Can't find folder

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

When I look at Start-Up, there are entries like "My WebSearch Email Plugin"
and they are supposed to start from
"C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE"

But when I use Windows Explorer to look in the C:\Program Filse folder,
I can not find the folder "MyWebSearch".
Under "Tools" "Folder Options" "File Type" I have the "Show hidden files and
folders" turned on (radio button selected).

Also can't find MWSOEMON in the registry.

Help, anyone?

Thanks!

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.
18 answers Last reply
More about find folder
  1. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    John <>< wrote:
    > When I look at Start-Up, there are entries like "My
    > WebSearch Email Plugin" and they are supposed to start from
    > "C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE"
    >
    > But when I use Windows Explorer to look in the C:\Program
    > Filse folder,
    > I can not find the folder "MyWebSearch".
    > Under "Tools" "Folder Options" "File Type" I have the "Show
    > hidden files and folders" turned on (radio button selected).
    >
    > Also can't find MWSOEMON in the registry.
    >
    > Help, anyone?
    >
    > Thanks!
    >
    > John <><
    >
    > A wise monkey is a monkey who doesn't monkey
    > with an other monkey's monkey.

    Run any antispyware scans lately? Spybot S &D? AdAware?
    Microsoft Anti Spyware Beta?

    I think what you're seeing is the result of an antispyware
    program removing the My Web Search toolbar. Unfortunately, it
    left behind the startup entry in your registry. Are you getting
    an error message at startup about Windows not being able to
    find that file? If so, then that's because the program has been
    removed.

    The simplest way to solve your problem would be to run the
    Registry Editor (Start -> Run -> Regedit.exe) and Navigate to
    the location that msconfig displays for that file. It will be
    one of these two locations:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

    Look for an entry in the right hand pane for that file. Right
    click on it and select Delete from the drop down menu.

    Here's an article that discusses removal instructions for My
    Web Search:

    http://www.pchell.com/support/mywebsearch.shtml

    If you need help analyzing a HijackThis log, you should post it
    to one of these forums:

    http://forum.aumha.org/
    http://castlecops.com/forum67.html
    http://www.bleepingcomputer.com/forums/HijackThis_Logs_and_Analysis-f22.html
    http://forums.tomcoyote.org/index.php?showforum=27
    http://spywarewarrior.com/viewforum.php?f=5

    To be on the safe side you might want to make sure your
    antivirus program is up-to-date and run a scan.
    You should also run a scan with AdAware and Spybot S & D.

    AdAware
    http://www.spychecker.com/program/adaware.html

    Spybot S & D
    http://www.spychecker.com/program/spybot.html

    You might also consider running some of the online virus
    scanners:

    http://housecall.trendmicro.com/

    http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm

    http://us.mcafee.com/root/mfs/default.asp?WWW_URL=www.mcafee.com/myapps/mfs/default.asp

    Post back if you have any questions.

    Nepatsfan
  2. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Download, install, update and run all of the following.

    Ad-Aware
    http://www.pcbutts1.com/downloads/aawsepersonal.exe

    Spybot search and destroy
    http://www.pcbutts1.com/downloads/spybotsd14.exe

    Ewido Security Suite Trial version
    http://www.pcbutts1.com/downloads/ewidosetup.exe

    Microsoft Windows AntiSpyware (Beta1)
    http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

    If none of the above fixes the issue then download Hijack this, run it, save
    a copy of the log file and cut and paste it back here to this group so that
    I can analyze it. Ignore anyone especially the troll Leythos, who will tag
    along a nonsense post to this message, who tells you to post it elsewhere. I
    need to see it not them.


    HijackThis
    http://www.pcbutts1.com/downloads/HijackThis.zip


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "John <><" <nospam@nospam.ca> wrote in message
    news:umfoi1puigmhuafr94g5r0pq888fgce9o6@4ax.com...
    > When I look at Start-Up, there are entries like "My WebSearch Email
    > Plugin"
    > and they are supposed to start from
    > "C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE"
    >
    > But when I use Windows Explorer to look in the C:\Program Filse folder,
    > I can not find the folder "MyWebSearch".
    > Under "Tools" "Folder Options" "File Type" I have the "Show hidden files
    > and
    > folders" turned on (radio button selected).
    >
    > Also can't find MWSOEMON in the registry.
    >
    > Help, anyone?
    >
    > Thanks!
    >
    > John <><
    >
    > A wise monkey is a monkey who doesn't monkey
    > with an other monkey's monkey.
  3. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    On Sat, 17 Sep 2005 17:24:49 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

    >Download, install, update and run all of the following.
    >
    >Ad-Aware
    >http://www.pcbutts1.com/downloads/aawsepersonal.exe

    Already have it (and use it weekly)
    >
    >Spybot search and destroy
    >http://www.pcbutts1.com/downloads/spybotsd14.exe

    Already have it, and use it weekly also.
    >
    >Ewido Security Suite Trial version
    >http://www.pcbutts1.com/downloads/ewidosetup.exe
    >
    >Microsoft Windows AntiSpyware (Beta1)
    >http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
    >
    Thanks, Jose and pcbutts1 !!

