e mails in windows mail Results

Page 22 of 39.
Results 421...440 of 764

Sponsored Links:

BH Landscape

Next week, many of us here will be heading down to Las Vegas for Black Hat. The MSRC, and other teams in Microsoft, have been attending Black Hat for years. In fact, we've been sponsoring the show for the last eight years-the last five as a platinum sponsor. Some might ask why? It's funny, I can actually remember back in my days as an officer protecting networks in the U.S. Air Force, questioning why Microsoft had such a presence at the show. As much as I'd like to say it's because of the weather (after all, most of us are over here in the rainy Northwest), or because it's the largest security conference out there (it's not), or even better, because we so look forward to getting our next Pwnie Award-the truth is it's none of the above. Well, maybe just a bit on the Pwnie. But the reality is that to us, Black Hat has always been a reflection of, and driven by, the community-likeminded people from all walks of life and professions with a shared interest in advancing the state of security. They come together to share ideas, advance thinking, network and collaborate, and ultimately learn from one another. We feel connected to that and always look forward to being a part of it.

So with the show fast approaching, I've taken some time to reflect on where the Microsoft Security Response Center is currently and where we see ourselves going with respect to security. Specifically, I've been thinking a lot about three areas: 1) our work to address vulnerabilities in our software, 2) our work with the security community and 3) our philosophy on vulnerability disclosure. Given the fact that each of these topics have recently garnered interest and fueled discussion in the community and media, I thought I'd share my thoughts.

Vulnerabilities and Time to Fix

Some will say that we take too long to fix our vulnerabilities. But it isn't all about time-to-fix: Our chief priority with respect to security updates is to minimize disruption to our customers and to help protect them from online criminal attackers. These customers own and operate a diverse ecosystem of nearly a billion systems worldwide. It's humbling to think about the responsibility this entails and yet we embrace the challenge. Even in the face of that, our overall track record shows the window of vulnerability is being reduced and we have additional plans to improve.

The Microsoft Security Response Center (MSRC) receives more than 100,000 e-mail messages per year at secure@microsoft.com - that's nearly 275 per day or 11 per hour. This is filtered down to approximately 1,000 legitimate investigations per year. Once a vulnerability has been confirmed, a comprehensive examination is undertaken to ensure that the reported vulnerability is addressed, other vulnerabilities that might exist in related code are identified and addressed, and no new vulnerabilities or bugs are introduced during this process.

But why don't we commit to fixed timelines? Because it is important to consider the overall customer risk when focusing on updating software for security issues. Most security updates released by the MSRC will be rapidly deployed to hundreds of millions of systems worldwide helping to protect customers from attacks in a very short timeframe. And the software being updated is being used by hundreds of thousands of applications on all sorts of hardware in all sorts of scenarios. So it is imperative that the update has been rigorously engineered and tested in order to avoid creating any type of disruption to these systems. During this time, the MSRC monitors for signs that the vulnerability, or variants, are being used in active attacks. The MSRC does this by using comprehensive telemetry systems as well as data and information provided by customers and partners around the world, and the rest of the industry. This approach helps Microsoft balance between the potential urgency of releasing an update for a particular vulnerability and ensuring high confidence that the update will address the vulnerability, all of its variants and maintain the functionality and stability that customers expect from the affected products.

Many times the issue that the finder reported is an indication of other similar vulnerabilities in that area of code. And the original issue may not be the most complicated, or even the most likely to get used in attacks. Microsoft tries to address vulnerabilities and all of their variants in as few updates as possible because they cost enterprise customers time, effort and money to re-assess and deploy multiple updates for issues that could potentially be addressed in a single update. The time it takes to complete a comprehensive examination helps to ensure the number of security updates Microsoft releases and needs to re-release is kept to a minimum, thus reducing the costs and potential disruption to enterprise customers' operations. Due to the increase in quality that Microsoft has achieved over the last five years, some enterprise customers deploy security updates with little or no testing, and hundreds of millions of consumers continue to use the Automatic Update client on their systems to ensure that they stay protected automatically.

For the majority of issues, we are able to release high quality and comprehensive security updates to customers well before any indication of attacks, and well before they are disclosed publicly. However, there are exceptions. In some cases attacks result, and when that happens, we have to compress testing to release updates quickly. Also, when there are attacks, we release workarounds in days that can block these attacks even without the updates. Usually these take the form of a "FixIt" that can protect customers with one click or be easily deployed throughout the enterprise.

However, there are cases that take much longer. In fact, last year at Black Hat there was a security event dealing with a vulnerability in a library called "ATL" or "Active Template Library." That issue affected not only multiple Microsoft product versions, but also several 3rd party products and services. It took over a year to coordinate that release, and in the end, even the finders themselves understood and commented that with the complexity involved, taking over a year wasn't unreasonable. When seemingly simple security issues, such as a memory corruption bug, affect multiple different products, the coordination and calibration can drive longer timelines so no product, or customers of those products are left behind. And there have also been cases that are such deep architectural changes that they can take multiple years to fully resolve or may not be able to be resolved in some of our older products. Usually these issues result from new threats emerging that product designs or assumptions couldn't anticipate. Changing those assumptions for products that have been in market for several years does take time and coordination so customers and applications can work effectively with them.

Focusing on resolving security issues has and will always be a priority for us. And work to improve our processes will continue, but we must always strike a balance between timeliness and quality.

Working with the Security Community

The topic of how well Microsoft works with the security community is important to me personally, and to my team. Years ago, this was a very valid concern. I can remember being on the outside of Microsoft and watching researcher discussions noting how Microsoft wouldn't engage or was unresponsive. We've made dramatic changes on this front since the inception of Trustworthy Computing. At Microsoft we recognize, and appreciate, the unique value that security researchers play in identifying issues and helping the entire computing ecosystem improve from a security perspective. We also thank many in the community for their collaborative work over the years, and for nearly a decade we have demonstrated our commitment to working with them in an honest and transparent manner. We may not always agree on the severity and the amount of time it should take to develop and test an update that has to work with hundreds of millions of computers, but we do believe we're fair and open when working with researchers. It's not in our interest or the interest of our customers to behave any differently.

Throughout the years we've seen researchers saying that if vendors really valued their work, we'd compensate them directly for the vulnerabilities they discover. That's a trend that's continued in recent weeks. We absolutely value the researcher ecosystem, and show that in a variety of ways. The most well-known is the fact that we acknowledge the researcher's work in our bulletins when a researcher has coordinated the release of vulnerability details with the release of a security update. And that's just the tip of the iceberg. We also work to make sure we can support the community's development by sponsoring and supporting nearly 50 security conferences in over 20 countries each year.

