Sign in with
Sign up | Sign in
Your question

Can't find folder

Last response: in Windows XP
Share
Anonymous
September 17, 2005 4:13:19 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

When I look at Start-Up, there are entries like "My WebSearch Email Plugin"
and they are supposed to start from
"C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE"

But when I use Windows Explorer to look in the C:\Program Filse folder,
I can not find the folder "MyWebSearch".
Under "Tools" "Folder Options" "File Type" I have the "Show hidden files and
folders" turned on (radio button selected).

Also can't find MWSOEMON in the registry.

Help, anyone?

Thanks!

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

More about : find folder

Anonymous
September 17, 2005 6:01:45 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

John <>< wrote:
> When I look at Start-Up, there are entries like "My
> WebSearch Email Plugin" and they are supposed to start from
> "C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE"
>
> But when I use Windows Explorer to look in the C:\Program
> Filse folder,
> I can not find the folder "MyWebSearch".
> Under "Tools" "Folder Options" "File Type" I have the "Show
> hidden files and folders" turned on (radio button selected).
>
> Also can't find MWSOEMON in the registry.
>
> Help, anyone?
>
> Thanks!
>
> John <><
>
> A wise monkey is a monkey who doesn't monkey
> with an other monkey's monkey.

Run any antispyware scans lately? Spybot S &D? AdAware?
Microsoft Anti Spyware Beta?

I think what you're seeing is the result of an antispyware
program removing the My Web Search toolbar. Unfortunately, it
left behind the startup entry in your registry. Are you getting
an error message at startup about Windows not being able to
find that file? If so, then that's because the program has been
removed.

The simplest way to solve your problem would be to run the
Registry Editor (Start -> Run -> Regedit.exe) and Navigate to
the location that msconfig displays for that file. It will be
one of these two locations:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Look for an entry in the right hand pane for that file. Right
click on it and select Delete from the drop down menu.

Here's an article that discusses removal instructions for My
Web Search:

http://www.pchell.com/support/mywebsearch.shtml

If you need help analyzing a HijackThis log, you should post it
to one of these forums:

http://forum.aumha.org/
http://castlecops.com/forum67.html
http://www.bleepingcomputer.com/forums/HijackThis_Logs_...
http://forums.tomcoyote.org/index.php?showforum=27
http://spywarewarrior.com/viewforum.php?f=5

To be on the safe side you might want to make sure your
antivirus program is up-to-date and run a scan.
You should also run a scan with AdAware and Spybot S & D.

AdAware
http://www.spychecker.com/program/adaware.html

Spybot S & D
http://www.spychecker.com/program/spybot.html

You might also consider running some of the online virus
scanners:

http://housecall.trendmicro.com/

http://www.pandasoftware.com/products/activescan/com/ac...

http://us.mcafee.com/root/mfs/default.asp?WWW_URL=www.m...

Post back if you have any questions.

Nepatsfan
Anonymous
September 17, 2005 9:24:49 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Download, install, update and run all of the following.

Ad-Aware
http://www.pcbutts1.com/downloads/aawsepersonal.exe

Spybot search and destroy
http://www.pcbutts1.com/downloads/spybotsd14.exe

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

Microsoft Windows AntiSpyware (Beta1)
http://www.microsoft.com/downloads/details.aspx?FamilyI...

If none of the above fixes the issue then download Hijack this, run it, save
a copy of the log file and cut and paste it back here to this group so that
I can analyze it. Ignore anyone especially the troll Leythos, who will tag
along a nonsense post to this message, who tells you to post it elsewhere. I
need to see it not them.


