Posts by gerbil

Nothing is obvious to me. Maybe someone else could have a look? BUT....
Make a new folder in C: alongside your Program Files folder. Either download and save HijackThis to this new folder, move it there, or extract it to it if you have the zip file version.
Run a scan and set the following to be fixed:
-O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
...[it's a timewaster..]
-this next one locks you into the orange website as a home page. If u fix this item then you will have a choice of homepages.
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk

Post a new log here. Be sure to close all applications and windows when you run HT.

Go into control panel and remove WinTools and Viewpoint programs.
Close all windows and apps; start HijackThis, close its folder and then run HijackThis scan and check the following for removal:-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {3DA83378-B24A-5594-D225-65557BDC271E} - (no file)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {BB5E51CD-CB95-B2EF-FC21-AF184873AFA3} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O8 - Extra context menu item: &Viewpoint Search …

from what you posted, i would be fairly sure that it is a codec problem. luckily, you will have a suite of em on board to pick and choose from, plus you can troubleshoot them, and if needs must, download new ones from the maker of your audio chipset eg realtek.... , or from microsoft [mediaplayer comes with a set of codecs], or from .... The place to get the basics on this is this website:
http://www.updatexp.com/windows-xp-codecs.html
The codec with priority 1 is the one you are probably having trouble with...try another. anyway, that website, 2/3 down is a link to a free [and it is] codec utility, Sherlock. Try it. Make sure to select audio codec output in the listing!
Oh, and cos this stuff is free, it doesn't hurt to click on a couple of his ads. he gets paid that way.. :)

btw, the scripting referred to is the cgi stuff at the end of the address - it is a command line for the server. here it begins with goto?app=mail.... your browser controls have to be set so that you can send these scripts. Enable the 3 scripting controls in that window i mentioned above.

just for a start, in an internet explorer window, go Tools > Internet options > Security > custom levels button , scroll down to Active Scripting 9near the bottom] and press Enable.
Gee, don't do a re-format for this problem... Do you have Norton AV? If so, Enable scripting under Options...

i hope this is not a wind-up..!! Reboot, and while your PC starts up, watch at the bottom of the black screen for the key[combination] to press to enter Setup. Hit it! Fast! [it's probably Delete...]. Okay, you now have access to BIOS settings - what you want will be in the top or first group. Follow the instructions, go in there and set the current time/date. Don't change anything else UNLESS YOU KNOW WHAT YOU ARE DOING.
Exit with Save. You're in.

I notice that the log has changed, for example O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime has disappeared. That's good.

Okay, this is the list to put checks beside to fix when you scan again with HijackThis.
Before you run the scan though please check to see if the file C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll is present. Either look in the folder,
or run Spyware Doctor.... if it complains, or the file is missing then include the ** O9 entry below in the list of things to fix.
So, same procedure as before....

Disconnect from the net, close all open windows, shut all applications, .

Now rclick your recycle bin and run CCleaner. [or go to its folder and dclick ccleaner.exe] You will lose a lot of handy stuff like histories etc... [you could uncheck the things you really do not wish to lose] but there is a job to do...

Open a Windows explorer, go to tools tab > folder options > view. Set to show hidden files and folders, and untick hide protected operating system files and folders, Apply and OK. Close the window.

Start Ewido, do the full system scan. DO NOT USE the computer while Ewido is scanning. Click "Apply all actions" to place any infected files into Quarantine, and only then click on "Save Report" to view all completed scans; click on the scan you just performed and select "Save report."

And now open the folder with …

I'd be glad to help, there are a few things to clean up, but first would you do this to help me? Get these free things:-
- download CCleaner from http://www.majorgeeks.com/download4191.html and put it in a new folder.
- get Ewido 4.0 [free], install it alongside your other regular applications in Program Files, because you should keep it for scanning once a week or so - put an icon on your desktop.
- go to AVG site and download AVG Free, install it, update and run it to see what it finds. Then it's up to you whether you keep it....
==== Get ewido and AVG free both via this link.. http://free.grisoft.com/doc/2/lng/us/tpl/v5 ====

Ewido:- start it; the main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Click on update tab and then Update Now. When it finishes click on scanner tab and then Settings:- How to act- click on recommended action and set Quarantine. For reports, set to generate after every scan and untick only if threats found. Finally down on the tray right click the Ewido icon and untick Start with windows, an then Exit it. Don't scan yet

Now disconnect from the net, close all open windows, shut all applications, .

