AndyManchesta

Its nothing to feel stupid about , There's that many menus and options in I.E it can be difficult to know where to start when something changes. I'm really not sure how it would of changed by itself but It happened to me along time ago so thats the only reason I knew where to look

Try This Goto View on the top bar then Text Size, change it from Smallest to Medium That should solve it

I assume the tweak involves adjusting this key value: HKEY_USERS\.DEFAULT\Control Panel\Keyboard\InitialKeyboardIndicators I wasnt sure if it would restore the settings when the system reboots as its not a key I usually play around with, If you use a registry monitoring tool and enable numlock it doesnt make any changes so thought its best to not get involved with that one All The Best Andy

Its not possible to write a batch file that gets the basic or slim version and automatically installs it, Its easy to do that with the main download link in a batch and silently install it with the default settings but that includes the toolbar, there isnt direct download links to the slim or basic version on the download section ( I know you can click the link but its http://ccleaner.com/downloadbin.asp?f=1 for the basic and http://ccleaner.com/downloadbin.asp?f=2 for the slim version and this cannot be automated in a batch unless its a direct .exe file). Filehippo & Majorgeeks only link to the main version and softpedia doesnt allow the download from outside of their site, If I write it in a batch then it displays a 403 Access Denied message when its attempting to download the file. Andavari's solution is the only option for you if you do not want the toolbar or manually unchecking the Install Yahoo Toolbar option with the main version.

Hi K Have a look Here but it might not apply to your problem You may have to phone your ISP to get advise on setting the network back up

Hi brs , Welcome To The Forum When you run the issues scan and choose to fix any of the items detected you will then get the option to create a backup file. If you choose yes it then lets you decide where you want to save this backup reg file to. Choose a location such as C:\Drive or create a new folder before running Ccleaner's issues scan for the backups by right clicking an empty space on C:\drive or where you want the folder then select 'New' then 'Folder' , Name it and press Enter. When you save the backup file it will look like this. (cc_20060309_1039.reg) The cc refers to Ccleaner, the 20060309 is the date and 1039 is the time. With it having a .reg extention all you need to do to return the removed items to the registry is double click the .reg file (or right click the file and choose Merge). Windows will display a small option screen asking if you want to merge the contents into the registry, Choose 'Yes' and then all the items removed will be put back into the correct locations . Regarding the question of if its necessary, Ccleaner should only remove leftover reg entries which are no longer needed but like any program it could make a mistake sometime so saving the backup is worthwhile especially if you have alot of issues to fix and you do not recognize the programs they relate to. Let us know if you have any more questions Regards Andy

This may not be what your looking for as its not really a desktop notepad but I find KeyNote very handy, you can save any info into it including full webpages and it automatically saves when its closed, I have alot of written info on mine and find its alot better than searching for text files as I can organize them all into different sections inside Keynote. Its not being updated anymore as the Author has closed the project but its Open-Source so others may take it on and release updates. http://www.tranglos.com/free/index.html

Edit : Menu Tweaks Removed

Hi K Sorry I cant help you there , I think the NumLock button is just a keyboard feature and it wouldnt make any registry changes if its enabled or disabled.

Removed Tweaks Will happily keep them for myown system as I was only intending to put them on for a couple of weeks incase novice users got confused about what they do, with only about 3 downloads in 3 days I thought I may as well remove them sooner All The Best

Hey Nick , Go with Krits Advise as it will hopefully solve the issue, At first I thought there might be .exe files running from the temp folders that was causing the problem but even if there was it wouldnt run in safe mode so if its still crashing thats obviously not the problem. There's afew other cleaning tools you could try if it continues but I don't think it would be appropriate to promote them on here. Does your event viewer show any problems ? Goto Start Menu > Run > then type eventvwr Press OK and check the Applications tab for Red circles with White X's , If you find one that maybe related double click it to open into a new window, left click and cover the text then press Control and C to copy to clipboard, you can then right click into a reply here and press Paste to post back the details on the errors. Also post the Event ID if you find problems which is displayed when you double click one of the errors,

Hi Krit I was just looking at area's of the forum which I havent checked out and saw this post This batch script will create a list of installed Hotfixes on a NT Based system Open notepad and copy the contents of the code box into it : regedit /e Hotfix.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix"notepad Hotfix.txt Goto file on the top bar of Notepad and choose 'Save As' , name it anything with a .bat extention such as hotfix.bat then change the 'Save As Type' to All Files. Save it to your pc and double click it to export the Hotfix details to a text file and Automatically open with Notepad. I dont think its going to give any information that would help with the Ccleaner issue but it does list every Hotfix installed.

