# Word opening documents SLOW! aieeee



## Annie2005 (Jul 19, 2005)

Hi,

I can open word and excel by clicking on the program icon and it works fine. If I click on a .doc document though it takes 4 minutes to open.

I have:

-- disabled Office Norton Anti-Virus check
-- run Disk Doctor
-- defrag'd the disk
-- turned off journaling in Outlook
-- deleted normal.dot 
-- tried to uninstall my HP Office Jet Printer and Scanner (with not much luck)
-- run Adaware, Spyblaster, Spysweeper all with new definitions

I am running ME edition and am ready to go nuts. Any ideas? The weird thing is that when I open Word by just clicking on the program icon, everything is fine.

Anne


----------



## bizzt (Jul 15, 2004)

Annie2005 said:


> Hi,
> 
> I can open word and excel by clicking on the program icon and it works fine. If I click on a .doc document though it takes 4 minutes to open.
> 
> ...


Have you tried Deleting your Temp Files, or files in your Temp Folder

O/S 2000 and above is under doc and settings\Username\local Settings\Temp

This might affect some other programs on PC but is usually the Culprit for many problems with MS Products IMHO


----------



## brendandonhu (Jul 8, 2002)

If you hold down Shift and right click on a .doc file, then choose Open With, and pick Word in that list, does it still open slowly?


----------



## Annie2005 (Jul 19, 2005)

Hi there,

I deleted all TMP files everywhere, but though that was a good idea, it didn't do anything that I could see. I rebooted twice and tried it again, but nothing happened.

When I held shift and right clicked on a Word type file under Windows Explorer, it sat and sat until it ended up crashing (Explorer said Not Responding when I did the Task Manager). When I copied a file onto the desktop and tried to open it the same way, it locked up my whole desktop until Explorer said Not Responding. The only way I can open up a document directly is if I click Start->Documents then click on a recent document --- that takes 4-5 minutes.

Also I notice Control Panel is slow as well as Printers. Internet Explorer and Outlook Express open fast though.

Anne


----------



## brendandonhu (Jul 8, 2002)

A virus scan would be a good idea if you haven't done one already: http://housecall.antivirus.com

You might want to try cleaning up the registry with this program: http://www.worldstart.com/weekly-download/programs/regcleaner.exe

Then run HijackThis and post the log
http://www.unitethecows.com/software/HijackThis.exe


----------



## Annie2005 (Jul 19, 2005)

Hi there,

I hope I didn't post this twice by accident. I ran Housecall and it could not delete most of the viruses it found (I attached that below). I was not sure what to do with the regcleaner (didn't want to accidentally delete something). Here is Hijackthis....

Anne

Logfile of HijackThis v1.99.1
Scan saved at 10:20:27 PM, on 7/19/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\JPJNBO.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\REGCLEANER\REGCLEANR.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Program Files\Netscape\Users\gccircle\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\jpjnbo.exe reg_run
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINSM32.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: nrna.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com (file missing) (HKCU)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://hiringcenter.hire.com/advent/java/smsx.cab
O16 - DPF: {43977941-E893-11D3-84ED-0050DA72ECA9} (HIRE.COM) - http://hiringcenter.hire.com/advent/java/SA2Instal.cab
O16 - DPF: {A0197872-25E0-11D4-852F-0050DA72ECA9} (HIRE.COM) - http://adventhc.hire.com/java/N2Instal.cab
O16 - DPF: {A0197873-25E0-11D4-852F-0050DA72ECA9} (HIRE.COM) - http://hiringcenter.hire.com/advent/java/DP2Instal.cab
O16 - DPF: {A0197874-25E0-11D4-852F-0050DA72ECA9} (HIRE.COM) - http://hiringcenter.hire.com/advent/java/TS2Instal.cab
O16 - DPF: {13209661-25F5-11D4-852F-0050DA72ECA9} (HIRE.COM) - http://hiringcenter.hire.com/advent/java/P2Instal.cab
O16 - DPF: {332bd5a0-8000-11d7-b657-00c04faedb18} (Oracle JInitiator 1.1.8.22) - http://adordbdv.advent.com:8002/jinitiator/oajinit.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {98A52828-A5D6-11D3-82B8-00104B39A31D} (Onyx Masked Edit Control Class) - http://onyxlan.advent.com/lanrequests/OnyxMaskEdit2.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