HijackThis
http://www.pcbutts1.com/downloads/HijackThis.zip



--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"John <><" <nospam@nospam.ca> wrote in message
news:umfoi1puigmhuafr94g5r0pq888fgce9o6@4ax.com...
> When I look at Start-Up, there are entries like "My WebSearch Email
> Plugin"
> and they are supposed to start from
> "C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE"
>
> But when I use Windows Explorer to look in the C:\Program Filse folder,
> I can not find the folder "MyWebSearch".
> Under "Tools" "Folder Options" "File Type" I have the "Show hidden files
> and
> folders" turned on (radio button selected).
>
> Also can't find MWSOEMON in the registry.
>
> Help, anyone?
>
> Thanks!
>
> John <><
>
> A wise monkey is a monkey who doesn't monkey
> with an other monkey's monkey.
Related resources
Anonymous
September 17, 2005 9:24:50 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Sat, 17 Sep 2005 17:24:49 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

>Download, install, update and run all of the following.
>
>Ad-Aware
>http://www.pcbutts1.com/downloads/aawsepersonal.exe

Already have it (and use it weekly)
>
>Spybot search and destroy
>http://www.pcbutts1.com/downloads/spybotsd14.exe

Already have it, and use it weekly also.
>
>Ewido Security Suite Trial version
>http://www.pcbutts1.com/downloads/ewidosetup.exe
>
>Microsoft Windows AntiSpyware (Beta1)
>http://www.microsoft.com/downloads/details.aspx?FamilyI...
>
Thanks, Jose and pcbutts1 !!

I ran Spybot-S&D, and it found several istances of nasties on my computer, which
I deleted.
However, the start up manager still showed some instances of the same malware.
I D/L'd and installed EWIDO - It found some (more?) malware.
Now, my faith in Spybot-S&D is shaken.
Question # 1: Should I spend the $ 30 (US) to get EWIDO? or would it also miss
certain malware files which a $ 40 or $ 50 program would find?

Question # 2: Every so often, Bill Gates reminds me that my Windows Firewall
is not activated.
I know that - I have a router and consider its firewall sufficient.
Hoevever: What is/are the (dis)advantage(s) of having Windows Firewall
activated along with the router?

Thanks!

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.
Anonymous
September 17, 2005 9:24:51 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Sat, 17 Sep 2005 15:11:57 -0400, "John <><" <nospam@nospam.ca> wrote:

>
>I ran Spybot-S&D, and it found several istances of nasties on my computer, which
>I deleted.
>However, the start up manager still showed some instances of the same malware.
>I D/L'd and installed EWIDO - It found some (more?) malware.
>Now, my faith in Spybot-S&D is shaken.
>Question # 1: Should I spend the $ 30 (US) to get EWIDO? or would it also miss
>certain malware files which a $ 40 or $ 50 program would find?
>
>Question # 2: Every so often, Bill Gates reminds me that my Windows Firewall
>is not activated.
>I know that - I have a router and consider its firewall sufficient.
>Hoevever: What is/are the (dis)advantage(s) of having Windows Firewall
>activated along with the router?
>
I ran Spybot-S&D. It found a lot of nasties, and removed them.
It removed all but two references to "MyWebSearch" from the startup manager.
I ran EWIDO. It found and removed a whole slew more of nasties.
However, the two references to "MyWebSearch" are still in the startup manager.
I ran "Spyware Doctor" - it told me there are six spyware files on my nachine -
none of them called "MyWebSearch". However, it won't remove them unless you buy
the program first.
The reference to "MyWebSearch" in the startup manager is still there.

Is there one program that will remove *all* the garbage? Can I afford it?

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.
Anonymous
September 17, 2005 10:49:27 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Hi John,

Looks you got a case of spyware/malware/adware. I suggest you read my quick
article about how to delete and remove spyware from your system. Take at
look (URL) - http://www.xpsource.com/security/removing-spyware/

Hope this helps!

--
Best of luck,

Jose Francisco
jose@xpsource.com or josefarrugia@gmail.com
XPSource - http://www.xpsource.com

"John <><" <nospam@nospam.ca> wrote in message
news:umfoi1puigmhuafr94g5r0pq888fgce9o6@4ax.com...
> When I look at Start-Up, there are entries like "My WebSearch Email
> Plugin"
> and they are supposed to start from
> "C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE"
>
> But when I use Windows Explorer to look in the C:\Program Filse folder,
> I can not find the folder "MyWebSearch".
> Under "Tools" "Folder Options" "File Type" I have the "Show hidden files
> and
> folders" turned on (radio button selected).
>
> Also can't find MWSOEMON in the registry.
>
> Help, anyone?
>
> Thanks!
>
> John <><
>
> A wise monkey is a monkey who doesn't monkey
> with an other monkey's monkey.
Anonymous
September 18, 2005 2:28:12 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Sat, 17 Sep 2005 14:01:45 -0400, "Nepatsfan" <nepatsfan@SBXXXIX.com> wrote:


>Run any antispyware scans lately? Spybot S &D? AdAware?
>Microsoft Anti Spyware Beta?
>
I do so regularly; I also have Spyware Blater running all the time.
Unfortunately, I found that Spybot-S&D is not doing the job I trusted it to do.