Now rclick your recycle bin and run CCleaner. [or go to its folder and dclick ccleaner.exe] You will lose a lot of handy stuff like histories etc... [you could uncheck …

-these things never fail to amaze me. thank you for that reply. I am not sure how it ties in, but i suppose it came down to page presentation.... although why it would not exhibit the same symptom with a game or similar high vid usage process is beyond me. Cheers.

The silver bullet: download vundofix from this site:-
http://www.atribune.org/content/view/24/2/
This [an 85 kB file] is the latest version. Place it in a C: folder. Make these preparations [which may not strictly be necessary as before, but stopping vundo from copying/blocking is wise.]
-disconnect from the net.
-untick "hide protected operating system files"
-run CCleaner
-reboot to safe mode and run vundofix. If it recognises virus files then remove them.

Reboot to normal mode and run HijacktThis from there. If you are clear then turn off System Restore to delete old restore points, and then turn it right back on. Make a restore point.

If this fails to recognise your trojan because it is too recent a variant then there is an older version of the same
name, written by same group, which you can get from here [because it has the same name it will overwrite the
first pgm if saved to the same folder]:-

http://www.atribune.org/downloads/VundoFix.exe

This second one requires you to enter the pathname of the dll. In your case it would be
C:\WINDOWS\system32\msac850.dll
and at the second prompt
C:\WINDOWS\system32\058casm.*
Note that i have not trialled this older version, simply because i do not have the virus files to enter.

See how you go

- I think that you can safely ignore the WEBCAL report. It is tied to Dell computers somehow...[did they sell you

the pc with the OS pre-installed?], or to one of the services you have running, perhaps an autostart one, in the

background. The mismatch seems to just mean it did something while RKR ran, or an error. You can see that it is

linked to AmericaOnline; are you using an AOL service - a downloader for example -, or did you uninstall AOL

once by any chance? Anyway, the problem seems related to "ownership" of the file. So, while in safe mode go to

HKLM\SOFTWARE\Classes\webcal. Rclick webcal, open Permissions..allow the Administrator full control,

export the key to somewhere easy to find.. eg My Notes, then delete it from the Registry, and import it straight

back into the Registry by dclicking the .reg file you just saved...; and delete that file from My notes.
You could of course just not re-import the key and see what breaks...:).
Btw, RKR is just that, a revealer - it is up to you to define what is bad, and then to fix it...

Now, the nemesis, the BHO and Winlogon Notify.. At this point some say.. Great! you're clean!. The tough bit

here is that your CLSID has not been reported yet, but the msac bit of the dll name is something that Vundo can

manufacture from its coded scraps. So …

"the registered name in Windows"!!! so that's what you wish to change... you shoulda said so!! Easy. start>run>type regedit. Go to this key:
HKLM\Software\Microsoft\Windows NT\current version [open this by highlighting it]...and there you have it, down near the botom of the list -registered owner! Highlight the name, change the data entry via edit > modify.

...sorry about the shocking way the formatting translated...

First, the RKR results. They're ok..

HKLM\SOFTWARE\Classes\webcal\URL Protocol :- this one is benign. It actually directs you to this site

[http://www.hklm.com/?f] if u put it in a browser as a URL, which it rather suggests that you do from its reg entry..:).
Have a look by entering the key as an http://www. URL. [ If you used opera, rclick menu would give you that

opportunity..]. So remove it if you do not use that site.

C:\WINDOWS\Driver Cache\i386\aec.sys :- Not a problem... you can check its properties if you like [it's prob zipped

inside the SP2.cab file in i386... should be a microsoft file..an audio driver add-on.]
- so that's clean.

Secondly, ewido.. So we have a name for that pest...Downloader.ConHook!! ..and Ewido fixed part of it..This next

should get rid of the remainder [msac850.dll] which is variously called virtumonde [vundo for short] or Winlogon

Notify trojan. The name of the .dll file varies, but not its game.
So....
- go here:- http://www.safer-networking.org/en/download/ ... and get Spybot S&D 1.4 [it's the top download on the

page, all you need], and it's free if you wish. Install it to a folder near other AV stuff. Somewhere... Update it.

