you could write a program to do it, its all fully documented on the MSDN.
Is the command line utility "net" in XP Home? ie can you go "net user Administrator"?
Printable View
you could write a program to do it, its all fully documented on the MSDN.
Is the command line utility "net" in XP Home? ie can you go "net user Administrator"?
Hi Guys thank you all for your help!:) Ironically after my last post i think i was Hacked or even caught the exploit virus as all my Norton settings changed and could not be reset back to Auto protect:eek: So i had to do a clean instalation of windows but to make things worse all my backed up (Nero Backitup) files/progs were lost as they was on another drive which somehow got corrupted! I now find myself back to square 1 where i have to set all my OS settings so everything is secure and leaner which is a pain as i cannot remember them all! :angst: I decided to change my AV prog to ez (e-trust) as it was on a free 1yrs trial and i read good reviews:) I also purchased Spysweeper and got webroots Desktop Firewall included (saving of £29) On first impressions the FW seems very basic but as i have the Routers Hardware FW it dont matter too much as i will only really use it as a secondary guard and for screening (Log views)
Now the ez Antivirus seems a lot less Buggy compaired to Norton and it is very easy (as name suggests).....But Spybot is reporting some Dodgy Winsock reports (below) which is not mentioned anywhere so i am thinking (hoping) that they are 'FALSE POSITIVES':(
If somebody could please advise me on resetting my OS to a safer enviorment i;d really appreciate it:bowdown:
Spybots winsock LSP report:
Protocol 0: CA ISafe LSP over [MSAFD Tcpip [TCP/IP]]
GUID: {54F154E0-EC93-461A-A835-F145A03ADA08}
Filename: C:\WINDOWS\system32\VetRedir.dll
Protocol 1: CA ISafe LSP over [MSAFD Tcpip [UDP/IP]]
GUID: {54F154E0-EC93-461A-A835-F145A03ADA08}
Filename: C:\WINDOWS\system32\VetRedir.dll
Protocol 2: CA ISafe LSP over [MSAFD Tcpip [RAW/IP]]
GUID: {54F154E0-EC93-461A-A835-F145A03ADA08}
Filename: C:\WINDOWS\system32\VetRedir.dll
[/COLOR]
MY NEW PROGS:
ez AV
Webroot desktop Firewall
Spysweeper (w/out Teatimer)
Adaware se
Spybot "of course"
ewido Free
CWShredder
Spyblaster
CCleaner
According to these guys this DLL file (from Computer Associates) is deemed safe, at least the versions they have matched in %systemroot%\system32 - there is a variant of "NewDotNet" spyware which leaves a file of this name in %systemroot% which is probably why Spybot choked on it.Quote:
Originally Posted by wannabgeek
As for other precautions, firstly always, always make sure you have XP SP2 applied, run Windows Update and turn on Automatic Updates.
Rootkit Revealer is another handy tool to run periodically or if you suspect you might have something AV is not picking up.
Cheers again PA:) I am glad thats sorted,strange one though as i could not find anything related to it,maybe only a few people with the program:) You maybe can help me with this problem too. I am also getting strange start up entries also in spybot but no other of my installed progs seem to pick up,i have included a list below. Is this anything to do with me just doing a clean instalment of windows which is not yet registered?
Spybots startup progs
Located: HK_LM:Run, CaAvTray
command: "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
file: C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
size: 230952
MD5: 69088574a59c6ca8993a265e15f43e4f
Located: HK_LM:Run, CAVRID
command: "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
file: C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
size: 185896
MD5: dd147a109affc43803c34571421b2459
Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, SpySweeper
command: "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
file: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
size: 3404800
MD5: 3f719b336619c71ef10594ce170539bf
Located: HK_LM:Run, WebrootDesktopFirewall
command: C:\Program Files\Webroot\Desktop Firewall\webrootdesktopfirewall.exe -t
file:
Located: HK_LM:Run, CTHelper (DISABLED)
command: CTHELPER.EXE
file: C:\WINDOWS\CTHELPER.EXE
size: 16384
MD5: 06e7492de1605452ee44a93b1f25d00e
Located: HK_LM:Run, NvMediaCenter (DISABLED)
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, nwiz (DISABLED)
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: 60d44ef1cb5f41160e9d0a7e637cc8aa
Located: HK_CU:Run, NBJ (DISABLED)
command: "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
file: C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
size: 1961984
MD5: ddf14e7569979325c208bd8cb20c2dbb
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll
The best anti spyware i have used is the MS Anti Spyware BETA1, it really is better than Spybot.
