_die.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\prs_die.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\prs_dnd.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\prs_dnd.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\prs_ext.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\prs_ext.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\prs_rcv.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\prs_rcv.idx	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\storydb.dat	Object is locked	skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Dateline 420 Online\Data\storydb.idx	Object is locked	skipped
C:\RECYCLER\S-1-5-21-2644961631-552631873-2714520094-1005\Dc6\UBCD4WinV313.exe/file4206	Infected: not-a-virus:NetTool.Win32.Portscan.c	skipped
C:\RECYCLER\S-1-5-21-2644961631-552631873-2714520094-1005\Dc6\UBCD4WinV313.exe/file4427	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c	skipped
C:\RECYCLER\S-1-5-21-2644961631-552631873-2714520094-1005\Dc6\UBCD4WinV313.exe/file4432	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c	skipped
C:\RECYCLER\S-1-5-21-2644961631-552631873-2714520094-1005\Dc6\UBCD4WinV313.exe/file4485	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4	skipped
C:\RECYCLER\S-1-5-21-2644961631-552631873-2714520094-1005\Dc6\UBCD4WinV313.exe/file4488	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4	skipped
C:\RECYCLER\S-1-5-21-2644961631-552631873-2714520094-1005\Dc6\UBCD4WinV313.exe/file4489	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4	skipped
C:\RECYCLER\S-1-5-21-2644961631-552631873-2714520094-1005\Dc6\UBCD4WinV313.exe/file4490	Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4	skipped
C:\RECYCLER\S-1-5-21-2644961631-552631873-2714520094-1005\Dc6\UBCD4WinV313.exe/file4734/data.rar/xpkey.exe	Infected: not-a-virusSWTool.Win32.RAS.g	skipped
C:\RECYCLER\S-1-5-21-2644961631-552631873-2714520094-1005\Dc6\UBCD4WinV313.exe/file4734/data.rar/officekey.exe	Infected: not-a-virusSWTool.Win32.RAS.a	skipped
C:\RECYCLER\S-1-5-21-2644961631-552631873-2714520094-1005\Dc6\UBCD4WinV313.exe/file4734/data.rar	Infected: not-a-virusSWTool.Win32.RAS.a	skipped
C:\RECYCLER\S-1-5-21-2644961631-552631873-2714520094-1005\Dc6\UBCD4WinV313.exe/file4734	Infected: not-a-virusSWTool.Win32.RAS.a	skipped
C:\RECYCLER\S-1-5-21-2644961631-552631873-2714520094-1005\Dc6\UBCD4WinV313.exe	Inno: infected - 11	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP70\change.log	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\DEFAULT	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SOFTWARE	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SYSTEM	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7b0.dat	Object is locked	skipped
C:\WINDOWS\Temp\TMP00000053DD70559A180A181E	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped

Scan process completed.

_________________

Now, am I supposed to check any of the boxes or click anything? Or just close the window?
I've re-enabled my realtime AV, if that makes any differences in the process.


----------



## Rivera42 (Aug 3, 2007)

Underwent another OneCare malware scan to kill time. Well, not just to kill time but you know what I mean. In any case I passed with flying colors. Well, the green color.


----------



## Cheeseball81 (Mar 3, 2004)

Looks like the only thing it really flagged was the Ultimate Boot CD application which you downloaded, correct?


----------



## Rivera42 (Aug 3, 2007)

That's correct, I did download that. Are you saying there isn't any malware detected here? If this is the case, *sigh of relief* but I'm still dealing with the aforementioned issues.

I ran the sfc utility and I'm pretty sure it worked properly, but I don't know yet if it fixed System Restore. Also, the keyboard issue hasn't edged back one iota - the trouble persists.

Suggestions?


----------



## Rivera42 (Aug 3, 2007)

As it turns out, System Restore does not work, even after I ran that System File Checker utility. As stated, I'm almost 100% certain the sfc procedure did whatever it was supposed to do. Tried two different restore points and neither succeeded. If it isn't malware, what on earth is going on?


----------



## zabusant (Sep 6, 2007)

Hi!