Hi Nick, Welcome to the Forum Can you try running Ccleaner in safe mode to see if it can complete the scan. (Reboot and keep tapping the F8 key untill you see the Windows Advanced Menu then choose safe mode from the list). If it can complete the clean up in safe mode then reboot the system so it returns back to Normal mode and run it again to see if it solved the problem.

Hi Andavari, It does make things alot faster and saves having to manually search the registry so I thought It maybe useful here. As I'm sure you already know it can be used to export any key from the registry. Another which is useful is to check the Run Keys regedit /e HKCURun.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"regedit /e HKLMRun.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"copy HKLMRun.txt + HKCURun.txt = Run.txtdel /q HKLMRun.txtdel /q HKCURun.txtnotepad Run.txtdel /q Run.txt If you want to keep the text file it creates then remove the last line (del /q Run.txt) @John If you need more help let us know what happens when you run the batch file. I created the key on myown system yesterday to make Ccleaner find the exact same entry as yours, The batch file shows it the first time but after running the regfix neither Ccleaner or the Batch file finds the key. You should also be running them with the Admin account incase there are any restrictions on that registry key.

Hi John Here's a few options that may help. First Disable Spybots Tea Timer as it could interfere with fixing entries. (Right click the teatimer icon in the system tray and choose exit. It will come back on after the next startup) Try Ccleaner again and see if it can remove the entry. If not open Notepad and save the next part into it regedit /e Look.txt "HKEY_CLASSES_ROOT\?"notepad Look.txt Press File from the top bar of Notepad and Choose 'Save As' , Name it Find.bat, Change the 'Save as Type' to All Files then save it to your desktop. Double click Find.bat to run the batch script, If it displays 'Cannot find the Look.txt file' then it doesn't exist, If notepad opens and displays some registry values then it does exist. Assuming it does exist, Open notepad again and save this into it making REGEDIT4 the top line in Notepad. REGEDIT4[-HKEY_CLASSES_ROOT\?] Save it as type 'All Files' again and this time call it Remove.reg then save it to your desktop, Double click remove.reg and allow it to be merged into the Registry. If you saved the first batch file to your desktop and it found the entry then there will be a text file called Look.txt. Delete this file and then run the Find.bat again, If the regfix worked it should then show 'Look.txt cannot be found' , To confirm it was removed run Ccleaner on issues again to make sure it doesnt show in the scan. If the batch file finds the reg entry again after using the Regfix then it means the permissions need looking at on that Reg key to enable full control to Administrators, but I can explain that in more detail if the entry does exist and cannot be removed. Regarding your Hijack Log these can be fixed. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:// red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:// red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in) - O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} (Java Plug-in) - Your Proxy Server settings also look abit strange as it doesnt specify the Proxy Address or the Port Number but I've left that off the list as it maybe genuine. You would probably know better about the Proxy Settings in place on your system so I will leave that one for you to decide The R1 entries are from Yahoo but you are being redirected when you use the Search Bar, Red Client Apps is Red Sheriff so they should be removed. You can read more about Red Sheriff Here & Here. Hope That Helps Andy

I checked Arovax Antispyware yesterday and it seems very weak, It kept finding the same entries each time it scanned and then showed it required a reboot to finish the clean up, After rebooting it finds the same entries and then repeats the reboot process. To be fair one of them was SurfSideKick and that has a protecting file loading from the Appinit DLL's value to make it untouchable, Any file loading from that location is loaded into pretty much every running process because of User32.dll so the only way to fix them is Bart PE methods or Recovery Console (Or Swandogs New Avenger Program). Arovax doesnt detect the protecting file so it has no chance of removing SSK. It kept finding a Reg value from SoftwareOnline's 'Rogue' Registry Cleaner but Im not sure why it couldnt remove it as I am able to remove it manually. It also detects Best Offers Network (Direct Revenue) but doesnt detect the files (tbon.exe & TBONWrd.exe), It just removes some of its registry values but if you refresh the registry after it removes them they are already back in place. After cleaning with Arovax I used Ewido which found another 120 infected items including Backdoor Trojans, Trojan Droppers and Password stealers so Arovax needs some work on its definitions to make it more use in cleaning up pc's I appreciate its beta and I think we all agree that any free spyware remover that is genuine is a good thing, its just not that effective in the quick test I did. Some of the junk installed on my machine produces some strange results. I think its SoftwareOnline's Reg cleaner thats causing them but need to check into that, here's some screenshots. Jotti's Scan loads ActiveX control for ErrorSafe Microsoft's Homepage Microsoft Site loads ActiveX control for Winfixer The Pop Ups are everywhere

That makes sense and explains why the inboxes I noticed were full of spam If it helps people get onto sites that don't accept free accounts then its worth it. The problem is when you signup for the dodgy websites they will probably send the username and password to the dodgeit account and then anyone who reads it can log into their account on that site. I noticed one last night when I tried the site with a random name that had the password and username for their ebay and myspaces accounts. Using it like that sounds crazy but I understand it could be useful for some sites.