From housecall ---

Results:
We have detected 10 infected file(s) with 14 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available 
- 0 virus(es) cleaned, 0 virus(es) uncleanable 
- 1 virus(es) deleted, 13 virus(es) undeletable 
- 0 virus(es) not found, 0 virus(es) unaccessible 
Detected File Associated Virus Name Action Taken 
C:\_RESTORE\TEMP\A0056401.0 TROJ_QOOLOGIC.I Undeletable 
C:\_RESTORE\TEMP\A0056498.CPY TROJ_SMALL.AAL Undeletable 
C:\_RESTORE\TEMP\A0057680.CPY TROJ_SMALL.AAL Undeletable 
C:\_RESTORE\TEMP\A0057756.CPY TROJ_DROPPER.CP Undeletable 
C:\_RESTORE\TEMP\A0061474.0 TROJ_QOOLOGIC.I Undeletable 
C:\_RESTORE\TEMP\A0061687.CPY TROJ_QOOLOGIC.D Undeletable 
C:\_RESTORE\TEMP\A0061688.CPY TROJ_QOOLOGIC.E Undeletable 
C:\_RESTORE\ARCHIVE\FS259.CAB 
- A0037544.CPY TROJ_DLOAD.A Undeletable 
C:\_RESTORE\ARCHIVE\FS724.CAB 
- A0051018.CPY TROJ_SMALL.AAL Undeletable 
- A0051025.CPY TROJ_ONECLICK.A Undeletable 
- A0051026.CPY TROJ_DROPPER.DM Undeletable 
- A0051027.CPY TROJ_STARTPAG.QY Undeletable 
- A0051074.CPY TROJ_DROPPER.CP Undeletable 
C:\Recycled\Dc33.TMP TROJ_AGENT.BN Deletion successful

Trojan/Worm Check 0 worm/Trojan horse deleted

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer. 
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available 
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable 
Trojan/Worm Name Trojan/Worm Type Action Taken

Spyware Check 1 spyware program removed

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet. 
Results:
We have detected 14 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 13 spyware(s) passed, 0 spyware(s) no action available 
- 1 spyware(s) removed, 0 spyware(s) unremovable 
Spyware Name Spyware Type Action Taken 
COOKIE_45 Cookie Pass 
COOKIE_222 Cookie Pass 
COOKIE_281 Cookie Pass 
COOKIE_344 Cookie Pass 
COOKIE_442 Cookie Pass 
COOKIE_744 Cookie Pass 
COOKIE_825 Cookie Pass 
COOKIE_1433 Cookie Pass 
COOKIE_1554 Cookie Pass 
COOKIE_2089 Cookie Pass 
COOKIE_2458 Cookie Pass 
COOKIE_2817 Cookie Pass 
COOKIE_6853 Cookie Pass 
SPYW_FPTLBAR.100 Spyware Removal successful

