0

Hello,

"Which user account do you want to use to run this program?"

I'm getting this pop-up whenever I try to use anything on my computer now.
I've scanned for virues/trojans/etc and nothing. Did some research on this
and none of the "helps" helped or I couldn't follow what they were saying to
do.

One guy said his started doing this after running Norton Cleansweep. I do
use that but I think in my case it happened after using Zero Trace. But
speaking of Norton ....I have the System Works and most of the things are
there do not work now either. I can't scan for viruses..can't do a one button
checkup....etc. And I just deleted and reinstalled/updated the thing.

Another "symptom" is one of the icons in my taskbar- bottom right- won't
work when clicking on it. This is the Incredimail icon. The others seem to
work fine. And Incredimail works fine if I use the shortcut on the desktop.

Any help would be greatly appreciated. Thanks.

I use Windows XP btw...

11
Contributors
29
Replies
35
Views
13 Years
Discussion Span
Last Post by gerbil
0

I don't know if this will cure the problem, but it might:

Click on the "Run..." option under your Start menu; in the resulting dialog box, type:

services.msc

- Right-click on the Secondary Logon service and choose Properties.

- In the General tab of the Properties window, click the Stop button to shut
down the service.

- In the Startup Type drop-down menu, choose "Disabled".

- Click OK and close the Services window.

0

Thanks for the response. I tried it and it didn't help. Any other suggestions? Over in another forum someone suggested running Hijack This and posting the results. I'll post them here as well in case it'll help.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1081471563250
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/lvjo/ScanFile.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/29bdd11779e4a8434a00/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4021/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38080.8373263889
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab

0

Please read the announcement concerning HijackThis logs at the top this forum's main page. HJT logs are only to be posted in our Security forum, as that is where we concentrate on Spyware, virus, etc. issues.

If you do decide to post your log there, please post the entire log; yours is missing some crucial header information. To get the full contents of the log, choose the "Save log" option after you scan and save it someplace convenient. That will create a text file called hijackthis.log which you can open in Windows Notepad; cut and paste the entire contents of that file into your post.

0

I had the same problem a while ago, figured a reformat was easiest, so I did and pursued it no more. Looks to me like spyware has got you, and changed some permissions.

In folder options, open up the 'View' tab and uncheck Simple File Sharing.
Now, when right clicking a file there will be an extra tab (Security), to see who the owner is and what rights they have.

0

try going back to services.msc and disabling the messenger service if it is not disabled..

It is disabled :(

0

HKLM\..\Run: [nwiz] nwiz.exe /install
looks kind of guilty...
You definately have some kind of spyware, a great way to make your computer boot faster, and keep crap like that from starting (and other crud) is something like Iolo's System Mechanic, it has a startup editor - it shouldn't be running till your using it ;) Won't truely cure your spyware, but it should keep you easily aware of what is starting up in the background, or not, on your comp boot.

0

HKLM\..\Run: [nwiz] nwiz.exe /install
looks kind of guilty...

nwiz is OK; it's part of NVidia's video package. It's an optional component (used for configuring multiple displays), but it's totally benign.

0

I'm moving this topic to the Security section, because it belongs there anyway.

I'd suggest using Stinger, Trojan Remover, adAware and Spybot, all run from 'Safe Mode'.

Uninstall all the System Utilities programs you have, as it seems like you have multiple products in use. One good quality suite of system utility products is better then multiple products, especially if some you are using are old versions.

Then run Hijackthis and post your entire log as requested.

Finally, if there are any remaining services misconfigured, you can work through the list at:

http://www.blackviper.com/WinXP/servicecfg.htm

and manually reset them all to what they should be.

You HAVE got Windows updates all installed, haven't you?

0

I've used various spyware and trojan scanners/removers.

Someone was trying to help me in another forum and one of the things I was supposed to do was get in Safe Mode. I can't do that, either.......

I'm not sure what other System Utilities I have that should be removed. Heck, I'll remove anything that isn't required for my computer to run and for me to surf the web.