If anyone uses Dodgeit they should be aware that everyone can read their emails unless they pay to make the account password protected, you also cannot delete your emails unless you pay but they will get deleted after 7 days . I just checked the site and you can pretty much make up any name on the main page to read someones inbox The ones Ive just seen are all full of spam mails but it could cause problems if anyone signs up and gets personal account info or passwords sent to their dodgeit account. It would probably be fine if its password protected but there's no reason to pay for an email account. Andy

Here's the support page for that error Berdy http://support.microsoft.com/?kbid=915087 The release notes have been updated to include that and afew other bugs http://www.microsoft.com/athome/security/s...leasenotes.mspx

Its connected to NET Framework but I do not know why its showing an error , maybe something is set to load on startup that requires NET Framework, If you have it installed it might be damaged so removing it via add/remove screen and checking if the error still shows may help, download it again if the error still shows after removal, If can install NET Framework using windows updates (Its an optional update) or from Here

Yes the icon is there when its updating and when you first install but then it's removed, I agree its better without it and its easy to pin Windows Defender to the start menu if needed by going to all programs > windows defender then right clicking and choosing pin to start menu. I'm also noticing a problem with updating on one of my pc's, the icons always showing and its displaying its not been updated for 20 days when opened but If I click update it then shows there isnt any updates available EDIT: worked out how to get round that by copying the updated definition files from the pc thats working (mpasdlta.vdm & mpasbase.vdm) into the updates folder (C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates), Rechecked updates with WD and it then shows the latest Don't ya just love beta software

Hi Parvez Yes Real Time is running in the background by default , If you open Windows Defender and click Tools then General Settings the Real Time options are displayed on that area (You need to scroll down to view them) It looks great but has lost alot of features (No system tray icon, Most of the tools have gone. File analyzer gone, system explorers reduced i.e cannot delete or change IE configurations, BHOs, ActiveX etc.. plus it requires SP2 on XP to run) The main question is will it remove and block serious infections so I'm eager to throw some junk its way and see how it performs

Teamwork EDIT: just noticed ContextPlus's new homepage which states "ContextPlus Software Distribution has been Discontinued Due to concerns over the practices of some of its distribution partners, ContextPlus has determined that it is no longer able to ensure the highest standards of quality and customer care and therefore is discontinuing further distribution of its software" No ContextPlus would mean No Apropos so its good news (if true)

Hi Ibflav Sorry just noticed the reply, Its a rootkit infection and possibly a new variant with it having entries in HKLM and HKCU But the information in the logs makes it easy to deal with I will add a post to your Hijack Topic now Andy

Hi ibflav and Welcome to the Forum Can you download Hijack This and post the log on the 'Spyware Hell - HijackThis Log Analysis' group and we can help you get cleaned up. Download Hijack This from Here Save Hijack This to your desktop. Double click on the HJTsetup.exe icon. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue. Put a check by Create a desktop icon then click Next again. At the final dialogue box click Finish and it will launch Hijack This. Click on the Do a system scan and save a log file button. It will scan and then open the results in notepad and also save them into the C:\Program Files Hijack This folder Next can you download the two attached .zip files and save them to your desktop, Extract them and run in safe mode by double clicking look.bat and look1.bat, It will export the information from the registry keys and save it to a text file called look.txt and look1.txt on c:\drive but it may only be able to export the information in safe mode as this looks like a possible Rootkit entry (If it is related to a rootkit then the exports may fail but we can use other methods if thats the case). To Reboot into Safe Mode , Restart your computer and immediately begin tapping the F8 key on your keyboard. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter. (To reboot back to normal mode just restart the pc) Reboot back to Normal mode and post a Hijack This log and the contents of Look.txt and Look1.txt which will be found in c:\drive on the Spyware Hell area. (It will only create the text file if it can find the specified keys, One checks in HKLM the other checks HKCU so post back look.txt or look1.txt if they exist) Regards Andy