How to post a Power Point File in Blogspot.com

HAPPY CHRISTMAS!!

Since we are in holiday, I don’t have any case to post. A friend ask me how to share a power point file in her blog in google, means in blogspot.com. There are several ways, but here I suggest what I think the simplest but nice looking.

You have to put your .pps file “somewhere”. You can put in many free file sharing hosting sites, but since you have had an account in google, I think better you put it there so you will not need to manage so many accounts. The blogger itself doesn’t have a feature to upload directly, so you have to create a “site account”. Log in your google account and click My Account to find the links for the features available.

Click “Site” and create a new one.

Just follow the procedure until you have the new site. Then create a new page.

Name the page “ppt” and choose the page type as “file cabinet”

Add file in that page “ppt”, browse from your computer and upload

When uploaded is finished, then make note of the file address. You can find in the left bottom when you put your mouse on the file name.

For link address, you would not need to put the “?attredirects=0″. Means, upto your file name, include the extention.

Now, your .pps file is ready. Go to your blog. Insert an image as the tumbnail image, using “insert image” feature.

Then, select the image and click “link to” button.

Put your link address in the dialog box.

That’s all. You can see mine in this link. Good luck!

Fighting againts Virtumonde – vegibeya.dll

Again, this computer is protected by Symantec End Point. It caught some trojan and adware. Then it came to me, without any clear description about the problem caused by the malwares.

So, as usual, first step is disable the Symantec AV and turn off the system recovery of Windows, then I start scanning with Spybot Search and Destroy. It caught not less than 50 infected files by several malwares: Winsoftware.WinAntiVirusPro2006; AdREvolver, Zedo, etc … seems the worst was what was named “Virtumonde”. It infected in several registry entries and system files: I made note of this vegibeya.dll; wowazevole; owozurop.ini and even one ~.exe in C:\WINDOWS\System32

I did fix with Spybot SD, then I run hijackthis. The .dll still there. I fixed with hijackthis, and scan again – it still there, also after reboot. An error message always came, the windows tried to execute vegibeya.dll; Means the registry is still exist, seems it reproduced by itself after being deleted.

Then, I use the third tool, Malwarebyte. This is the log file :

Memory Modules Infected:
C:\WINDOWS\system32\kokufara.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\karobivi.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b348c9f9-a039-4233-a926-ce937ca67459} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b348c9f9-a039-4233-a926-ce937ca67459} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b348c9f9-a039-4233-a926-ce937ca67459} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9504ae8f-1019-4258-a047-c04ccc5301e6} (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e7467507-dd40-4123-be49-7b7df5db80c6} (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c1bc108b-b3ef-4e18-8ee6-cf3c381e3783} (Trojan.Clicker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wowazevole (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\karobivi.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\karobivi.dll  -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\karobivi.dll -> No action taken.

Folders Infected:
C:\Program Files\A360 (Rogue.A360Antivirus) -> No action taken.

Files Infected:
C:\WINDOWS\system32\kokufara.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\karobivi.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\stefani\Local Settings\Application Data\Mozilla\Firefox\Profiles\ykcctfng.default\Cache\D99D83DFd01 (Rogue.Installer) -> No action taken.
C:\Documents and Settings\stefani\Local Settings\Application Data\Mozilla\Firefox\Profiles\ykcctfng.default\Cache\D99D8DDFd01 (Rogue.Installer) -> No action taken.
C:\Documents and Settings\stefani\Local Settings\Temporary Internet Files\Content.IE5\15XCNHN3\1[1].exe (Trojan.Agent) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20081222-105614-902.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20081222-105744-995.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sysaudio.sys (Trojan.Agent) -> No action taken.

I do ”clean” with that Malwarebyte, and run again hijackthis. “vegibeya.dll” still there!! I went through regedit, and deleted the entries of vegibeya.dll in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. After that, the logfile of hijackthis became clean.

For making sure, I open msconfig (run -> msconfig). I still found the entry was there in “start up” menu. It is only disabled. To delete it, I went to regedit and delete this entry :

HKCR\Software\Microsoft\Sharedtools\msconfig\startupreg\wowazevole

Hopefully it is gone all!!

Windows Media Player’s decoder problem

If you can’t play your DVD or other  file in Windows Media Player 10 and get this error message:

“Windows Media Player cannot play the DVD because a compatible DVD decoder is not installed on your computer.”

Then, one the solution is to install the decoder.

Microsoft website would bring you to another site who sell the decoder, but of course we would like to have the free one. So go to xpcodecpack.com, download it and install in your computer. In installing you have to check the choice box of mpeg1 and mpeg2 – also for the audio, check all choices, they were not checked by default. It will create also their own player – but if you don’t like it, you can check the box “don’t create shortcut”.  After installing this codec, you can run the dvd movie but some  dvd with protection can’t play yet.