I guess this isn't a malware thread anymore, so I'll tag along

System restore just doesn't work sometimes, no real reason as far as I can tell. The way to get it back is usually to disable it - *losing all the resore points in the process* - then restart and re-enable it.

If the restore points aren't working, you can't fix them (I've certainly never heard of it) so they are lost anyway.


----------



## Rivera42 (Aug 3, 2007)

This would somewhat defeat my purpose in performing the restore procedure itself, since the reason I want to use it is to undo registry changes made by the OneCare scanner. SR is indicated as the official reversal method for said scan. I'd just feel more comfortable undoing the removal of registry entries (after all, this machine isn't even a month old yet!) and a ton more comfortable knowing the undo _could_ be done. If I fixed the feature using some method which deletes the restore points, I'd have solved the problem of being able to use SR, but have no restore points to use it _with_. Bit of a catch 22 there. Obviously if I had to pick, I'd go with SR working properly.


----------



## zabusant (Sep 6, 2007)

I'll give you another catch - it's quite possible that the OneCare reqistry "fixes" caused your trouble with system restore in the first place.

I realize the problem, but I really think those points can't be fixed. But let's give it another go, shall we

First we need to know what the problem is - is it "system restore" that's not working or is it the "restore points". I suggest you create a new restore point and try to restore to that point. If you succeed, system restore is fine and it's the restore points that have become corrupted in which case I don't think you can repair them (maybe running "chkdsk /f", but that's a long shot).


----------



## Rivera42 (Aug 3, 2007)

I was thinking the 1care scan mightve been the culprit, as you suggest, this is why I ran sfc.

I still haven't tried SR in safe mode. This computer, god bless it, starts up so quickly I hardly have time to hit F8. If I could get into Safe Mode, I'd try a restore from that. I did create a new RP before yesterday's attempt, but I haven't tested it.


----------



## Rivera42 (Aug 3, 2007)

I got into the F8 menu, selected "safe mode with networking" and on the yes/no dialog I selected "no" to initiate System Restore. I went back to the original OneCare restore point, which I'm assuming means the point immediately before the scan. Windows went into the shutdown sequence and is currently displaying a System Restore "restoring files" dialog with the world's slowest-moving progress bar.


----------



## Rivera42 (Aug 3, 2007)

Oh I don't believe this.

It still didn't work.

I could select a different RP from either before or after the one I've been trying to use. Or I could disable and re-enable SR.
Or I could...? 
Your turn.


----------



## Rivera42 (Aug 3, 2007)

As far as the keyboard issue, atm I'm running the Dell diagnostic-partition utility and so far coming up clean. What gives?


----------



## zabusant (Sep 6, 2007)

Just try it in safe mode before we go any further - if you're having trouble: shut down your machine normally (don't restart). Press the power button and immediately press and hold F8 (ignore any beeping ).

No matter how fast your PC is it can't go that fast, if it does just kick it a couple of times or hit it with a hammer, that'll dumb it down 

BTW, disabling SR will delete all the restore points, so that's a no-no


About the keyboard, have you tried what I suggested in that thread (uninstalling the driver)?


----------



## Rivera42 (Aug 3, 2007)

This time around was in Safe Mode.

I stopped short of unins/reins the driver but I've no other options it seems.

Ad-Aware found this today - I thought ctfmon.exe was legit?:
Family Id: 941 Name: Win32.Trojan.Agent Category: Malware TAI:10 Item Id: 300046812 Value: Root: HKU Path: S-1-5-21-2644961631-552631873-2714520094-1005\software\microsoft\windows\currentversion\run Value: ctfmon.exe
Delete? Ignore? It won't "quarantine."


----------



## Rivera42 (Aug 3, 2007)

There's that, and there's this.


----------



## Cheeseball81 (Mar 3, 2004)

What brand computer is this?


----------



## Rivera42 (Aug 3, 2007)

The computer under discussion is a Dell Vostro 1500 laptop, XP Pro SP2, Core 2 Duo 1.4 ghz, 2GB RAM, purchased new in April. I've tried getting a hold of their support team, but AFAIK all my hardware is working fine and hardware is the issue they DON'T charge to help you with. There is a secret diagnostic partition on the HD, and I tried using the troubleshooters there. What I learned is that I couldn't detect any trouble. The keyboard issue in particular did not materialize while I performed the tests, yet as I type this, said issue is manifesting. I also keep having this issue.