0

But it's not a pop-up like those you get while surfing. It comes up when trying to open a browser window....an IM.....even Zone Alarm doesn't load up w/out me unchecking the one box from the pop-up that says "Protect my computer and data from unauthorized program activity".

I can't be the only one who's had this problem.....argh

0

That's spyware by the sound of it. An instance which has loaded a trojan onto your system which causes advertising pop-ups to display under certain circumstances.

It'd help if you described the pop-up a bit more fully. You've mentioned nothing about the form and content of the pop-up.

Please describe it for us.

0

It'd help if you described the pop-up a bit more fully. You've mentioned nothing about the form and content of the pop-up.

Please describe it for us.

Agreed. Posting an image of the window (if possible) would be best.

0

It is not an advertisement. It's a WINDOWS type pop-up. It comes up when Zone Alarm first starts to load up. It comes up when loading up Yahoo's instant messenger. It comes up when clicking on the blue "E" to get a IE window to load up so I can go online.(Once such a window is open..I can right click and open a new window no problem..any new windows I want open by clicking on the "E" again brings up the pop-up I'm trying to get rid of.

I'm at a friends using a computer so tonight I'll come back and post a picture of the window. I'm assuming I just right click on it and "save as" or "select all" and copy- then paste here?

Thanks

0

Ok....I'm not able to copy/paste it or provide a picture so will describe it best I can- with the text that's in it.

It's a square box...with a blue line on the outside- the top being about half an inch thick. A typical Windows XP box is how I'd descibe it. In that top blue bar it says "Run As". There's a red box with a white "X" in it in the upper right hand corner.

Then there's a "picture"- an icon or whatever- in the upper left of the box- of 3 keys. 2 grey and one yellow. To the right of that it says "Which user account do you want to use to run this program?"

Below the above is a little circle that has been "checked" with a green dot in the middle. To the right of it it says "Current user(MRRULZ/Dutchunter)

Below that is a box that has been checked with a green checkmark. Next to it it says "Protect my computer and data from unauthorized program activity"

Right below that it says "This option can prevent computer viruses from harming your computer or personal data, but selecting it might cause the program to function improperly.

(If I do leave it checked- and click "ok"...most of the time whatever I'm trying to load up will indeed not work. Uncheck the box and there's no problem)

Below that is another little circle that isn't checked. It says "The following user". If the circle is checked then you can put in your user name and password. Also, when it's checked, the ones I mentioned above automatically get unchecked.

There is an "Ok" and a "Cancel" tab at the bottom.

I put my user name and password in but always get another box popping up that says "C:\Program Files\Internet Explorer\iexplorer.exe" - on the top(in the blue bar). It says the same thing below it in the grey area. Below that it says "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."
There's a big red circle on the left with a white "X" in it.
An "Ok" tab to click.

I click "Ok".....another box pops up. This one says "Internet Explorer" at the top. In the box it says "The item you selected is unavailable. It might have been moved, renamed, or removed. Do you want to remove it from the list?"

I can choose "Yes" or "No" I always choose No and that closes the box and that's it.

Sorry I didn't post all of this before. I hope it helps.

Thanks

0

That description certainly sounds like a rather nasty trojan or spyware intrusion. I'd suggest you download the latest versions of the tools recommended earlier in this topic and in the "Helping Yourself....." topic you'll find near the top of page in this Forum section.

Install, update and use them. Then rebbot into 'Safe Mode' and use them again. You access 'Safe Mode' by pressing the <F8> key during boot-up, just before the Windows Logo screen displays, and then selecting 'Safe Mode' from the menu presented.

Reboot again, and if the problem hasn't disappeared, run HijackThis and post your full log in here as suggested earlier.

0

Sorry for the short reply, but I only have a moment to post right now.

- The first box you've described is the standard Windows "Run As" dialog box; more info on it can be found here:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q294676&

I'm not sure why you're getting it just by clicking on icons normally, but you might try disabling the Run As/Secondary Logon service and see if it goes away.

- Not sure about the second dialog window- see if that also goes away when you disable the Run As service.

0

Sorry for the short reply, but I only have a moment to post right now.