I install PowerDVD for this problem. Since I need only the decoder, I don’t need to buy the PowerDVD – just install and let it be. I have to put the Serial Number if I want to play with that player.

Post an animated .gif image in blogger.com

Blogger.com (or blogspot.com – the blog site of google) seems doesn’t support animated gift. The real matter is not that, but your blog in blogspot.com get the image from picasaweb, yet picasaweb doesn’t support animated .gif – it automatically convert your animated .gif to .jpg;

To post your animated .gif in your blogspot, do this way :

1. Post/ upload your animated .gif in other hosting site, for example in photobucket – or in my example here, I use one image from this blog site.
2. Then open your animated .gif (of course from other site than blogger.com) and look for the url and copy it. See this picture
3. Now open your blogspot site and click upload image. Put the url in the blank box. Then click “upload”
4. You get it works now! See this in blogspot.com.

Two problems, TCP/IP crash and %system%/bim/svchost.exe

This is a Win2K computer Pentium4 1.7GHz, installed Symantec End Point 11. The owner complainned it was often disconnected from the network. Then, it gave error message “The system has detected an IP address conflict with another system on the network …..” Since I was very sure with the network system and setting in the server, first step of repairing is cleaning the computer from any malware.

Not so easy to clean a computer that is always disconnected since that disturbed the update of the antivirus program.  First I used Spybot Search and Destroy, it caught some tracking cookies, Gain.gator and Hotbar. Then I used SuperAntiSpyware, it caught some tracking cookies.

Then, I run hijackthis. It showed an RUN entry in C:\WINNT\system32\bim\svchost.exe – as the svchost.exe is not in the usual folder, I deleted it.  For making sure, I run AVG8 Free – caught only few tracking cookies.

After reboot, I check the event log (right click My computer -> manage -> events) and saw error message in Service Control Manager – a service failed to run named “Secure Connectivity Provider (AAVF)”.

I check the services (right click My Computer -> manage -> services) and saw that the service named Secure Connectivity Provider (AAVF) run the svchost.exe I had deleted. So, I went to regedit and go to “HKEY_LOCAL_MACHINE\system\currentControlSet\Services” and delete the entry of Secure Connectivity Provider (AAVF).

I think my fight against the malfare was over – the computer run better. I uninstall all the antispyware software and install Kaspersky. The connection to the network was much better but the TCP/IP error still appeared. The error message mentioned an MAC address that used the same IP. I have DHCP/DNS server, so I wondered how it could be crashed.

I run Colasoft Mac Scanner to see the IP and MAC address in each host in the network. I could not fint the MAC address mentioned by the error message.

I did disjoint and rejoint the domain, also change the computer name – expected that the DNS server would assign another IP address, but it didn’t. So finally I change manually the IP address of the computer.  Control Panel -> Network connection -> right click the LAN connection -> properties -> TCP/IP protocol -> put the new IP address and also the server’s IP.

After restart, I run again Colasoft Mac Scanner. Woila! the computer has its new IP and the old IP now with the MAC address exactly same as mentioned by the error message. At that time I remembered that I have an access point that was assigned to that IP. That access point was seldom used so the computers owner might not be aware/ make attention when there had been TCP/IP crash before.

One case I learned is … the DNS server would not change the IP automatically if it has been already assigned to a device – even another new device comes with that same IP.

Unknown device in Device Manager

It is in laptop HP Compact 6710b.  It was okay, at least I didn’t realize any problem until suddenly my Windows Media Player didn’t want to sound any format, gave a error reminder box seemed it was an encoder problem. I installed WinAmp and give the same result – but it mentioned a lack of device setting/driver. Windows Media Player worked well the day before.

Then I found in Device Manager (Right click “My Computer” -> properties -> Hardware -> Device Manager) a big yellow question mark: Unknown Device.

I go to System Information, using RUN -> msinfo32 (you can also get it from Start Menu),  then in the tree menu “Component” -> “problem device”. I found the misssing device driver is ACPI\IFX0102\4&2FFE84EA&0;

From some forum I found from googling, it is lack of TPM module. There are some installer for it in hp support sites but it is not for this type of laptop – so I just do trial and error. From one link/ page I got an installer named SP32806.exe and I installed it. But it didn’t work, seems it’s really not for this laptop. Searching again, I got SP31500.exe from this link and it worked well. After installing, no more unknown device in my Device Manager, and the Windows Media Player worked well back. I wonder if the problem of the WMP came from this driver. I had another same laptop also with unknown driver problem (I forgot what was the missing one) – but the symptom was a problem in wireless connection.

Anyhow, checking Device Manager is a step you should consider if you have problem with your windows.