XXXXX -in an explorer window, folder options, "Hide protected operating system files" box must be unticked as

before, and "show hidden files and folders" selected. [ i always leave this latter setting in …

...sorry, it's late, and i wanna sleep, but these 3 look sus. Google em for fixes.

R3 - URLSearchHook: (no name) - _{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)

O20 - AppInit_DLLs: interceptor.dll
- actually, this last is definitely a nasty.

Okay, I'm back, so let's go to work. Print this out, cos you are going offline soon.

This is all the stuff we are gunning for:-

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
..this one pops up every time you start, right? Do you want it?

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
...this tries to update you every time you start up. If you like Real Player, fine, keep that, but you should get rid of this thing...

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\spywarebot\SpywareBot.exe -boot
- this is a dubious bit of software... I would remove it from programs via uninstall.... anyway it serves no purpose running all the time as it shows here to be booting from startup: a waste of resources.

O2 - BHO: (no name) - {3A9D5790-8C7D-4A58-A5C6-9645FF5D78E1} - C:\WINDOWS\system32\msac850.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O20 - AppInit_DLLs: c:\windows\system32\pmkjkhf.dll

O20 - Winlogon Notify: msac850 - C:\WINDOWS\SYSTEM32\msac850.dll

Time to get some free stuff....

First off I would like you to download CCleaner from http://www.majorgeeks.com/download4191.html and put it in a new folder.

Then download RootKitRevealer from http://www.sysinternals.com/Utilities/RootkitRevealer.html [the link is at the bottom of the page] and place in a folder next to CCleaner. Read that webpage.

Thirdly go get Ewido 4.0 [free], install it alongside your other regular applications in Program Files, because you should keep it for …

For a start, and just to clear things up...this log entry is valid - it's a microsoft logon validation process:-
== C:\WINDOWS\system32\winlogon.exe

These two are not valid:-
== O2 - BHO: (no name) - {3A9D5790-8C7D-4A58-A5C6-9645FF5D78E1} - C:\WINDOWS\system32\msac850.dll

== O20 - Winlogon Notify: msac850 - C:\WINDOWS\SYSTEM32\msac850.dll

Nor is this one:-
== O20 - AppInit_DLLs: c:\windows\system32\pmkjkhf.dll

The value located at this key is loaded into memory when you logon, and stays there until you log off [ a memory hog..]:- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

If you are cool with peeking inside your registry, go there [Start > Run, type regedit and then key Enter, and check that key [ if it is blank you may see the entry by selecting the AppInit_DLLs key and going View> Display binary data.] Nothing? Try Edit > modify binary data [> Cancel].
If there is an entry there, then you have to get rid of it next, because virtually no programs use that key [ except Norton, which may be why norton can slow a puter]. Getting rid of it will not be easy, because i think it will be written straight back in by normal deletion...
Let me know what you find.
Meanwhile, do get in touch with Merijn, because they KNOW stuff. HT is theirs, after all.

...then i do not know. maybe your keyboard.drv file broke a bit. Check that it has not been changed accidentally, maybe download a new one for your particular keyboard. Reset it, anyway... reload it from the list that will be there. Tell us what u find, pls...

Get some text up, or something to copy, select a piece and do ctrl C. Then go Start > RUN, type in clpbrd, ENTER.
A new window will open, the clipboard window. What you selected and copied should be in there.... is it? Come back and say....

O20 - AppInit_DLLs: c:\windows\system32\pmkjkhf.dll
O20 - Winlogon Notify: msac850 - C:\WINDOWS\SYSTEM32\msac850.dll
The first O20 is the problem. Run HT again and delete it.
The second O20 i am suspicious of.... i can find no reference to it at all. Delete it also and see if a problem arises sometime. If there it does you can always restore it later.
Winlogon notify is a tool microsoft put into a security download set recently to check if you have a genuine copy of windows, and the O20 entry with WgaLogon.dll is part of that. Leave it there.
[pmkjkhf.dll is a randomly named file which has been placed in the AppInit_DLLs so that windows loads it automatically each time it starts...]