Probably the community effort that started more of the deeper relationships we've built with researchers is our own little "hacker" conference we host at Redmond each year, called "BlueHat Security Briefings." Launched in 2004, this conference is aimed at bringing Microsoft security professionals and external security researchers together in a relaxed environment to promote the sharing of ideas, social networking and ultimately improving the security of Microsoft products. Key to the success of BlueHat and its benefit to our customers is the direct question-and-answer access that researchers get with the specific owners of the technology they're researching. In many cases, some of our direct competitors have sat on our stage at Microsoft and talked about problems in our products, directly to the folks that develop and manage them. And they've been able to get feedback on their research from the same folks as well.

The Shift to Coordinated Vulnerability Disclosure

If there's one area that has had had staying power in terms of driving polarized debate in the broader security community-as manifested in mainstream and social media this past month-it's in how to disclose vulnerability details. Ideally, updates for those vulnerabilities are available for all customers before details are broadly available. This allows us to protect the end-users because they just get the updates automatically, and large Enterprises can analyze, prioritize and deploy updates to hundreds of thousands of systems quickly. When communication breakdowns and disagreements happen, resulting in vulnerability details disclosed by researchers before we release an update, those details are then used by criminals to attack our customers. The worst situation is when vulnerabilities aren't disclosed to the vendor at all, because then there's very little hope of broad protections ever getting released for all customers.

Because of this range of situations, we also see a range of philosophies. Of course, Microsoft always supported the position that the best way to disclose issues is in a coordinated fashion, where details of the vulnerability are released in conjunction with an update that is broadly available for customers. This is known as "Responsible Disclosure." The term itself can be subjective because if either party doesn't abide by those terms, it is implied that they themselves are "irresponsible." Debate on this very issue of responsibility is understandable; however, it is important to remember that in the end we are dealing with customer safety issues - and we should all take that seriously. It is unfortunate these debates can make us lose focus on what is really important - protecting people using the Internet from harm.

Today, Matt Thomlinson, the general manager of Security at Trustworthy Computing, introduced a new disclosure philosophy Microsoft is adopting called Coordinated Vulnerability Disclosure http://blogs.technet.com/b/msrc/arch...isclosure.aspx . Katie Moussouris, senior security strategist on the MSRC Ecosystem Strategy team, provides more information and insight on the necessity of this shift in disclosure philosophy and practice on the MSRC Ecosystem Strategy Team Blog http://blogs.technet.com/b/ecostrat/...the-force.aspx. You'll see from her post, we're not alone in acknowledging it is time for a change. Other vendors and researchers from the broader community of defenders are supportive and will be instrumental in making this shift a reality. So read the post, provide your feedback and then join us in making this an industry wide shift.

Now back to the catalyst for this post-Black Hat. We're just a few days from the event itself and we'll likely see more themes develop once it kicks-off. But I hope the thoughts I've shared here provide some insights into our point of view on recent discussions in the community.

The realities of today's threat landscape point to a world that has shifted from a variety of participants with various motives to one of two sides-those who intend to harm or commit crime and those who intend to prevent harm and fight crime. As an industry and community, philosophical differences or competition aside, we should be in this together. Our own welfare as individuals and a collective community is at stake with unseen criminals who show no indication of backing down. It's our hope that this effort to shift to a shared responsibility of coordination and collaboration is something that is carried beyond Black Hat as we progress and evolve as a global community of defenders.

Hope to see you at Black Hat!

Mike Reavey
Director, MSRC


I was using Build 7000 with updates through 2-18-09 on a reasonably basis. It was installed with no password being declared. Thus, no password was required when starting up. I did not use W-7 for two weeks, during which the original password "expired." Now, when I try to launch W-7 I get the 'Password expired" window, with three boxes having the following captions in gray type: Password, New Password, Confirm Password.
What do I enter? Pressing TAB, SPACE BAR does not work. Pressing SPACE and RETURN also does not work.
There is no "Lost Password" mechanism whereby I enter my e-mail address and a bypass method is given.

Is there a bypass? Or, do I have to re-install?
Thank you.

PassMark DiskCheckup™ allows the user to monitor the SMART attributes of a particular hard disk drive. SMART (Self-Monitoring Analysis and Reporting Technology) is a feature on a computer's hard disk for providing various monitoring indicators of disk reliability. If SMART is enabled on a hard disk, the system administrator can receive analytical information from the hard drive to determine a possible future failure of the hard drive.
SMART monitors elements of possible long term drive failure, such as 'Spin Up Time', the number of start/stops, the number of hours powered on and the hard disk temperature.
DiskCheckup displays the current values of the SMART attributes, along with the Threshold value for that attribute. If an attribute drops below its threshold, the drive cannot guarantee that it will be able to meet its specifications in the future.

Note that SMART attributes change slowly over time and are helpful attempts to diagnose the life span of a particular drive. DiskCheckup monitors these changes over a long period and predict the date (if available) of the Threshold Exceed Condition (TEC), which is displayed on the main window.

DiskCheckup also displays device information, such as the drive geometry, serial number, model number, media rotation rate, and supported features.

E-mail notification when Threshold Exceed Condition detected
DiskCheckup can be configured to perform e-mail notification when a SMART attribute has been detected to be less than the allowable threshold value. Such threshold values are determined by the hard disk manufacturer. For a drive to be considered "good", all the SMART attributes must be above these values. Different SMART attributes have different threshold values. For more configuration options, refer to the screen shot below.

System requirements
A hard drive that supports SMART, plus compatible drivers. Most recent hard drives (SATA/USB/FireWire) are OK but drives connected via SCSI or hardware RAID are not supported. Drives configured as software RAID (dynamic disks) via Windows Disk Management will also work.

Known issues

Hardware RAID and SCSI are not supported. But dynamic disks (software RAID) are supported.The Silicon Image SIL0680 Ultra-133 ATA RAID Controller has a bug which can cause a system lockup when the SMART data is accessed.. This bug exists in the current driver version, and presumably in previous versions.TEC predictions about future failure dates should be taken as a guide only and should not be considered accurate.The majority of newer drives connected via USB and Firewire are supported. However, older drives may not be supported due to the protocol bridge on the hard disk not supporting SMART commands)
DiskCheckup is free for personal use.