Trend Micro Anti-Spyware seems to have done the job.

Thanks to all who offered helpful suggesttions!


John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.
Anonymous
September 18, 2005 3:39:31 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

John <>< wrote:
> On Sat, 17 Sep 2005 14:01:45 -0400, "Nepatsfan"
> <nepatsfan@SBXXXIX.com> wrote:
>
>
>> Run any antispyware scans lately? Spybot S &D? AdAware?
>> Microsoft Anti Spyware Beta?
>>
> I do so regularly; I also have Spyware Blater running all
> the time. Unfortunately, I found that Spybot-S&D is not
> doing the job I trusted it to do.
>
> Trend Micro Anti-Spyware seems to have done the job.
>
> Thanks to all who offered helpful suggesttions!
>
>
> John <><
>
> A wise monkey is a monkey who doesn't monkey
> with an other monkey's monkey.

You're welcome. Thanks for letting us know you got it fixed.

And, since no one answered your earlier question about the
Windows Firewall, I'll offer my opinion. The main advantage of
running a software firewall is that it allows the user to have
some control over internet access. That said, the Windows
Firewall would not be my first choice since it doesn't monitor
outbound activity. Here are a few free firewall programs that
will do the job:

Zone Alarm
http://www.zonelabs.com/store/content/company/products/...

Sygate Personal Firewall
http://smb.sygate.com/products/spf_standard.htm

Kerio Personal Firewall
http://www.kerio.com/kpf_download.html

Here's an article that does a pretty good job of explaining why
running a software firewall is a good idea even if your system
is behing a router:

Should I run a software firewall behind my NAT router?
http://www.dslreports.com/faq/4629

Nepatsfan
Anonymous
September 18, 2005 5:40:31 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Ewido is worth buying. To remove the start up entry I need to see your HJT
log so I can tell you what to have it fix.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"John <><" <nospam@nospam.ca> wrote in message
news:ibvoi1tpti6ncu0t1jvh0ojsj80lp9cktf@4ax.com...
> On Sat, 17 Sep 2005 15:11:57 -0400, "John <><" <nospam@nospam.ca> wrote:
>
>>
>>I ran Spybot-S&D, and it found several istances of nasties on my computer,
>>which
>>I deleted.
>>However, the start up manager still showed some instances of the same
>>malware.
>>I D/L'd and installed EWIDO - It found some (more?) malware.
>>Now, my faith in Spybot-S&D is shaken.
>>Question # 1: Should I spend the $ 30 (US) to get EWIDO? or would it
>>also miss
>>certain malware files which a $ 40 or $ 50 program would find?
>>
>>Question # 2: Every so often, Bill Gates reminds me that my Windows
>>Firewall
>>is not activated.
>>I know that - I have a router and consider its firewall sufficient.
>>Hoevever: What is/are the (dis)advantage(s) of having Windows Firewall
>>activated along with the router?
>>
> I ran Spybot-S&D. It found a lot of nasties, and removed them.
> It removed all but two references to "MyWebSearch" from the startup
> manager.
> I ran EWIDO. It found and removed a whole slew more of nasties.
> However, the two references to "MyWebSearch" are still in the startup
> manager.
> I ran "Spyware Doctor" - it told me there are six spyware files on my
> nachine -
> none of them called "MyWebSearch". However, it won't remove them unless
> you buy
> the program first.
> The reference to "MyWebSearch" in the startup manager is still there.
>
> Is there one program that will remove *all* the garbage? Can I afford it?
>
> John <><
>
> A wise monkey is a monkey who doesn't monkey
> with an other monkey's monkey.
Anonymous
September 18, 2005 5:40:32 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Sun, 18 Sep 2005 01:40:31 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

>Ewido is worth buying. To remove the start up entry I need to see your HJT
>log so I can tell you what to have it fix.