Microsoft Vulnerability Check 9 vulnerabilities detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix. 
Results:
We have detected 9 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix 
Highly Critical This vulnerability enables attackers to launch an attachment automatically by making use of an unusual MIME type that IE handles incorrectly. MS01-020 
Critical This vulnerability enables a remote attacker to execute arbitrary codes on the users system. It is caused by Internet Explorer 6.0 believing that the file to be opened is safe to open without user confirmation, due to some changes made in the HTML header.;This vulnerability enables a remote attacker to read any file contained in the users system that could be opened through Internet Explorer 5.5 or 6.0.;This vulnerability enables a remote attacker to represent the file name in the File Download dialogue box of Internet Explorer 5.5 or 6.0 with a different name that could fool users into thinking that the said file is safe to download. MS01-058 
Critical This vulnerability allows a remote attacker to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated when buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 is triggered.;A remote attacker could read arbitrary files via malformed requests to the GetObject function because Internet Explorer 5.01, 5.5 and 6.0 bypass some of GetObject's security checks.;File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows the modification of the displayed name of the file through Content-Disposition and Content-Type HTML header fields, which could allow an attacker to trick a user into believing that a file is safe to download.;Because Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, a remote attacker is allowed to modify which application is used to process a document.;Internet Explorer 5.5 and 6.0 bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made, which could allow a remote attacker to compromise user system through the said vulnerability.;Internet Explorer 5.5 and 6.0 allows the reading of certain files and spoofing of the URL in the address bar through the Document.open function, which could allow a remote attacker to compromise user system through the said vulnerability.;This vulnerability allows a remote attacker to read arbitrary files by specifying a local file as an XML Data Source. This is caused by the XMLHTTP control found in Microsoft XML Core Services 2.6 and later not properly handling Internet Explorer Security Zone settings. MS02-005 
Critical This vulnerability enables a remote attacker to run scripts in the Local Computer zone. This is done via a script that is embedded in a cookie that would be saved to the users system.;This vulnerability enables a remote attacker to invoke an executable on the users system via an HTML web page that includes an object tag. MS02-015 
Critical This vulnerability enables a remote attacker to execute arbitrary code through a specially crafted MIDI file. This is caused by multiple buffer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL). MS03-030 
Highly Critical These vulnerabilities, which are due to Internet Explorer not properly determining an object type returned from a Web server in a popup window or during XML data binding, respectively, could allow an attacker to run arbitrary code on a user's system. MS03-040 
Critical This vulnerability could allow an attacker to access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system, wherein this is executed under the security context of the currently logged on user.;This vulnerability could allow an attacker to save a file on the users system. This is due to dynamic HTML events related to the drag-and-drop of Internet Explorer.;This vulnerability, which is due to the incorrect parsing of URLs which contain special characters, could allow an attacker to trick a user by presenting one URL in the address bar, wherein it actually contains the content of another web site of the attackers choice. MS04-004 
Critical This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system. MS05-001 
Critical This vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execution on an affected system. MS05-013

Results:
We have detected 10 infected file(s) with 14 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available 
- 0 virus(es) cleaned, 0 virus(es) uncleanable 
- 1 virus(es) deleted, 13 virus(es) undeletable 
- 0 virus(es) not found, 0 virus(es) unaccessible 
Detected File Associated Virus Name Action Taken 
C:\_RESTORE\TEMP\A0056401.0 TROJ_QOOLOGIC.I Undeletable 
C:\_RESTORE\TEMP\A0056498.CPY TROJ_SMALL.AAL Undeletable 
C:\_RESTORE\TEMP\A0057680.CPY TROJ_SMALL.AAL Undeletable 
C:\_RESTORE\TEMP\A0057756.CPY TROJ_DROPPER.CP Undeletable 
C:\_RESTORE\TEMP\A0061474.0 TROJ_QOOLOGIC.I Undeletable 
C:\_RESTORE\TEMP\A0061687.CPY TROJ_QOOLOGIC.D Undeletable 
C:\_RESTORE\TEMP\A0061688.CPY TROJ_QOOLOGIC.E Undeletable 
C:\_RESTORE\ARCHIVE\FS259.CAB 
- A0037544.CPY TROJ_DLOAD.A Undeletable 
C:\_RESTORE\ARCHIVE\FS724.CAB 
- A0051018.CPY TROJ_SMALL.AAL Undeletable 
- A0051025.CPY TROJ_ONECLICK.A Undeletable 
- A0051026.CPY TROJ_DROPPER.DM Undeletable 
- A0051027.CPY TROJ_STARTPAG.QY Undeletable 
- A0051074.CPY TROJ_DROPPER.CP Undeletable 
C:\Recycled\Dc33.TMP TROJ_AGENT.BN Deletion successful