..and now my two bob's worth... i use AVG free, Ewido anti-spyware [also free], and Spywareblaster. The first two u have to drive manually a little because they are the free versions, but it's not a problem; the third you just manually update once a week or so. And with that combination, Adaware seldom finds a thing on my machine. Does me. For random scans i use Panda activescan [an online scan] and Blacklight beta.

one other thing, do you still have spyware doctor on your machine?

First thing....do you still have Spywaredoctor on your machine? Because I could not see an entry for it.. and am wondering if Symantec is not picking up a siganture in the sdhelp.exe file....
Moving on.. i walked my eyes over the HT log and could not see any supicious entries. But since Symantec detected Hacktool.HideWindow, Google that name and go to the symantec site, click on removal, and follow the instructions there.
Do you find your system is a bit slow with both symantec and norton AV running?
The [mouse?] cursor moving... if it is just jittering, u could have an optical mouse? and they occasionally do that. If it's moving in a definite, controlled sort of way, then.... erk! [Remote assistance .. i assume uv turned this off if u never use it?] I doubt if any hacker would bother moving the cursor! A dead give-away!

oh, man, why do people have so much stuff in their Autostart folder?

One more thing, since Norton says you have the rootkit, lets assume that blacklight can fix the problem for you. So before you run blacklight turn off System Restore [via start > control panel > system > system restore - check the "turn off sys restore" box, Apply.... Do this because some rootkits come with programs that also infect system restore points, and windows protects these files from any scanning programs. Any restore point you have made while infected may be compromised. So you have to turn it off, clean if possible, then TURN IT BACK ON, and make a new restore point. Gee, i hope this works!
There is another free removal tool, UnHackme, from here:http://www.greatis.com/unhackme/download.htm
Grab the evaluation version. Unhackme comes with a rootkit just so you can test out how well it works! Don't feel obliged to do this test... :)
Unhackme will hang around after you use it and check from time to time, but you can simply remove it if you wish.

Another route to System Restore, and the one you follow to actually use the thing, is this:- Start > all Programs > accessories > system tools > System Restore. The settings link there takes you to the same box as the route detailed above.

I've never had a root-kit... WOW! lucky you!! I've run this a couple of times for boring, clean scan results. Go get it NOW.... cos the free version ends on Oct 1st. Tell us if it does the job - it's a rootkit scanner and removal tool.
http://www.f-secure.com/blacklight/
Save it to a folder, put a shortcut to it on your desktop, start it and click Run and agree to license, next.. then scan. It will put a report in the folder you saved it to upon download.

well, there you go... I knew there was scope when i said i wanted to learn.. :). I had no idea that drivers made ANY distinctions between users..

umm... you cannot load xp from the drive folder in windows.... is that what you have been trying with the CD? To load XP you must boot from the CD, so before you do a restart the CD must be inserted. But if the Boot Order is set to IDE0 first then it will not look at the CD drive for boot information, rather it will take it from the hard drive. So, check this out:- on startup, when it says to, hit DELETE to enter setup and so be able to change the BIOS, or F11 to directly access the boot order.

Via DELETE and SETUP: use arrows to go to advanced BIOS settings/Boot Order - set it to CDROM first, IDE0 second; ESC, Quit with Save=Y.

or///

Via F11 : just change first boot to CDROM, follow the instructions.

By taking either of these actions you will bypass administrators rights because the process will never advance that far - you will go straight into the boot process where you will eventually be given the option to reformat the hard drive [AND SO DESTROY ALL THAT WAS ON IT!!], and then to load up XP. Tell us how u get on...

does this program actually demand to be run with administrator privileges, and will not otherwise run? or is it just that it was loaded into an administrator account? if the latter, just copy the startup file from the amin user account to the startup folder in your own account... i've done that with nero for example with no probs so it could be shared with other users.. just an idea. it's all a game.