Actually, Trend Micro Anti-Spyware removed it OK.
Ewido didn't, and Spyware Doctor won't let you try and remove anything unless
you buy it first.
I'm sort-of leaning towards getting Trend Micro Anti-Spyware



John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.
Anonymous
September 20, 2005 1:36:46 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Sun, 18 Sep 2005 01:40:31 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

>Ewido is worth buying. To remove the start up entry I need to see your HJT
>log so I can tell you what to have it fix.

OK - I have run several programs, and pretty well cleaned out my computer
(I think and hope).

I realize the only way to know for sure is to wipe everything, and start from
scratch.
I have done this before, but am not quite ready to do this now.

One program (Spyware Doctor) tells me that I have two entries to be concerned
about: " HKCR\.b3d " and " HKCR\.b3d ## " (note there's a "dot" in these
names). It tellls me it's a medium risk thing, installed "silently" by
"Brilliant Digital Entertainment with older versions of KaZaa".
I have never used KAZAA or any other music or file-sharing program.

Incidentally, as an aside, I have been using "idisk utilities for Windows" but
right now (and for the last few days - probably since I acquired all this
garbage) it will not work I tried it from my wife's computer, and it works fine
(proving I am using the correct log-in and password).
I notice the entry from my "windows/sys32/drivers/etc/host" file is in the
hijackthis log. Coincidence?

The log follows:

Logfile of HijackThis v1.99.1
Scan saved at 19:22:36, on 09/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\LanLight\LanLight.exe
D:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
D:\TOOLS\Systools\TMAS\Tmas.exe
D:\TOOLS\OnLineTools\FireTrust\MailWasher Pro\MailWasher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Handspring\HOTSYNC.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Agent\agent.exe
C:\Install\HijackThis\HijackThis.exe

O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com
idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com
idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com
idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com
idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com
idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
D:\TOOLS\Systools\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Dimension4] D:\TOOLS\OnLineTools\D4\D4.exe
O4 - HKLM\..\RunServices: [MOSearch]
C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MailWasherPro.lnk = D:\TOOLS\OnLineTools\FireTrust\MailWasher
Pro\MailWasher.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: LanLight.lnk = D:\Program Files\LanLight\LanLight.exe
O4 - Global Startup: Firefox Preloader.lnk = D:\Program
Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk =
D:\TOOLS\Systools\TMAS\Tmas.exe
O8 - Extra context menu item: &eBay Search - res://D:\Program Files\eBay\eBay
Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZH
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
(file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
NameServer = 209.226.175.223,192.168.0.1,4.2.2.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.
Anonymous
September 20, 2005 6:23:32 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Have HJT fix the following lines by placing a check mark next to each line
in HJT then click on the fix checked button on the bottom. Once that is done
then download this hosts file. I have created a self extracting zip file
which will automatically replace your hosts file.
http://www.pcbutts1.com/downloads/hosts.exe

O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com
idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com
idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com
idisk12.mac.com
idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com
idisk17.mac.com
idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com
idisk22.mac.com
idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\RunServices: [MOSearch]
C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZH
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
(file missing)


--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"John <><" <nospam@nospam.ca> wrote in message
news:uqpui1hldpqkepb3o54710la9sp44stud6@4ax.com...
> On Sun, 18 Sep 2005 01:40:31 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:
>
>>Ewido is worth buying. To remove the start up entry I need to see your HJT
>>log so I can tell you what to have it fix.
>
>
Anonymous
September 20, 2005 6:23:33 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Tue, 20 Sep 2005 02:23:32 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

>Have HJT fix the following lines by placing a check mark next to each line
>in HJT then click on the fix checked button on the bottom.

Done

>Once that is done
>then download this hosts file. I have created a self extracting zip file
>which will automatically replace your hosts file.
>http://www.pcbutts1.com/downloads/hosts.exe

Done

Tried to use idisk utility -
Message: "Idisk Utilities requires additional entries into your host file"
I clicked "OK" the "Idisk Utility for XP" comes up - I enter the iDisk account
and password. The progression bar stopd halfway, with the message
"iDisk Utility failed to mount your Disk" (the same as it was before I had HJT
remove the lines you instructed.