PassMark DiskCheckup ™

Download now! (653 KB)

Guys, I've been having some extremely weird problems with my Windows 7 Home Premium PC. It's brand new, bought in the beginning of the year. There's 4 problems. Main one comes first:
Today, while I was watching You Tube videos, got a blue screen twice. But not the 'blue screen of death', that blue color you get when you start Windows 7, light blue gradient. The computer responded to nothing. After a while, that screen went off but the CPU was still on. I rebooted it, came back to the website and same thing again. I rebooted it again without going to those websites of before. Here I am, posting these problems only.
The computer, in the last weeks, also had a problem twice in which, when you put it to turn off, it finishes the process, but the CPU's still on and won't turn off by itself at no way. Usually happens when you use the Power button on the keyboard. With the Start Menu option, it's okay.
I use an LG monitor that is actually a TV. It often has a problem in which it changes the screen resolution by itself, always after I leave it in standby mode for a long while. Therefore, I have Intel TV wizard installed, with all possible updated drivers to see if that stopped, but it keeps going on so far. I went to W7 troubleshooting and one of the problems there was with 'TVWizard2ft', does it have anything to do with that?
And 2 days ago the computer had the craziest of all problems. Avast had its license expired (even though it was due 2011), I couldn't uninstall it even with Revo Uninstaller. Computer's date was changed to 2099. All websites I went to on Firefox and IE said it wasn't a safe connection, so I couldn't browse anywhere. I fixed it manually and rebooted, so it's fine now.
On Windows problems log it doesn't seem to have anything to do with this, except for an issue of 01/12/10 (old, but seems to be important), check out the log (i tried to attach all logs in this post but errors happened):

Problem signature
Problem Event Name: BlueScreen
OS Version: 6.1.7600.
Identification of Location: 1046

Files that help describe the problem (some files may no longer be available)

View a temporary copy of files
WARNING: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Additional information about the problem
BCCode: 1000008e
BCP1: C0000005
BCP2: 00000008
BCP3: 8F8E8F58
BCP4: 00000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1 I scanned it today with Avast and nothing. Also defragged it. Yesterday I used ComboFix, but guess what, it had a problem too. There was a point in which only the computer background would show and wouldn't get out of there for nothing, didn't respond to any command. I left it there for a long while, cause it could be a ComboFix's process, but it never stopped. I promise to try again later.
HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:50:37, on 13/06/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesVIAVIAudioiVDeckVDeck.exe
C:Program FilesAlwil SoftwareAvast5AvastUI.exe
C:Program FilesWindows Sidebarsidebar.exe
C:UsersMasterDocumentsléétiGlee_ The Music, Volume 2HiJackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = Globo.com - Absolutamente tudo sobre esportes, notícias, entretenimento e vídeos
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = MSN.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = Bing
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = Bing
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = MSN.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:PROGRAM FILESGBPLUGINgbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:Program FilesGbPlugingbiehCef.dll
O4 - HKLM..Run: [LanguageShortcut] "C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe
O4 - HKLM..Run: [HDAudDeck] C:Program FilesVIAVIAudioiVDeckVDeck.exe -r
O4 - HKLM..Run: [avast5] "C:Program FilesAlwil SoftwareAvast5avastUI.exe" /nogui
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre6binjp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre6binjp2iexp.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:PROGRAM FILESGBPLUGINgbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:Program FilesGbPlugingbiehCef.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:PROGRA~1GbPluginGbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe

End of file - 4741 bytes I need help, even if it's just with the worse of problems, because the PC is brand new and was quite expensive. Mommy paid it. And things look bad. If it crashes, I'm sure dead.
Sorry for such an ENOURMOUS text. I just wanted to give you all the info.

Some stuff about the computer:
Windows 7 Home Premium
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93 GHz 2.93 GHz
Installed Memory (RAM): 2 GB
Sistem type: OS 32-bit

I am experiencing problems running Windows 7 (desktop background is frozen, gadgets and utilites files are missing etc.) yet when I create a new user account then log onto that, Windows 7 runs fine (fix suggested by Cybercore). My question is, can I simply transfer settings and files from the old user account to the new one then delete the old one? Presumably this would then delete whatever the problem was - or do I still have a rotten apple somewhere in the system?
If deleting the old account is practical, what is the best way to go about transferring settings & files to new user account (e.g. e-mails etc)?
Would appreciate thoughts on this.

Hello i have installed windows 7 64-bit and, although i am not certain, i think i had good internet speed before i put the 64-bit version. Initially i decided not to use the 64-bit version because i couldnt get the driver of my external USB wi-fi card to be recognized.

It's an SMC WUSB-G EZ Connect. SMC said their driver was supported by Vista 64 so i thought i wouldn't have any issues. I did. I could, however solve the problem by installing (bad install) the driver that came with the CD and then installing what i think is a previous version of the same driver in the same folder. Then i could get W7 to recognize i had a wi-fi conenction and therefore could connect myself to any wi-fi around.

I think it was then that i started having ridiculously slow internet speeds. I didn't notice a lot because i have been having a pretty busy life and i just leave downloads going and then check them. When i started to notice i couldn't remember anymore when it started. Fact is that for a few weeks i was getting 1Mb of speed at most. Now after doing a few things in order to solve the issue i am getting 6Mb ( i have absolutely no knowledge of why). I did the speedtest twice today and both time i got good peeks reaching up to 12Mb but ending in 6Mb. I am going crazy about this.

I'm paying for 20Mb and i can't use them. I share connection with my neighbour and he came here with his notebook and got 16Mb. So, i am assuming it's not the distance or anything. Also after these "experiments" i had going on in order to fix it it seems my wi-fi signal has gotten a little weaker. Now i normally have two sticks out of five at most times. I normally had at least 3 before these changes.

From the experiments i tried i can remember these:
- I ran that DOS command: "netsh int tcp set global autotuninglevel=disabled" obteaining the Ok. message.
- I tried TCPOptizmier: gotten only worse and i think it was when my signal started to get weaker. Before deleting it i restored to windows default configs though.
- Disaled IPv6
-Disabled QoS

Please don't tell me it's a driver related issue. Help me search for the other possible reasons because, the truth is, SMC support sucks, and although i have sent them quite a few e-mails they haven't answered. Please help me seek the reasons as to why this is happening.

Very much appreciated,


PS: my notebook is in repair. It has a vista 32bit system. When i get it back ill run speedtest in order to compare.


I have a Toshiba M750 TabletPC running Win7 Pro 64-bit.

Never had a problem until a few days ago, possibly until I installed SpiderOak's latest version, 9810. (SpiderOak is a backup/sharing software similar to Dropbox)

I'm using IPv4 with the following settings:

Fixed IP of

DNS1: (our SBS2003 server's IP)
DNS2: (OpenDNS)

After I have used the computer for a day or two, IE and FF stop being able to browse, period.