SP2 is all about security. Why not put it in? [it would not be the problem, though...]. With a clean install your first visit on the net should be to Microsoft Update. Are your video drivers the latest available? Run chkdsk. Try pulling the DDR module and replugging it in the socket a couple of times, same with the HDD cables at the motherboard and drive ends [naturally with power off!]. No sharp kinks in this cable if u have a SATA drive? If it's an IDE type, is the drive connected to the right plug in the cable?
But really, for complete safety, because viruses can do this sort of thing, load SP2 and get updated immediately. And load a decent AV program next off. And don't go on the net without a firewall. The windows firewall is better than nothing, it blocks all unrequested connection attempts.

One other thing, outlook express behaves strangely. As you may note from the above post my default program files for apps is in E:\ Program Files; windows has C:\ all to itself. When i first installed XPSP2 i deliberately broke OE. To get it back some time ago i had to reinstall msoe50.inf and wab50.inf from the cd. Fine, but it rebuilt OE in C:\ Program Files, and also in E:\ Program Files folder!! It will run from either folder. Further, if i rename an exe file in E:\ P..F... it will write in a new one and go on working, but if i make it inoperable in C: it stays that way. Since it's pretty much a core part of XP i would have preferred it to be just in C: along with the rest of Windows. It looks like it is where it wants to be, in E:. I am not going to change my default %programfiles% from E: just to please it.

comatose, thank you for that reply.... you've opened a new door for me. Strangely, the script did not recognize the path of my little cmd file, so i'm looking into that, learning the basics of WSH... cscript and wscript, plus a bit of vbs. I'll drop the file into a script and get it to tell me what it sees for the path. By the way, the .cmd file is just this:-

@ECHO OFF
START /DE:\"Program Files\YPOPs" ypops.exe
%HOMEDRIVE%%HOMEPATH%
START /DE:\"Program Files\outlook express" msimn.exe

..simple as.. but all it needed to be.

doubleclick is a more invasive cookie and you need also to get rid of the spyware that installed it. go here :-
http://www.spywareremove.com/removeDoubleClick.html
For some of the other stuff check control panel/installed pgms.
Then go here and get ewido..it's free if you can do with the manual version. it's good...it will identify bad cookies and prompt you to remove them.
http://www.ewido.net/en/download/
Get spywareblaster... another good free service.

i could write this up myself, but if i give you the link, then those folks get the credit.... and the stuff there applies to you. go get it, and be safe[r].

http://www.pchell.com/support/mywebsearch.shtml

O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing) :- You do not really want this one in there... do a search for smitfraud cleaner and run it. This one for example... http://www.spywareremove.com/removeSmitFraud.html

from Task Manager, when your iexplore CPU usage rockets, what does the network usage indicate concurrently?

is windows installed on that 60GB drive?... cos it's getting kind of full. Try off-loading a few folders to the other drive. Just guessing....

I use Outlook Express as my mail client, and a POP3 interpreter YPOPS to give OE access to my Yahoo accounts. It works like a dream. But it's two clicks too many to open YPOPS and OE both, so i changed the OE shortcut to point to a .cmd file [...batch file if u like...] dropped into the OE folder which opens YPOPS and then OE. Ohyazzz...! Now, is there any way i can stop the cmd window from opening for a split second as it does this simple thing? There must be a cmd somewhere..... any ideas? [..and i do not mean @ECHO OFF... I do not wish for the window to open at all]. It's just a neatness thing.. on the bothersome scale of 1-10 it doesn't even rate... it's just that i like to learn stuff.

... just one other thing, I really believe in putting Windows into its very own partition, min 5GB, up to 10GB if you can spare it. Then it can spread out to its heart's content. Applications in another partition; temporary data [net rubbish, you know, cookies, temp inet files, stuff u only keep for a few days] in another; important data in yet another. Or more. Then if XP stuffs up you only have to reinstall it and the apps [apps cos a reinstall rewrites the registry], and hopefully all else is safe.

I'm just watching, learning..... u say that you've read so much... but M$ have this to say on your "i386/ntkrnlmp.exe could not be loaded - error 7" message:-

CAUSE
This behavior can occur if either one of the following conditions is true: • There are incorrect settings in the computer's basic input/output system (BIOS) configuration.