----------



## Cheeseball81 (Mar 3, 2004)

What I was going to suggest is a system restore since more problems seem to keep arising. Do you have the dell restore discs?


----------



## Rivera42 (Aug 3, 2007)

Yes I do. But System Restore doesn't work. What about the so-called "nondestructive" repair install?

I'm trying to link to it but for some reason I can't, so here's the URL:
http://www.informationweek.com/news/windows/showArticle.jhtml?articleID=189400897

I also learned today that my keyboard problem is apparently an issue with new Vostros, but I haven't found any solutions, only workarounds.
Again, pressing the planet with the chain link on it does nothing, so:
http://forums.techguy.org/hardware/708577-keyboard-lagging-while-everything-else.html


----------



## Cheeseball81 (Mar 3, 2004)

I don't mean the Windows System Restore feature. I mean restoring the computer back to its factory settings with the restore discs. I have a Vostro too and have not experienced any keyboard problems. Not yet anyway...knock on wood...


----------



## Cheeseball81 (Mar 3, 2004)

I don't mean the Windows System Restore feature. I mean restoring the computer back to its factory settings with the restore discs. I have a Vostro too and have not experienced any keyboard problems. Not yet anyway...knock on wood...


----------



## Rivera42 (Aug 3, 2007)

Yes, I have the original CDs and DVDs supplied with the machine, as well as ISO images of them stored on 2 different hard drives, plus both CD-RW and DVD+RW backup copies burned from the ISOs. I like to be prepared.


----------



## Cheeseball81 (Mar 3, 2004)

You can use those to either do the Repair Install or a full system reinstall of Windows. The repair install keeps everything intact and just replaces any missing files/corrupted files.


----------



## Rivera42 (Aug 3, 2007)

So how would I go about doing this? (the one that only replaces the missing files without overwriting personal data and programs)


----------



## zabusant (Sep 6, 2007)

Have a look at *this*

At the bottom of the first post, there are two links (one for the Pro and one for the Home edition), just select your OS and follow the instructions.

If you have any questions, don't hesitate to ask. Good luck:up:


----------



## Rivera42 (Aug 3, 2007)

I've noticed that the backup copies of my Windows CD don't auto-run like the original; I have to go in through Windows Explorer to reach the files. It's an exact copy burned from an .iso of the original, and it seems to work, but Windows doesn't automatically read it, launch anything or display the volume name in the corresponding locations (e.g. My Computer.) The original version of the disc does not produce these complications.


----------



## Cheeseball81 (Mar 3, 2004)

Check this out: http://www.michaelstevenstech.com/XPrepairinstall.htm


----------



## zabusant (Sep 6, 2007)

Rivera42 said:


> I've noticed that the backup copies of my Windows CD don't auto-run like the original; I have to go in through Windows Explorer to reach the files. It's an exact copy burned from an .iso of the original, and it seems to work, but Windows doesn't automatically read it, launch anything or display the volume name in the corresponding locations (e.g. My Computer.) The original version of the disc does not produce these complications.


Which programs did you use to make the iso's and burn the disks? The copies should work exactly the same as the originals. These kind of disks must be burnt as "boot disks", but most programs will do this automatically when burning an image.

I use *CDburnerXP* (freeware) - try it, if you think your software might be the issue.


----------



## Rivera42 (Aug 3, 2007)

PowerISO to make the image and DeepBurner (portable version) to burn it, because it's faster than PowerISO but delivers comparable results.

I don't think it's the software; check this out:
http://forums.techguy.org/multimedia/711495-suddenly-won-t-read-cd.html

When the XP cd produces a blue menu dialog with four or five options like "set up Windows," "browse this cd" and "perform additional tasks" along with a Close button that looks like the one from the start menu, that's the full version of the cd, right?

Lastly, in a gratuitous aside, I'd like to point out ImgBurn as another excellent free app for these purposes.


----------