Yes i did have that but uninstaled as i purchased spysweeper (too many startup guards)
Spybot is just listing ALL startup programs it seems, not ones it thinks are "suspect".Quote:
Originally Posted by wannabgeek
A better, dedicated tool for finding out everything that starts up when you start the PC and logon is AutoRuns.
You can probably guess, but the command lines reported by Spybot are your AV, firewall, nVidia graphics, Creative Labs audio and Nero Burning ROM system tray tools and Explorer extensions.
None look anything to be concerned about.
Not quite sure why it's digging into system.ini and listing some standard Windows DLLs.
I stopped using Spybot some time ago when it seemed to spend most of its time focusing on tracking cookies (no threat at all), and recently I tested it on a deliberately infected sandbox machine - there were 5 spyware products it missed, using the latest definitions.
Re sys.ini: I wonder if it might be because of this! When i reinstalled i split my hard drive into 2 NFTS partitions c:30gb & D:160gb but in 'computer managment' the C partition is at the end of the drive and not at the start! Could that be doing something:confused:
Re Spybot: What other progs do you use ?Along with spybot what else should i get rid of? Or what else would you recommend?:confused:
M y Progs:
ez AV
Webroot desktop Firewall
Spysweeper (w/out Teatimer)
Adaware se
Spybot "of course"
ewido Free
CWShredder
Spyblaster
CCleaner
If you are referring to Disk Management under Computer Management, the drives are listed in alphabetical order by name, not drive letter.Quote:
Originally Posted by wannabgeek
e.g. if you label your C: drive "system" and D: drive "data", then D: will be listed first
To be honest, if it makes you feel comfortable and doesn't cause problems, go with what you are happy with.Quote:
Originally Posted by wannabgeek
Personally I just log on as a non-Administrator user, use Avast AV and Windows Defender (MS AntiSpyware) - occasionally running an online scan, Rootkit Revealer and AutoRuns.
False positives can generate as much fear as genuine threats, and to consider "tracking cookies" a security threat is rather silly IMO - so many of these tools report "things that might be worth looking at", but require a bit of know-how to figure out if they are really dangerous.
Cheers for the info paul!
Re partitions:When i reinstalled i put windows on a 200gb hard drive that used to be just for storage and i split this into 2 partitions. But now in Comp managment there is a Light & Dark blue diagram, which now shows my boot drive (C) in the last section, and the 1st section (D) "where my old files are" is in front of it! I always thought that the Boot drive needed to be at the front!
SORY IF I AM CONFUSING YOU PAUL!
So long as the system boots there is no problem ;)
In Disk Management your bootable partition should have "(System)" marked on it.
No great shakes - your first partition contains your data but the second one is the active/system one, Windows can cope with that and it sure wouldn't create any issues for apps, they are blind to this kind of thing generally.
Hi Paul
My C drive(OS) just has (boot)! Then theres my other HD (G) which is the (system) but i dont have anything on that yet! Then i have (D) which has my Documents!
You see i purchased another HD and when i reinstalled i put windows on the newer drive!
I have 'partition magic' will it be possible to get it back in order without having to reinstal again?:confused: Thanks for your kind help Paul:)
"If it ain't broke, don't fix it".
My advice, if it is working then leave it well enough alone.
When you come to reinstall or upgrade the system, then I would recommend doing a data cleanup, backup and sort out the disk partitions.
You will gain nothing by messing about with it now, except possibly end up in a non-working situation.
I sounds like the drive with G: is your active partition containing your boot sector, with the NTLDR on the C: drive.
I assume that the G: drive is detected as the primary/master/boot device by the BIOS, and Windows installation has put the OS onto the C: partition on a secondary drive.
The bootstrap on "G:" contains a reference to the NT loader on a different partition, which is how the computer knows where to continue booting from.
I have had nothing but bad times with Partition Magic in the past.
Cheers paul!
You are right! I used to have the OS on the old drive but when i reformated i put windows on the newer drive.i now realise that windows should be on the primary HD (1st boot)! I am gonna upgrade my PC soon to a pci-e mobo and will then move it! Cheers for your help!