-or-
• One or more of the random access memory (RAM) modules that is installed on the computer is faulty.
This is the URL :- http://support.microsoft.com/kb/318729/en-us
So i assume that u tried setting your CMOS BIOS to default, and then tried swapping out RAM blocks [if u have multiple RAM cards, then you can try without one, and then another... keep swapping; or if u only have one installed, borrow one.]?
And as for the sys32/config/system error, well, that googles to M$ support also - that seems to imply a registry problem.... but i'd go with the BIOS and RAM swaps first. easy as. I'll keep watching... good luck
[and everyone with XP has that file...!]

So what happened when u ran chkdsk on ur computer? Run it from the recovery console using the DOS-like command. [Place the XP install disc in the drive and restart. From startup, boot from ur XP install disc and press r to repair [enter recovery console]. You will get a DOS-like screen which will ask for any administrator password [if none press enter]; past that a DOS-like prompt. Type chkdsk /? if you need help with chkdsk, otherwise just type chkdsk and enter.]

...you will also have to uncheck "hide protected operating system files" under explorer folder options/view. Then open a clean notepad, and drag C:\boot.ini into it. Then you might go back and recheck that box...

...this is what is happening.... you are seeing the solid colour of ur wallpaper background in a box sized to suit the icon labels. This box shows thru ur current wallpaper, ie the dog's breakfast that u have currently.. :) [ dunno what the prob is, i can see it...]. You can either tone down the colour of your background to something u like via desktop properties [rightclick the desktop], or go to control panel > system > advanced > performance settings and ticking the "use drop shadows for icons..." box if u wish to have a custom setting, or select the best performance button..

perhaps you are long since sorted... but not by anything i read here. the windows log-in name..... do you mean the one that is shown if u follow this path :- Start > control panel > system > computer name? And if u do, well, now you know how to change it. Nothing is forever....

ahh..looks more deeply...california, huh?! As the ground moves (jerks), so are the people...

Ha!. it aint over yet! just info..: i use an MS intellimouse that has 5 buttons, no compatibility probs ( of course!), side scroll, and fits my hand just so. and i think that that is a very important factor. and cos it sucks batteries until they go hollow-sided, i only use old batteries in it. it tells u when they are almost dead, and its time to raid that dim flashlight...actual battery drain? not a worry...with a new set i imagine many months would be possible. but i do not know..:D.

you do not mention loading drivers for the new screen and ATI board...ATI pro driver? the monitor, tho, should be just a plug n play thing.....so check that ati driver. go to their site.

cat, i really appreciate that feedback - this is the first chance i've really had to play around with partitioning, cos of my new, much larger and faster system. i did not expect to get it right first time; now i'll get on with my second review. yes, the structure is 3 primary plus logical drives. [ A small point...because i have not loaded up all my old files yet i was able to rearrange my partitions by the process of copy, shuffle, delete ptn and create; i have read the panic posts courtesy of partition magic usage!.]**

one reason for my structure is that all web-derived information is isolated from critical folders up until the point that i adopt it.....along the same thread, if something fouls a partition then repair is simpler.... but i can cancel p: and boost c: to 10GB . I have found that some games, eg Half-life 2 which i since have considered getting, want up to 5GB, so i'm feeling a little heat right there right now. Already then, it is obvious that i have been too miserly on space [ i've looked backwards, and not forward ]; space is my new luxury. But games come and go also, and i thought it would be convenient to keep their data files right alongside the pgm. Less havoc when i unload, and possibly faster.
Ps... notice how one must use the word “backwards and not “backward? cf “forward? It's not the plural; a …

i know this is an ages old thread, but here....to save typing, grab this link. i do not think that u have a fault, rather that u are looking down too deeply into ur screen. so u can see the internal curvature of ur display face. the outside of the glass face may be flat, but the inside, where the phosfor is, is curved. re the link, go 1/3 down, to The Flat Thing. the link: http://www.dansdata.com/753df.htm

toki, i am way in the dark here, but i do know that some lcd screens hate excessive UV and heat...we're talking lots of direct sunshine here.....the plastic layers and cells that make up the screen can warp microscopically and put an alignment pressure on the crystals. so they change, darken....and there is no way back. try it by gently pressing your finger on the screen...my simple and situation-ignorant advice is to not leave ur screen in direct sunlight.