This is both on a home network, as well as when using Wi-Fi networks out of the house. Haven't used the laptop in the office so far.

I have tracerouted sites, which I am able to do successfully when not able to browse.

SpiderOak is not running, but possibly any modifications to the OS/networking might have changed things. However, this could also not be a result of SpiderOak, but rather Windows Updates as well...

Other computers on the network (home) are able to browse the internet.

In this condition, I am only able to browse the net and get e-mail (Outlook) when I log into a VPN connection, and then it works fine.

This occured when I was docked in the docking station, after about 14 hours of using in the DS. Prior to the 14 hours of use in the DS, the unit was docked/undocked multiple times, including sleeping/waking multiple times.

I have tried putting in DNS1 as the gateway IP, like all the other machines have, but the laptop cannot browse or get e-mail access - no idea why.

I have tried disabling the LAN connection in Win7 and then restarting it, but this has no effect.

Any feedback is appreciated.

Edited to Add: No updates of LAN connection/drivers have been installed either.

Edited to Add 2: However, a complete OS/machine restart solves the problem and Win7 behaves normally.

Edited to Add 3: I did nothing to the computer and SUDDENLY the machine starts being able to browse and receive e-mails!! What could be going on??

Posting my ipconfig details:

Windows IP Configuration

Host Name . . . . . . . . . . . . : M750
Primary Dns Suffix . . . . . . . : xxxx.local
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxx.local

Ethernet adapter Local Area Connection 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Mobile Broadband adapter Mobile Broadband Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TOSHIBA F3507g Mobile Broadband Network A
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Fortinet virtual adapter
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connecti
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . :
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

Hello all. As part of our usual cycle of monthly updates, today Microsoft is releasing 14 security bulletins, addressing 34 vulnerabilities. Eight of those bulletins have a Critical severity rating, and we consider four of those to be high-priority deployments:

MS10-052 This bulletin resolves a privately reported vulnerability in Microsoft's MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
MS10-055 This bulletin resolves a privately reported vulnerability in Cinepak Codec, which is used by Windows Media Player to support the .avi audiovisual format. The vulnerability could allow remote code execution if a user opens a specially crafted media file, or receives specially crafted streaming content from a Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
MS10-056 This bulletin resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Windows Vista and Windows 7 are less exploitable due to additional heap mitigation mechanisms in those operating systems.
MS10-060 This bulletin resolves two privately reported vulnerabilities, both of which could allow remote code execution, in Microsoft .NET Framework and Microsoft Silverlight.Currently none of the vulnerabilities addressed has been observed under exploit in the wild. In the following video, Jerry Bryant and Adrian Stone talk about why these four are at the top of our priority list:

More listening and viewing options:

Windows Media Video (WMV)Windows Media Audio (WMA)iPod Video (MP4)MP3 AudioHigh Quality WMV (2.5 Mbps)Zune Video (WMV)The six other bulletins offered this month are rated Important. Two of the Important-level bulletins, MS10-047 and MS10-048, are Windows Kernel updates.

As always, Microsoft recommends that customers test and deploy all security updates as soon as they can.

For a closer look at some of the issues involved in these bulletins, our Security Research & Defense (SRD) team writes about MS10-048, MS10-049, and MS10-054 today on its blog.

We're also releasing Security Advisory 2264072 with this update. This advisory addresses the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege. In turn, the release of MS10-049 closes Security Advisory 977377, which described a spoofing vulnerability addressed in today's release. When early investigation revealed that this vulnerability is an industry-wide problem, Microsoft worked on a coordinated response with our partners in the Internet Consortium for Advancement of Security on the Internet (ICASI). A new standard was developed, RFC 5746, which allows developers of both client and server applications to address this vulnerability.

More information about the security updates can be found on the Microsoft Security Bulletin summary webpage. Our Exploitability Index provides additional information to help customers prioritize deployment of the monthly security bulletins.

On August 2, we released MS10-046 out of band in response to a new zero-day vulnerability being exploited by the Stuxnet family of malware. This month, we have added Stuxnet and several other malware to the Malicious Software Removal Tool (MSRT) in order to help clean up systems that may have been impacted. Here's the full list of new malware being added:

Win32/StuxnetWin32/CplLnkWorm:Win32/Vobfus.gen!AWorm:Win32/Vobfus.gen!BWorm:Win32/Vobfus.gen!CWorm:Win32/Vobfus!dllWorm:Win32/Sality.AUVirus:Win32/Sality.AUTrojanDropper:Win32/Sality.AUPlease join the monthly technical webcast to learn more about the August 2010 security bulletin release. The webcast is scheduled for Wednesday, August 11, 2010 at 11:00 a.m. PDT (UTC -7). Registration is available here.

Reminder: You can follow the team for late breaking news and updates on the threat landscape here: @MSFTSecResponse.


Angela Gunn
Security Response Communications Manager



I have a new laptop with Windows 7 installed, but I am not enjoying using it at all, as everything is huge! I don't just mean the text, the icons and all graphics are effected, and tweaking hasn't helped at all. (reducing the text size is easy)

I have to scroll so much to view a webpage; my e-mails are huge, and the AOL top taskbar is way to big (hogging lots of space)
I did manage to reduce the width of the bottom taskbar through Googling, but I can't find out how to fix the main problem.

So far, I have tried to fix the problem by:
Updating all related and unrelated software through Windows Update, and then I updated the drivers through Intel Graphics and Media Control Panel.Pressing 'Ctrl' and '+' or '-' to zoom pages (this doesn't reduce the graphics or icons though)Trying all tweaks on the screen resolution page, including changing the DPI (this just narrows the browser, making it disproportionate and leaving blank sides - the icons and graphics do not change size)Making sure that 'Use large icons' in IE is NOT checked. Under 'view' in IE, text size is set at 'medium' - If I set it to 'smaller' then the page looks ridiculous. Also, tried tweaking 'zoom / text size' in IE.I am pretty desperate to sort this out, as web browsing and reading my e-mails is just not a good experience.
Please can you help?

Many thanks in advance.

This freebie was originally posted about on November 5, 2009. However, the same freebie is being offered from various sources again this year so I wanted to remind everyone that EVEREST Ultimate Edition (v4.6) is still available for free. Instead of creating a whole new post, I have brought this old post to the front.
EVEREST Ultimate Edition is an excellent and very handy PC diagnostic/benchmark utility. Usually it would cost you $39.95 but today learn how you can grab v4.6 for free (the latest is v5.02).