This is my current HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 23:19:34, on 09/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\LanLight\LanLight.exe
D:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\TOOLS\Systools\TMAS\Tmas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\TOOLS\OnLineTools\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Agent\agent.exe
C:\Install\HijackThis\HijackThis.exe

O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com
idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com
idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com
idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com
idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com
idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
D:\TOOLS\Systools\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Dimension4] D:\TOOLS\OnLineTools\D4\D4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MailWasherPro.lnk = D:\TOOLS\OnLineTools\FireTrust\MailWasher
Pro\MailWasher.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: LanLight.lnk = D:\Program Files\LanLight\LanLight.exe
O4 - Global Startup: Firefox Preloader.lnk = D:\Program
Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk =
D:\TOOLS\Systools\TMAS\Tmas.exe
O8 - Extra context menu item: &eBay Search - res://D:\Program Files\eBay\eBay
Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
NameServer = 209.226.175.223,192.168.0.1,4.2.2.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.
Anonymous
September 20, 2005 7:44:51 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Do you have a membership at .mac? If you don't then set one up here
http://www.apple.com/dotmac/ if you do then
Try this

1. Go to your explorer file menu and choose "Open"
2. Type in "http://idisk.mac.com/username/"
3. Select "Open As Web Folder"
Does it let you in?

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"John <><" <nospam@nospam.ca> wrote in message
news:h50vi1tj1gf8vlortuk7fu7qb4min83b90@4ax.com...
> On Tue, 20 Sep 2005 02:23:32 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:
>
>>Have HJT fix the following lines by placing a check mark next to each line
>>in HJT then click on the fix checked button on the bottom.
>
> Done
>
>>Once that is done
>>then download this hosts file. I have created a self extracting zip file
>>which will automatically replace your hosts file.
>>http://www.pcbutts1.com/downloads/hosts.exe
>
> Done
>
> Tried to use idisk utility -
> Message: "Idisk Utilities requires additional entries into your host file"
> I clicked "OK" the "Idisk Utility for XP" comes up - I enter the iDisk
> account
> and password. The progression bar stopd halfway, with the message
> "iDisk Utility failed to mount your Disk" (the same as it was before I
> had HJT
> remove the lines you instructed.
>
> This is my current HJT log:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 23:19:34, on 09/19/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\Explorer.EXE
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Logitech\MouseWare\system\em_exec.exe
> D:\Program Files\LanLight\LanLight.exe
> D:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
> D:\TOOLS\Systools\TMAS\Tmas.exe
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
> D:\TOOLS\OnLineTools\FireTrust\MailWasher Pro\MailWasher.exe
> C:\Program Files\Handspring\HOTSYNC.EXE
> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
> C:\WINDOWS\system32\svchost.exe
> D:\Program Files\Mozilla Firefox\firefox.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\wbem\wmiapsrv.exe
> D:\Program Files\Agent\agent.exe
> C:\Install\HijackThis\HijackThis.exe
>
> O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com
> idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com
> idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com
> idisk12.mac.com
> idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com
> idisk17.mac.com
> idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com
> idisk22.mac.com
> idisk23.mac.com idisk24.mac.com idisk25.mac.com
> O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
> C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> D:\TOOLS\Systools\Spybot - Search & Destroy\SDHelper.dll
> O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
> O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
> O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
> /STARTUP
> O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
> O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
> O4 - HKLM\..\Run: [Dimension4] D:\TOOLS\OnLineTools\D4\D4.exe
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - Startup: MailWasherPro.lnk =
> D:\TOOLS\OnLineTools\FireTrust\MailWasher
> Pro\MailWasher.exe
> O4 - Startup: HotSync Manager.lnk = C:\Program
> Files\Handspring\HOTSYNC.EXE
> O4 - Global Startup: LanLight.lnk = D:\Program Files\LanLight\LanLight.exe
> O4 - Global Startup: Firefox Preloader.lnk = D:\Program
> Files\FirefoxPreloader\FirefoxPreloader.exe
> O4 - Global Startup: Trend Micro Anti-Spyware.lnk =
> D:\TOOLS\Systools\TMAS\Tmas.exe
> O8 - Extra context menu item: &eBay Search - res://D:\Program
> Files\eBay\eBay
> Toolbar2\eBayTb.dll/RCSearch.html
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
> Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
> O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
> http://housecall60.trendmicro.com/housecall/xscan60.cab
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
> Domain = sympatico.ca
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
> NameServer = 209.226.175.223,192.168.0.1,4.2.2.2
> O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
> O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
> O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
>
>
>
> John <><
>
> A wise monkey is a monkey who doesn't monkey
> with an other monkey's monkey.
Anonymous
September 20, 2005 7:49:30 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I'm afraid I have to own up to my ignorance here . . . .