    I ran Spybot-S&D, and it found several istances of nasties on my computer, which
    I deleted.
    However, the start up manager still showed some instances of the same malware.
    I D/L'd and installed EWIDO - It found some (more?) malware.
    Now, my faith in Spybot-S&D is shaken.
    Question # 1: Should I spend the $ 30 (US) to get EWIDO? or would it also miss
    certain malware files which a $ 40 or $ 50 program would find?

    Question # 2: Every so often, Bill Gates reminds me that my Windows Firewall
    is not activated.
    I know that - I have a router and consider its firewall sufficient.
    Hoevever: What is/are the (dis)advantage(s) of having Windows Firewall
    activated along with the router?

    Thanks!

    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
  4. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    On Sat, 17 Sep 2005 15:11:57 -0400, "John <><" <nospam@nospam.ca> wrote:

    >
    >I ran Spybot-S&D, and it found several istances of nasties on my computer, which
    >I deleted.
    >However, the start up manager still showed some instances of the same malware.
    >I D/L'd and installed EWIDO - It found some (more?) malware.
    >Now, my faith in Spybot-S&D is shaken.
    >Question # 1: Should I spend the $ 30 (US) to get EWIDO? or would it also miss
    >certain malware files which a $ 40 or $ 50 program would find?
    >
    >Question # 2: Every so often, Bill Gates reminds me that my Windows Firewall
    >is not activated.
    >I know that - I have a router and consider its firewall sufficient.
    >Hoevever: What is/are the (dis)advantage(s) of having Windows Firewall
    >activated along with the router?
    >
    I ran Spybot-S&D. It found a lot of nasties, and removed them.
    It removed all but two references to "MyWebSearch" from the startup manager.
    I ran EWIDO. It found and removed a whole slew more of nasties.
    However, the two references to "MyWebSearch" are still in the startup manager.
    I ran "Spyware Doctor" - it told me there are six spyware files on my nachine -
    none of them called "MyWebSearch". However, it won't remove them unless you buy
    the program first.
    The reference to "MyWebSearch" in the startup manager is still there.

    Is there one program that will remove *all* the garbage? Can I afford it?

    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
  5. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Hi John,

    Looks you got a case of spyware/malware/adware. I suggest you read my quick
    article about how to delete and remove spyware from your system. Take at
    look (URL) - http://www.xpsource.com/security/removing-spyware/

    Hope this helps!

    --
    Best of luck,

    Jose Francisco
    jose@xpsource.com or josefarrugia@gmail.com
    XPSource - http://www.xpsource.com

    "John <><" <nospam@nospam.ca> wrote in message
    news:umfoi1puigmhuafr94g5r0pq888fgce9o6@4ax.com...
    > When I look at Start-Up, there are entries like "My WebSearch Email
    > Plugin"
    > and they are supposed to start from
    > "C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE"
    >
    > But when I use Windows Explorer to look in the C:\Program Filse folder,
    > I can not find the folder "MyWebSearch".
    > Under "Tools" "Folder Options" "File Type" I have the "Show hidden files
    > and
    > folders" turned on (radio button selected).
    >
    > Also can't find MWSOEMON in the registry.
    >
    > Help, anyone?
    >
    > Thanks!
    >
    > John <><
    >
    > A wise monkey is a monkey who doesn't monkey
    > with an other monkey's monkey.
  6. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    On Sat, 17 Sep 2005 14:01:45 -0400, "Nepatsfan" <nepatsfan@SBXXXIX.com> wrote:


    >Run any antispyware scans lately? Spybot S &D? AdAware?
    >Microsoft Anti Spyware Beta?
    >
    I do so regularly; I also have Spyware Blater running all the time.
    Unfortunately, I found that Spybot-S&D is not doing the job I trusted it to do.

    Trend Micro Anti-Spyware seems to have done the job.

    Thanks to all who offered helpful suggesttions!