Trojan/Worm Check 0 worm/Trojan horse deleted

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer. 
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available 
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable 
Trojan/Worm Name Trojan/Worm Type Action Taken

Spyware Check 1 spyware program removed

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet. 
Results:
We have detected 14 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 13 spyware(s) passed, 0 spyware(s) no action available 
- 1 spyware(s) removed, 0 spyware(s) unremovable 
Spyware Name Spyware Type Action Taken 
COOKIE_45 Cookie Pass 
COOKIE_222 Cookie Pass 
COOKIE_281 Cookie Pass 
COOKIE_344 Cookie Pass 
COOKIE_442 Cookie Pass 
COOKIE_744 Cookie Pass 
COOKIE_825 Cookie Pass 
COOKIE_1433 Cookie Pass 
COOKIE_1554 Cookie Pass 
COOKIE_2089 Cookie Pass 
COOKIE_2458 Cookie Pass 
COOKIE_2817 Cookie Pass 
COOKIE_6853 Cookie Pass 
SPYW_FPTLBAR.100 Spyware Removal successful

Microsoft Vulnerability Check 9 vulnerabilities detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix. 
Results:
We have detected 9 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix 
Highly Critical This vulnerability enables attackers to launch an attachment automatically by making use of an unusual MIME type that IE handles incorrectly. MS01-020 
Critical This vulnerability enables a remote attacker to execute arbitrary codes on the users system. It is caused by Internet Explorer 6.0 believing that the file to be opened is safe to open without user confirmation, due to some changes made in the HTML header.;This vulnerability enables a remote attacker to read any file contained in the users system that could be opened through Internet Explorer 5.5 or 6.0.;This vulnerability enables a remote attacker to represent the file name in the File Download dialogue box of Internet Explorer 5.5 or 6.0 with a different name that could fool users into thinking that the said file is safe to download. MS01-058 
Critical This vulnerability allows a remote attacker to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated when buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 is triggered.;A remote attacker could read arbitrary files via malformed requests to the GetObject function because Internet Explorer 5.01, 5.5 and 6.0 bypass some of GetObject's security checks.;File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows the modification of the displayed name of the file through Content-Disposition and Content-Type HTML header fields, which could allow an attacker to trick a user into believing that a file is safe to download.;Because Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, a remote attacker is allowed to modify which application is used to process a document.;Internet Explorer 5.5 and 6.0 bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made, which could allow a remote attacker to compromise user system through the said vulnerability.;Internet Explorer 5.5 and 6.0 allows the reading of certain files and spoofing of the URL in the address bar through the Document.open function, which could allow a remote attacker to compromise user system through the said vulnerability.;This vulnerability allows a remote attacker to read arbitrary files by specifying a local file as an XML Data Source. This is caused by the XMLHTTP control found in Microsoft XML Core Services 2.6 and later not properly handling Internet Explorer Security Zone settings. MS02-005 
Critical This vulnerability enables a remote attacker to run scripts in the Local Computer zone. This is done via a script that is embedded in a cookie that would be saved to the users system.;This vulnerability enables a remote attacker to invoke an executable on the users system via an HTML web page that includes an object tag. MS02-015 
Critical This vulnerability enables a remote attacker to execute arbitrary code through a specially crafted MIDI file. This is caused by multiple buffer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL). MS03-030 
Highly Critical These vulnerabilities, which are due to Internet Explorer not properly determining an object type returned from a Web server in a popup window or during XML data binding, respectively, could allow an attacker to run arbitrary code on a user's system. MS03-040 
Critical This vulnerability could allow an attacker to access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system, wherein this is executed under the security context of the currently logged on user.;This vulnerability could allow an attacker to save a file on the users system. This is due to dynamic HTML events related to the drag-and-drop of Internet Explorer.;This vulnerability, which is due to the incorrect parsing of URLs which contain special characters, could allow an attacker to trick a user by presenting one URL in the address bar, wherein it actually contains the content of another web site of the attackers choice. MS04-004 
Critical This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system. MS05-001 
Critical This vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execution on an affected system. MS05-013