Update: Just to clarify, v4.6 is two years old - it may not properly identify newer hardware/software.
These are the "key features" of EVEREST Ultimate Edition as per the developer:
Generic features:
· Low-level hardware information: 44 pages
· Software and operating system information: 44 pages
· Security related information: 6 pages
· DirectX information including Direct3D acceleration features
· Diagnostics module that simplifies troubleshooting
· Tweaking features
Benchmarking features:
· 10 benchmark modules to measure CPU, FPU and memory performance
· Benchmark reference results to compare measured performance to other systems
· Cache & Memory Benchmark Suite
· Hard disk, optical drive and flash drive benchmarking with RAID array support
Unique features:
· UpTime and DownTime statistics with critical errors counter
· Monitor Diagnostics to check the capabilities of CRT and LCD displays
· System Stability Test with thermal monitoring to stress CPU, FPU, memory and disks
· Hardware Monitoring to monitor system temperatures and voltages on the System Tray, OSD, Vista Sidebar or Logitech keyboard LCD
· Temperature, voltage and fan RPM data logging to HTML and CSV log files
· Smart Battery information
· Web links: IT portals, software and driver download
· Manufacturer links: product information, driver and BIOS download
· Hardware information database for over 52000 devices
· Overclock information
· Fully localized user interface: 35 languages
· No installation or setup procedure requiredThese are the things EVEREST Ultimate Edition can provide you information about as per the developer:
Hardware Information
Motherboard & CPU
Accurate low-level information about motherboard, CPU and BIOS, including chipset details, DMI enumeration, AGP configuration information, SPD memory modules list, DRAM timing information and CPU instruction set support.
Video adapter & monitor
Detailed information about the video adapter, video drivers and monitor, including DDC information, monitor serial number and supported video modes detection, low-level GPU details, OpenGL and Direct3D features list.
Storage devices
Information about all hard disk and optical disk drives, including IDE autodetection, S.M.A.R.T. disk health monitoring, ASPI SCSI devices list and partitions information.
Network adapters, multimedia, input devices
Exhaustive information about network adapters, sound cards, keyboard, mouse and game controllers, including NIC MAC address detection, IP and DNS list, network traffic monitoring, DirectSound, DirectMusic and DirectInput information.
Misc hardware
Information about PCI, PnP, PCMCIA and USB devices, communication ports, power management information, device resources list, printers information.
Software Information
Operating system
Detailed Windows information, including operating system installation date and product key, system services and system drivers list, process information, environment variables list, system folders list, system files and Event Logs content, AX and DLL files list, UpTime information.
Server and display
Information about network shares, users and groups list, logged on users list, account security settings, opened files list, fonts list and Windows desktop configuration details.
Large amount of information about networking status, remote access and mailing accounts, network resources and Internet settings. List of network routes, Internet Explorer cookies and history of visited web pages.
Installed software
Detailed information about installed programs, scheduled tasks and startup programs.
Windows Security
Operating system security information including DEP (Data Execution Prevention) status, list of installed security patches and system restore status.
Security applications
Firewall, anti-spyware and anti-trojan software list. Anti-virus software information including virus database details.
EVEREST CPUID panel to provide a compact overview on CPU, motherboard, RAM and chipset. Invaluable information on overclocked systems, dynamic refresh to support Enhanced Intel SpeedStep and AMD Cool'n'Quiet technologies.
Hardware monitoring
Sensor information including system, CPU and GPU temperature, fan status, CPU, GPU, AGP and DRAM voltage monitoring, S.M.A.R.T. disk health status. Support for Corsair Xpert memory modules.
Sensor icons
Sensor icons feature to display actual system temperature and voltage values on the System Tray.
CPU and FPU benchmarks
State of the art multi-threaded benchmark methods to measure performance of both old and brand new processors. References list to compare actual performance with other systems.
Memory benchmarking
Memory read and write speed, memory latency measurement to stress the memory and cache subsystem, including references list to compare actual performance with other systems.
Disk Benchmark module
Disk Benchmark module to measure performance of hard disk drives, optical disk drives (CD/DVD/Blu-Ray) and USB flash drives. Graphical overview of disk performance measured on different areas of the disk surface.
Tips & suggestions
Detection of possible hardware and software misconfiguration and compatibility issues.
Report Wizard
Easy-to-use method to produce report files of the system, by either using pre-configured report profiles or custom selection of information.
Report formats
Three different report file formats: plain text, customizable HTML and the unique MHTML format. MHTML reports including icons are ideal for printing purposes.
Report e-mailing and printing
Built-in e-mail transfer client using SMTP, also support for MAPI and Outlook protocols. Instant report display and one-click printing capabilities using IE4 technology.After reading all that if you still want EVEREST Ultimate Edition (v4.6), just following these simple directions:
***EVEREST Ultimate Edition v4.6 works on 32-bit and 64-bit Windows 95/98/ME/NT/2000/XP/Vista/2008/Win7
Note: Unless specifically stated otherwise in this article, EVEREST Ultimate Edition has not been tested or reviewed by dotTech (aside from ensuring that this giveaway is valid). All the information about the program in this post is based off the information provided on the developer's website. Please do not take this post as an endorsement/rejection or review of the program. This article is simply to inform about the availability of this program as a freebie; nothing more, nothing less.Visit Pro.de's promotion page and register:I don't know if Pro.de spams or not so feel free to make use of Mailinator or Trashmail. Please do not use 10MinuteMail because it takes a while to get your registration key.

After you hit "Senden" you should see a confirmation page:
After you see that confirmation page, go check your e-mail. You should have an e-mail from "Pro.de ;" with the subject of "Aktion com! Everest Ultimate Edition". In the e-mail there will be a link you must click on to confirm your registration:Click on the link and you should see a confirmation page again:Now you must wait for the registration key to arrive in your inbox. Officially you should get the key within the hour. It took me 45 minutes.While you wait, go download EVEREST Ultimate Edition v4.6.Keep checking your inbox for an e-mail from "Pro.de " with the subject of "Lizenschlüssel für Everest UE". The e-mail will contain your registration code:Copy the registration code once you get the e-mail.Install EVEREST Ultimate Edition v4.6 and run it. You should be prompted to enter a registration code. Paste in your code.

Enjoy your new and free EVEREST Ultimate Edition v4.6:

Source: http://dottech.org/freebies/9202

Hello all,
i am in desperate need of your help , Actually i was using XP with office 2003 and was using outlook express as my E-Mail. i use to create word file and there was icon that i use to just send E-Mail ( it went through outlook express). now i have windows 7 and it dosent have out look express i have to use office outlook. now when i create word file and send it it says there is an error. i just want my old world files to go into out box of Microsoft office outllook. please remember i use old files. the new file are going through but the old one dosent go. Please help.
Thank u in Advance

I recently transferred files from my old WinXP computer to a new Windows 7 machine using Windows Easy Transfer.
My Outlook personal folders transferred nicely from Outlook 2003 on the old machine to Outlook 2007on the new one, and were correctly setup.
However my address book appears to have transferred but did not setup in Outlook 2007.