    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
  7. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    John <>< wrote:
    > On Sat, 17 Sep 2005 14:01:45 -0400, "Nepatsfan"
    > <nepatsfan@SBXXXIX.com> wrote:
    >
    >
    >> Run any antispyware scans lately? Spybot S &D? AdAware?
    >> Microsoft Anti Spyware Beta?
    >>
    > I do so regularly; I also have Spyware Blater running all
    > the time. Unfortunately, I found that Spybot-S&D is not
    > doing the job I trusted it to do.
    >
    > Trend Micro Anti-Spyware seems to have done the job.
    >
    > Thanks to all who offered helpful suggesttions!
    >
    >
    > John <><
    >
    > A wise monkey is a monkey who doesn't monkey
    > with an other monkey's monkey.

    You're welcome. Thanks for letting us know you got it fixed.

    And, since no one answered your earlier question about the
    Windows Firewall, I'll offer my opinion. The main advantage of
    running a software firewall is that it allows the user to have
    some control over internet access. That said, the Windows
    Firewall would not be my first choice since it doesn't monitor
    outbound activity. Here are a few free firewall programs that
    will do the job:

    Zone Alarm
    http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

    Sygate Personal Firewall
    http://smb.sygate.com/products/spf_standard.htm

    Kerio Personal Firewall
    http://www.kerio.com/kpf_download.html

    Here's an article that does a pretty good job of explaining why
    running a software firewall is a good idea even if your system
    is behing a router:

    Should I run a software firewall behind my NAT router?
    http://www.dslreports.com/faq/4629

    Nepatsfan
  8. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Ewido is worth buying. To remove the start up entry I need to see your HJT
    log so I can tell you what to have it fix.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "John <><" <nospam@nospam.ca> wrote in message
    news:ibvoi1tpti6ncu0t1jvh0ojsj80lp9cktf@4ax.com...
    > On Sat, 17 Sep 2005 15:11:57 -0400, "John <><" <nospam@nospam.ca> wrote:
    >
    >>
    >>I ran Spybot-S&D, and it found several istances of nasties on my computer,
    >>which
    >>I deleted.
    >>However, the start up manager still showed some instances of the same
    >>malware.
    >>I D/L'd and installed EWIDO - It found some (more?) malware.
    >>Now, my faith in Spybot-S&D is shaken.
    >>Question # 1: Should I spend the $ 30 (US) to get EWIDO? or would it
    >>also miss
    >>certain malware files which a $ 40 or $ 50 program would find?
    >>
    >>Question # 2: Every so often, Bill Gates reminds me that my Windows
    >>Firewall
    >>is not activated.
    >>I know that - I have a router and consider its firewall sufficient.
    >>Hoevever: What is/are the (dis)advantage(s) of having Windows Firewall
    >>activated along with the router?
    >>
    > I ran Spybot-S&D. It found a lot of nasties, and removed them.
    > It removed all but two references to "MyWebSearch" from the startup
    > manager.
    > I ran EWIDO. It found and removed a whole slew more of nasties.
    > However, the two references to "MyWebSearch" are still in the startup
    > manager.
    > I ran "Spyware Doctor" - it told me there are six spyware files on my
    > nachine -
    > none of them called "MyWebSearch". However, it won't remove them unless
    > you buy
    > the program first.
    > The reference to "MyWebSearch" in the startup manager is still there.
    >
    > Is there one program that will remove *all* the garbage? Can I afford it?
    >
    > John <><
    >
    > A wise monkey is a monkey who doesn't monkey
    > with an other monkey's monkey.
  9. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    On Sun, 18 Sep 2005 01:40:31 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

    >Ewido is worth buying. To remove the start up entry I need to see your HJT
    >log so I can tell you what to have it fix.

    Actually, Trend Micro Anti-Spyware removed it OK.
    Ewido didn't, and Spyware Doctor won't let you try and remove anything unless
    you buy it first.
    I'm sort-of leaning towards getting Trend Micro Anti-Spyware


    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
  10. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    On Sun, 18 Sep 2005 01:40:31 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

    >Ewido is worth buying. To remove the start up entry I need to see your HJT
    >log so I can tell you what to have it fix.

    OK - I have run several programs, and pretty well cleaned out my computer
    (I think and hope).

    I realize the only way to know for sure is to wipe everything, and start from
    scratch.
    I have done this before, but am not quite ready to do this now.

    One program (Spyware Doctor) tells me that I have two entries to be concerned
    about: " HKCR\.b3d " and " HKCR\.b3d ## " (note there's a "dot" in these
    names). It tellls me it's a medium risk thing, installed "silently" by
    "Brilliant Digital Entertainment with older versions of KaZaa".
    I have never used KAZAA or any other music or file-sharing program.