Trojan/Worm Check 0 worm/Trojan horse deleted

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer. 
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available 
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable 
Trojan/Worm Name Trojan/Worm Type Action Taken

Spyware Check 1 spyware program removed

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet. 
Results:
We have detected 14 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 13 spyware(s) passed, 0 spyware(s) no action available 
- 1 spyware(s) removed, 0 spyware(s) unremovable 
Spyware Name Spyware Type Action Taken 
COOKIE_45 Cookie Pass 
COOKIE_222 Cookie Pass 
COOKIE_281 Cookie Pass 
COOKIE_344 Cookie Pass 
COOKIE_442 Cookie Pass 
COOKIE_744 Cookie Pass 
COOKIE_825 Cookie Pass 
COOKIE_1433 Cookie Pass 
COOKIE_1554 Cookie Pass 
COOKIE_2089 Cookie Pass 
COOKIE_2458 Cookie Pass 
COOKIE_2817 Cookie Pass 
COOKIE_6853 Cookie Pass 
SPYW_FPTLBAR.100 Spyware Removal successful


----------



## Surreal2 (May 21, 2005)

Annie - go to the Windows update site and download and install all critical updates it finds for your system. It may ask you to restart your pc after installing but don't do that yet...click cancel, then go back to the update window, click the 'Office update' button at the top and download/install any updates it finds for your Office programs.

Then restart your computer, and wait for experts to help with your HJT log.


----------



## brendandonhu (Jul 8, 2002)

Follow Surreal2's instructions first.
Go to Start>>Settings>>Control Panel>>System>>Performance>>File system>>Troubleshooting>>Disable System Restore
Ok>>Yes

After the computer restarts, go back and uncheck Disable system restore.
Run Housecall again.


----------



## Annie2005 (Jul 19, 2005)

Aieee...

After I applied the service pack 1 from Windows, my hard drive completely crashed. It took 4 hours to install. I got the blue screen of death and unable to write to drive c with a clicking sound.

My hard drive is sitting in San Leandro CA at a data recovery firm and they are seeing if any files can be recovered.


----------



## ggumisme (Jun 12, 2007)

I had the same problem wih Word 2003, Excel 2003, and some other non-MS products running explorer under XP SP2. Specifically, files would open fine from within the application using File/Open. However, it would take about 5 minutes to open the file when double clicking it in Explorer. I found the following fix in a Microsoft Excel 2007 forum. I will describe it with respect to Excel, but it works for all the applications that were problematic for me.


Go to the Control Panel, Folder Options, File Types. Highlight the XLS extension and then click Advanced. Click Open from the list, and then click Edit. Add "%1" (quotes are needed) to the end of the Application used string (which will probably end with /e for the Excel XLS extension example.) Also uncheck the DDE box. Thanks to Starksnet from the Excel 2007 forum for this fix that was more general than he may have thought!

I haven't a clue how I developed this problem to begin with. Any insights with regard to how the problem was acquired would be interesting and appreciated. Anyway, this fix worked for me. Hope it helps you.

Best Wishes,
Jim


----------



## Rock God (Jun 28, 2007)

Thanks Jim, this slow opening thing has been driving me nuts. I've got a fairly new Dell Dual Core and it's lightening fast at everything else but documents have taken around 15 seconds or more simply to open. Your fix works great (opening seems almost instantaneous now). Cheers again.

Jon


----------



## TOYMAN1952 (Jun 10, 2001)

Thanks Jim. This solved it for me also.


----------



## krellkraver (Jun 7, 2008)

Great tip, Jim. Works also for Office 2007 Word and Excel files under XP SP2. I did notice that I disabled DDE, but it always returns. No matter, that the fix works is the key.


----------



## LoonyLori (Aug 12, 2008)

This worked the first time out-- what a relief!

FYI, I put the "%1" after the last " but before the /e

I wasn't sure if that was right, but it works, so no looking back!

Thank you!


----------