How do I set up my Address Book in Outlook 2007 on my new machine?

(On the new machine, clicking on the Address Book button brings up an empty screen.
Trying to search for a name gives the error msg: "The search cannot be completed. You must have an address list to search in. If you don't have an address list, contact your Microsoft Exchange administrator".)

(I tried displaying Contacts in the Navigation pane. It shows a contacts folder which contains all of my contacts. To make it the address book, one should right click it, select Properties, and then select the tab "Outlook Address Book". There one can select "Show this folder as an e-mail Address Book". However in my case, that selection is greyed out and is inactive.)

- Neal

Ok I need a windows 7 factory setting recovery disk (which is what the OS was until I messed things up installing XP and now want back to 7) I have tried the F10 which people have told me to do but have got nowhere with it. So I need to get a factory recovery disk I have a legit code when I was given this machine so I had a legal copy of it when I got this system. Oh I am in the UK also.

Where do I go from here pls how do I get a factory recovery disk? who do I need to e mail to give my mail address etc to? thx.

Hi all -

I've searched around for this issue but haven't quite found one which is the same.

I'm running 64-Bit W7, and my computer seems to go to sleep/hibernate randomly, for no particular reason. Like, I could be in the middle of typing an e-mail (hence obviously the computer is detecting input), and it will just power off. As if this isn't annoying enough, when I try to wake the computer (by hitting the power button), the computer "wakes up" in that it powers on, but it never fully recovers - my monitor just says "no signal".

The only way to recover from this is to disconnect/reconnect from mains power, and then power on again. At this point, the computer boots fine (but says "Resuming Windows" rather than "Starting Windows").

I have a suspicion that it *might* be something to do with automatic updates which have a restart pending, though that's really just a theory.

Any advice? I've checked the power savings/sleep settings, and they seem fine - though as I said, since it can happen while I'm in the middle of using the computer, I don't think the problem lies there. Also, I'm running the latest drivers for everything I can find, so I don't think that's the issue.

Thanks in advance!


I paid Ă‚ÂŁ30 for the Windows 7 Professional Upgrade as I'm a student. Yesterday I bought a new 500GB HDD and some more RAM to use for Windows 7. I downloaded the files from the link provided in the e-mail I got, and extracted. I was then given a strange error message, which upon Googling turned out to be because I was running XP 32bit whilst trying to install a 64bit O/S. One of the workarounds was to burn the setup to a disc using OSCDIMG and Nero, and install from boot. All worked well, and I didn't enter my product key during the installation because it was in an e-mail and I forgot to write it down. Now it's all setup and working fine, and when I try and activate Windows 7 I get the error message "The software licensing service determined that this specified product key can only be used for upgrading, not for clean installations". !!!!!!

I would like to point out that if the setup had worked in the first place from within Windows XP, then I wouldn't be having this problem!

Anyone got any suggestions, other than re-install (I stupidly setup e-mails, photoshop and other software before activiation!)?



Microsoft on Thursday took the wraps off its forthcoming Office for Mac 2011 desktop suite. The software�not surprisingly, given the sudden ubiquity of sites like Facebook and Twitter�is big on collaboration and social networking tools. "Recently, you've asked for better ways to work with colleagues and friends anywhere, anytime, across platforms," said Microsoft. With that in mind, Mac Office 2011 features a number of new co-authoring tools that allow users in multiple locations to view and collaborate on the same file, whether it's in Word, PowerPoint, or Excel. A feature called Presence Everywhere aims to further enhance the collaborative experience by providing real-time status updates on who is working on a file. "Co-authoring improves the processes of working together, removing the pain and frustration of multiple versions, lost edits, or even trying to set a time for the group to meet," said Microsoft.

Mac Office 2011 also offers a direct connection to Microsoft Office Web Apps, the company's cloud-based version of the desktop suite. Users can store and access documents created on their desktop from any location with an Internet connection by uploading them to Web Apps. Web Apps will debut alongside Office 2010, the next Windows version of the product. Office 2010 is scheduled to ship in June. Mac Office 2011 will also feature a revamped interface. The company's frequent GUI redesigns are often a source of frustration for customers who've mastered previous versions, but the software maker insists the new changes are subtle and worthwhile. "We took your feedback and haven't completely rearranged what you know and love," Microsoft said, calling the new elements an "evolution" of the Office 2008 Elements Gallery that still retains the classic Mac menu and Standard Toolbar.

Also, 80% of Mac Office's most commonly used features will be present in the software's default view, according to the company. The new version of Mac Office also includes Outlook for the first time, as Microsoft has ditched its Entourage e-mail environment. The company on Thursday disclosed for the first time that Mac Outlook users will be able to import their .PST (Personal Storage Table) files directly from Windows versions of the program. Microsoft said Mac Office 2011 "will be available later this year," but did not provide a more specific release timetable.

Mac Office 2011 Unveiled -- InformationWeek

A recent look at computer security shows online identity theft scams becoming easy for nefarious individuals who prey on those who lack essential security updates. Anyone experienced in the business need only to look at the serious manner of many, many businesses still running Windows XP without any group policy, domain controller policies, or end-of-life cycle goals. Many of these companies are simply unaware of the fate that will befall their entire network. Others have no problem incurring massive invoices, bills, and charges as a potential tax write-off at the end of the year for providing maintenance for ancient computers.

In this video we took at the specific incidents that lead to identity theft. Particularly in the area of fraudulent telephony, scareware, inefficiently secured systems, and our goal, ultimately, is to educate the audience. This video lacks essential terminology, including a glossary of information as well as an overall view of the problem from a macro perspective.

But what it does offer is the user the ability to take a look at just a small sample of scams out there, and start thinking critically. Like it or not, most adults lack critical thinking skills: Either they forgot them after years of not using them, they lack the intellectual capacity for it, or they were simply never taught it. This video teaches you to view with suspicion and not to trust someone just because they seem to act as an authority figure.

There is much more to talk about regarding this subject, but here is a start. Enjoy the video and beware of these threats. They are very real. Anecdotal story-telling has been used to explain the danger, concrete isolation of cause and effect has taken place. The bottom line is that the theft of information, especially from people in North America and Western Europe is a dream for many cybercriminals in developing areas of the world.