On Tue, 20 Sep 2005 15:44:51 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

>Do you have a membership at .mac?

Not personally, but I have a log-in and password

> If you don't then set one up here
>http://www.apple.com/dotmac/

I did (a 60-day trial one).


> if you do then
>Try this
>
>1. Go to your explorer file menu and choose "Open"

Tis is where I'm lost. Do you mean "Windows Explorer"?
If so, where do I choose "open"?


>2. Type in "http://idisk.mac.com/username/"
>3. Select "Open As Web Folder"
>Does it let you in?


John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.
Anonymous
September 20, 2005 8:10:00 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I'm a Firefox person, and did not at first think you might mean MS IE.
But, I tried that.

On Tue, 20 Sep 2005 15:44:51 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

>Do you have a membership at .mac? If you don't then set one up here
>http://www.apple.com/dotmac/ if you do then
>Try this
>
>1. Go to your explorer file menu and choose "Open"
>2. Type in "http://idisk.mac.com/username/"
>3. Select "Open As Web Folder"
>Does it let you in?


John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.
Anonymous
September 20, 2005 8:12:56 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

OK - I did not think you would mean Internet Explorer (I'm a Firefox user).

On Tue, 20 Sep 2005 15:44:51 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

>Do you have a membership at .mac? If you don't then set one up here
>http://www.apple.com/dotmac/ if you do then
>Try this
>
>1. Go to your explorer file menu and choose "Open"
>2. Type in "http://idisk.mac.com/username/"
>3. Select "Open As Web Folder"
>Does it let you in?

Yes it does.


John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.
Anonymous
September 21, 2005 1:26:21 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

While logged into the site try your idisk but make sure you are logged in
using Explorer or IE I really don't think it matters but not Firefox.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"John <><" <nospam@nospam.ca> wrote in message
news:a8r0j11qb544cucuglli7rml3k1t2ai4r7@4ax.com...
> OK - I did not think you would mean Internet Explorer (I'm a Firefox
> user).
>
> On Tue, 20 Sep 2005 15:44:51 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:
>
>>Do you have a membership at .mac? If you don't then set one up here
>>http://www.apple.com/dotmac/ if you do then
>>Try this
>>
>>1. Go to your explorer file menu and choose "Open"
>>2. Type in "http://idisk.mac.com/username/"
>>3. Select "Open As Web Folder"
>>Does it let you in?
>
> Yes it does.
>
>
> John <><
>
> A wise monkey is a monkey who doesn't monkey
> with an other monkey's monkey.
Anonymous
September 21, 2005 1:26:22 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Tue, 20 Sep 2005 21:26:21 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

>While logged into the site try your idisk but make sure you are logged in
>using Explorer or IE I really don't think it matters but not Firefox.

Well this is a weird one.
I went to http://idisk.mac.com/username
That works OK. - I can see the files.

I minimized that page, tried to log in using idisk utility - no go.

I'm not sure if this ties in with the malware I had on the machine, although it
seems to have started about the same time.
Everything else seems to behave OK - several programs (except Spyware Doctor)
can not find anything that should not be there,
(repeated from an earlier post: One program (Spyware Doctor) tells me that I
have two entries to be concerned about: " HKCR\.b3d " and " HKCR\.b3d ## "
(note there's a "dot" in these names). It tellls me it's a medium risk thing,
installed "silently" by "Brilliant Digital Entertainment with older versions of
KaZaa".
I have never used KAZAA or any other music or file-sharing program.)

Bottom line - I may have to break down and reinstall Windows - other solutions
seem to elude us.

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.
!