- The first box you've described is the standard Windows "Run As" dialog box; more info on it can be found here:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q294676&

I'm not sure why you're getting it just by clicking on icons normally, but you might try disabling the Run As/Secondary Logon service and see if it goes away.

- Not sure about the second dialog window- see if that also goes away when you disable the Run As service.

I'm not sure how to go about disabling it.....

Sorry for the late reply btw.

Catweazle.... in the meantime I'll do as you suggest. I've tried many trojan, virus, & spyware scanners over the past few weeks though.

0

Ok..I read thru the info on the page you provided a link to...and was able to figure out how to get to the disable "run as" part. But it's already disabled.....The options are "disabled".."manual"..and "automatic".

"Path to executable" says: C:\WINDOWS\System32\svchost.exe -k netsvcs

Under the "log on" tab "Log on as" has "Local system account" checked. The box below that is also checked- "Allow service to interact with desktop"

Under "Recover"...they all say "take no action".

Don't know if any of that matters..thought I'd post it just in case.

Thanks.

0

If you are comfortable with going into the registry
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserLiist
Enter a new DWord with the name of your administrator and give it a value of 1. This will test the theory of it needing user permission, as the admin is God.
Also, right clicking 'My Computer' and choosing 'Manage' then 'Services' will let you disable services and not get the pop up at every boot.
If you wanna go to town disabling things www.blackviper.com has the tutorial every other site hopes to become as good as.
At a glance, if your HijackThis log is the same, the problem is that Minisearch or whatever it was called.
Look into getting rid of that

0

Not sure how to get into the registry...
Did do the other things you mentioned though. Minisearch was already gone.

I'd still like to know if anybody thinks reinstalling Windows XP would help...

Thanks.

0

Catweazle...I must have missed your post earlier. I've done numerour adaware and trojan finder scans. The last time someone suggested I boot up on safe mode- I was unable to even do that. But will try again.

0

FINALLY!! Somebody in another forum found the answer for me.

http://www.dougknox.com/xp/scripts_desc/xp_runasshort.htm

And it's fixed everything, so far, that I've described.

Does anyone know why that file would have disappeared?

Thanks for all the help guys..I appreciated it.

I've been having the same problem with my computer... Some icons work fine from my desktop and my system tray - others do not. I get this pop up when I click on certain ones (like Stamps.com)

RunDll32.exe shell32.dll,Control_RunDLL hotplug.dll

(I tried to post the picture of the popup above, but all it pasted was the link..??.. Anyway, I have been online doing research regarding how to fix this and the only one I've found, was the same fix that seemed to work for this other person but, doesn't work for me. HELP! It's driving me NUTS!

0

I've been having the same problem with my computer... Some icons work fine from my desktop and my system tray - others do not

kristie626, you need to create your own thread, giving it a definitive title so others will know what you are dealing with, stating all your problems, giving full info about the computer and when the problems began.
This thread is over 5 years old and belongs to another which makes the likelihood of you getting help in it are very slim. Plus just because you are experiencing similar problems does not necessarily mean that the cause is the same. Begin your own thread and somebody will be happy to help you.

0

i have windows 7 and do not want to run java programs but it keeps disabeling computer so i cant use it explorer sent the pop up saying it is outside my security can you get rid of it for me?

0

Is this the type of Java popup to which you refer?
6d9e50bca0ccf0056b834e3087b475f9
"i have windows 7 and do not want to run java programs" . Perhaps, but the fact that you are seeing that popup means that you are running Java [it is installed on your machine], and that you need to have it run. It is actually programs that run it, whether they are installed or running it from a website.
Yes, that popup can be annoying if something you wish to run contains a host of unsigned applets. Open the Java control panel [click Java in your Windows Control Panel] and in the panel that pops go to security tab and set the slider to High, if it is already at Very High. I don't recommend Medium - some devastating software from rogue websites could cripple your machine. And if it was already set at High then you are trying to run some "cheap" software, the writers of which are not too concerned about trust. It may be fine, but a pest to use. If you do trust it absolutely, then check the Do not Show box.
Leave settings in Advanced tab relating to security where they are.
"but it keeps disabeling computer so i cant use it". What did you mean by that statement?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.