As we begin to understand this, we can talk even more about cyber-security in our videos. I hope that this has genuinely been helpful to you and that you enjoy the presentation.

The goals set forth in this video demonstration and presentation:
Help end-users understand the seriousness of online identity theft and how prevalent it has become that even a computer voice or real person will actually call you.Help end-users find ways to mitigate these attacks, using many common sense tactics.Help end-users shed some light on this subject, enticing them to think critically about the issue and take a pro-active stance against cyber-crime, cyber-bullying, and information theft.Help the end-users develop an understanding that Windows7Forums.com is owned by an ethical professional and operated by highly accredited individuals as well. This means data security, concrete privacy policies, and no unauthorized information disclosures.We will start with the basics and look at ways to make future presentations about security vulnerabilities that can often plague very active members of the Internet community.Internet users who can honestly classify themselves as novices who find computers difficult to use could be the most at risk. In this case, it is very important to know what to do if you are plagued with these kinds of problems.Again, this video is the tip of the iceberg. But I personally hope it will help someone out there. And with time, we will continue to document ways to save information from data miners, aggregates, and the perpetrators of online fraud. This clearly goes above and beyond e-mails from Nigeria about a king's inheritance and bounty. We are now talking about real life consequences if one were to lose a SmartPhone connected to many different accounts, and so forth. This is why the necessity of such discussion will be extraordinarily important in the future if we are to take security risks seriously.

OK, I'm helping a distant family member with a Windows 7 security issue. (Using Teamviewer, which is GREAT.) I'm a Mac guy, so I'm really clueless about PC malware, though I'm reasonably impressed with Win 7 and can get around in it.

Their system has been working fine, but (and this is explained to me by someone with practically no computer experience) they got a phone call with a guy telling them that their computer wasn't working, but he could help fix it. They go to their machine, and sure enough there is a message on the screen saying that their browser and e-mail won't work! Huh? The person on the phone instructed them to go to a website, which I believe was for a security product they could buy and ...

At this point they called me, and I told them to hang up. Fast.

As it turned out, their IE was working fine. In fact, everything seems to be fine. I did a MS Safety Scanner run, and everything was OK.

So, um, what were they seeing? I presume they downloaded some malware that self-triggered, and sent a message to the scammers telling them it did. The scammer somehow got the phone number, and even the owners name. Is this a well known piece of malware? Can someone point me to a reference, and especially to removal instructions?

Thanks much.

to nginx! error on SOME webpages

Welcome to

Occassionally getting the above error to sites like Yahoo
Mail, Trendsource.com, a few other sites. Seems to be an intermittent problem.
Occurred shortly after downloaded some programs from cnet.com/download.com which
I later learned has some malware attached to those files. SHAME ON CNET.COM!
What should I do next?

I didnt notice anything bad other than 1 unnamed
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -
(no file)

My Hijack this log:

Logfile of Trend Micro HijackThis
Scan saved at 10:39:03 AM, on 5/1/2012
Platform: Unknown Windows
(WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
mode: Normal
Running processes:
C:Program Files
C:Program Files (x86)IntelIntel(R)
Rapid Storage TechnologyIAStorIcon.exe
C:Program Files
C:Program Files
C:Program Files (x86)AVG Secure
C:Program Files
Browsing Protectionadawarebp.exe
C:Program Files
C:Program Files
C:Program Files (x86)Internet
C:Program Files (x86)Trend
R1 - HKCUSoftwareMicrosoftInternet
ExplorerMain,Search Page = Bing
R0 -
HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = Yahoo!
R1 -
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yahoo.com
R1 -
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = Bing
R1 -
HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = Bing
R0 -
HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com
R0 -
HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 -
HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 -
HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 -
HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet
ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini:
O2 - BHO: &Yahoo! Toolbar Helper -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program Files
O2 - BHO: AcroIEHelperStub -
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common
O2 - BHO: RealPlayer
Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} -
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files
O2 - BHO: ZoneAlarm Security Engine Registrar -
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:Program
O2 - BHO: Windows Live ID Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common
FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files
(x86)AVG Secure Search10.2.0.3AVG Secure Search_toolbar.dll
O2 - BHO:
Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -
C:Program Files (x86)Javajre6binjp2ssv.dll
O3 - Toolbar: (no name) -
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security
Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG
Secure Search10.2.0.3AVG Secure Search_toolbar.dll
O3 - Toolbar: ZoneAlarm
Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:Program
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:Program Files (x86)Yahoo!CompanionInstallscpn0yt.dll
O4 -
HKLM..Run: [IAStorIcon] C:Program Files (x86)IntelIntel(R) Rapid Storage
O4 - HKLM..Run: [AVG_TRAY] "C:Program Files
O4 - HKLM..Run: [Adobe ARM] "C:Program
Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run:
[ZoneAlarm] "C:Program Files (x86)CheckPointZoneAlarmzatray.exe"
O4 -
HKLM..Run: [SunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava
O4 - HKLM..Run: [vProt] "C:Program Files (x86)AVG
Secure Searchvprot.exe"
O4 - HKLM..Run: [Ad-Aware Antivirus] "C:Program
Files (x86)Ad-Aware AntivirusAdAwareLauncher" --windows-run
O4 -
HKLM..Run: [Ad-Aware Browsing Protection] "C:ProgramDataAd-Aware Browsing
O4 - HKLM..Run: [TkBellExe] "C:Program Files
(x86)RealRealPlayerUpdaterealsched.exe" -osboot
O4 - HKLM..RunOnce:
[InnoSetupRegFile.0000000001] "C:windowsis-FE1O4.exe" /REG /REGSVRMODE
O4 -
HKLM..RunOnce: [Malwarebytes Anti-Malware] C:Program Files
(x86)Malwarebytes' Anti-Malwarembamgui.exe /install /silent
O4 -
HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe
O4 - HKCU..Run: [cdloader]
"C:Usersuser2AppDataRoamingmjusbspcdloader2.exe" MAGICJACK
O4 -
HKCU..Run: [Messenger (Yahoo!)]
"C:PROGRA~2Yahoo!MESSEN~1YahooMessenger.exe" -quiet
O4 -
HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/autoRun (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..RunOnce: [mctadmin]
C:WindowsSystem32mctadmin.exe (User 'LOCAL SERVICE')
O4 -
HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe
/autoRun (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [mctadmin]
C:WindowsSystem32mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup:
OpenOffice.org 3.3.lnk = C:Program Files (x86)OpenOffice.org
O8 - Extra context menu item: E&xport to
Microsoft Excel - res://C:PROGRA~2MIF5BA~1Office12EXCEL.EXE/3000
O8 -
Extra context menu item: Google Sidewiki... - res://C:Program Files
- Extra context menu item: Search Image on TinEye - file://C:Usersuser2DocumentsTinEye 1.0TinEye.js
O9 -
Extra button: @C:Program Files (x86)Windows
LiveWriterWindowsLiveWriterShortcuts.dll,-1004 -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows
O9 - Extra 'Tools' menuitem:
@C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003
- {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
O9 - Extra 'Tools' menuitem:
S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
O10 - Unknown file in Winsock LSP:
c:program files (x86)common filesmicrosoft sharedwindows
O10 - Unknown file in Winsock LSP: c:program files
(x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O11 - Options
group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .fpx:
C:Program Files (x86)Internet ExplorerPLUGINSNPRVRT34.dll
O12 - Plugin
for .ivr: C:Program Files (x86)Internet ExplorerPLUGINSNPRVRT34.dll
O13 -
Gopher Prefix:
O15 - Trusted Zone: my.magicjack.com
O15 - Trusted Zone:
O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/gho...l/ghostery.cab
O16 -
DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.iseemedia.com/downloads/a.../LPControl.cab
O16 -
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-31-0.cab
O16 -
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 -
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://alliantevents.webex.com/clie...r/ieatgpc1.cab
O16 -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
- Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program
Files (x86)AVGAVG2012avgpp.dll
O18 - Protocol: skype4com -
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
O18 - Protocol: viprotocol -
{B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program Files (x86)Common FilesAVG
Secure SearchViProtocolInstaller10.2.0ViProtocol.dll
O18 - Protocol: wlpg
- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows
LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O23 - Service: Adobe
Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated -
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
O23 - Service:
Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems
Incorporated -
O23 -
Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner -
C:windowsSystem32alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG
Technologies CZ, s.r.o. - C:Program Files
O23 - Service: AVG WatchDog (avgwd) - AVG
Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012avgwdsvc.exe
- Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION -
C:Program Files (x86)TOSHIBAConfigFreeCFIWmxSvcs64.exe
O23 - Service:
ConfigFree Service - TOSHIBA CORPORATION - C:Program Files
O23 - Service:
@%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner -
C:windowsSystem32lsass.exe (file missing)
O23 - Service: Intel(R) Rapid
Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:Program Files
(x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
O23 -
Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies -
C:Program FilesCheckPointZAForceFieldIswSvc.exe
O23 - Service:
@keyiso.dll,-100 (KeyIso) - Unknown owner - C:windowssystem32lsass.exe (file
O23 - Service: Intel(R) Management and Security Application Local
Management Service (LMS) - Intel Corporation - C:Program Files
(x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
O23 - Service:
@comres.dll,-2797 (MSDTC) - Unknown owner - C:windowsSystem32msdtc.exe (file
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) -
Unknown owner - C:windowssystem32lsass.exe (file missing)
O23 - Service:
@%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner -
C:windowssystem32lsass.exe (file missing)
O23 - Service:
@%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner -
C:windowssystem32locator.exe (file missing)
O23 - Service:
@%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner -
C:windowssystem32lsass.exe (file missing)
O23 - Service: Sunbelt VIPRE
Antivirus Service (SBAMSvc) - Sunbelt Software - C:Program Files (x86)Ad-Aware
O23 - Service:
@%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner -
C:windowsSystem32snmptrap.exe (file missing)
O23 - Service:
@%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner -
C:windowsSystem32spoolsv.exe (file missing)
O23 - Service:
@%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner -
C:windowssystem32sppsvc.exe (file missing)
O23 - Service: TOSHIBA HDD
Protection (Thpsrv) - Unknown owner - C:windowssystem32ThpSrv.exe (file
O23 - Service: TMachInfo - TOSHIBA Corporation - C:Program Files
(x86)TOSHIBATOSHIBA Service StationTMachInfo.exe
O23 - Service: TOSHIBA
Optical Disc Drive Service (TODDSrv) - Unknown owner -
C:Windowssystem32TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power
Saver (TosCoSrv) - TOSHIBA Corporation - C:Program FilesTOSHIBAPower
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA
Corporation - C:Program FilesTOSHIBATECOTecoService.exe
O23 - Service:
TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:Program
O23 - Service: TPCH
Service (TPCHSrv) - TOSHIBA Corporation - C:Program
O23 - Service:
@%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner -
C:windowssystem32UI0Detect.exe (file missing)
O23 - Service: Intel(R)
Management & Security Application User Notification Service (UNS) - Intel
Corporation - C:Program Files (x86)IntelIntel(R) Management Engine
O23 - Service:
@%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner -
C:windowssystem32lsass.exe (file missing)
O23 - Service:
@%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner -
C:windowsSystem32vds.exe (file missing)
O23 - Service: TrueVector Internet
Monitor (vsmon) - Check Point Software Technologies LTD - C:Program Files
O23 - Service:
@%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner -
C:windowssystem32vssvc.exe (file missing)
O23 - Service:
@%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner -
C:windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service:
@%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner -
C:windowssystem32wbengine.exe (file missing)
O23 - Service:
@%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner -
C:windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service:
@%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown
owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file
End of file - 15087 bytes

New malware overwrites software updaters

For the first time security researchers have spotted a type of malicious software that overwrites update functions for other applications, which could pose additional long-term risks for users.
The malware, which infects Windows computers, masks itself as an updater for Adobe Systems' products and other software such as Java, wrote Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, on its blog.
BKIS showed screen shots of a variant of the malware that imitates Adobe Reader Version 9 and overwrites the AdobeUpdater.exe, which regularly checks in with Adobe to see if a new version of the software is available.
Users can inadvertently install malware on computers if they open malicious e-mail attachments or visit Web sites that target specific software vulnerabilities. Adobe's products are one of the most targeted by hackers due to their wide installation base.
After this particular kind of malware gets onto a machine, it opens a DHCP (Dynamic Host Configuration Protocol) client, a DNS client, a network share and a port in order to received commands, BKIS said.
Malware that poses as an updater or installer for applications such as Adobe's Acrobat or Flash are nothing new, said Rik Ferguson, senior security adviser for Trend Micro.
Decent security software should detect the malware, but those people who do become infected could be worse off even if the malware is removed, Ferguson said.
"They will lose the auto-updating functionality of whatever software is affected even after the malware is cleaned up," Ferguson said. "That could of course leave them open to exploitation further down the line if critical vulnerabilities don't get patched as a result."
That means that users would need to manually download the software again, which they may be unlikely to do if they don't know the effect of the malware.

Page 22 of 39.
Results 421...440 of 764