    Incidentally, as an aside, I have been using "idisk utilities for Windows" but
    right now (and for the last few days - probably since I acquired all this
    garbage) it will not work I tried it from my wife's computer, and it works fine
    (proving I am using the correct log-in and password).
    I notice the entry from my "windows/sys32/drivers/etc/host" file is in the
    hijackthis log. Coincidence?

    The log follows:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:22:36, on 09/19/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    D:\Program Files\LanLight\LanLight.exe
    D:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
    D:\TOOLS\Systools\TMAS\Tmas.exe
    D:\TOOLS\OnLineTools\FireTrust\MailWasher Pro\MailWasher.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Handspring\HOTSYNC.EXE
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    D:\Program Files\Agent\agent.exe
    C:\Install\HijackThis\HijackThis.exe

    O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com
    idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com
    idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com
    idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com
    idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com
    idisk23.mac.com idisk24.mac.com idisk25.mac.com
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    D:\TOOLS\Systools\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Dimension4] D:\TOOLS\OnLineTools\D4\D4.exe
    O4 - HKLM\..\RunServices: [MOSearch]
    C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: MailWasherPro.lnk = D:\TOOLS\OnLineTools\FireTrust\MailWasher
    Pro\MailWasher.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
    O4 - Global Startup: LanLight.lnk = D:\Program Files\LanLight\LanLight.exe
    O4 - Global Startup: Firefox Preloader.lnk = D:\Program
    Files\FirefoxPreloader\FirefoxPreloader.exe
    O4 - Global Startup: Trend Micro Anti-Spyware.lnk =
    D:\TOOLS\Systools\TMAS\Tmas.exe
    O8 - Extra context menu item: &eBay Search - res://D:\Program Files\eBay\eBay
    Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Search -
    http://bar.mywebsearch.com/menusearch.html?p=ZH
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
    Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    (file missing)
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
    http://housecall60.trendmicro.com/housecall/xscan60.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
    Domain = sympatico.ca
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
    NameServer = 209.226.175.223,192.168.0.1,4.2.2.2
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
  11. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Have HJT fix the following lines by placing a check mark next to each line
    in HJT then click on the fix checked button on the bottom. Once that is done
    then download this hosts file. I have created a self extracting zip file
    which will automatically replace your hosts file.
    http://www.pcbutts1.com/downloads/hosts.exe

    O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com
    idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com
    idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com
    idisk12.mac.com
    idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com
    idisk17.mac.com
    idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com
    idisk22.mac.com
    idisk23.mac.com idisk24.mac.com idisk25.mac.com
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O4 - HKLM\..\RunServices: [MOSearch]
    C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
    O8 - Extra context menu item: &Search -
    http://bar.mywebsearch.com/menusearch.html?p=ZH
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    (file missing)


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "John <><" <nospam@nospam.ca> wrote in message
    news:uqpui1hldpqkepb3o54710la9sp44stud6@4ax.com...
    > On Sun, 18 Sep 2005 01:40:31 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:
    >
    >>Ewido is worth buying. To remove the start up entry I need to see your HJT
    >>log so I can tell you what to have it fix.
    >
    >
  12. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    On Tue, 20 Sep 2005 02:23:32 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

    >Have HJT fix the following lines by placing a check mark next to each line
    >in HJT then click on the fix checked button on the bottom.

    Done

    >Once that is done
    >then download this hosts file. I have created a self extracting zip file
    >which will automatically replace your hosts file.
    >http://www.pcbutts1.com/downloads/hosts.exe

    Done

    Tried to use idisk utility -
    Message: "Idisk Utilities requires additional entries into your host file"
    I clicked "OK" the "Idisk Utility for XP" comes up - I enter the iDisk account
    and password. The progression bar stopd halfway, with the message
    "iDisk Utility failed to mount your Disk" (the same as it was before I had HJT
    remove the lines you instructed.

    This is my current HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 23:19:34, on 09/19/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    D:\Program Files\LanLight\LanLight.exe
    D:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\TOOLS\Systools\TMAS\Tmas.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\TOOLS\OnLineTools\FireTrust\MailWasher Pro\MailWasher.exe
    C:\Program Files\Handspring\HOTSYNC.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    D:\Program Files\Agent\agent.exe
    C:\Install\HijackThis\HijackThis.exe

    O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com
    idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com
    idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com
    idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com
    idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com
    idisk23.mac.com idisk24.mac.com idisk25.mac.com
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    D:\TOOLS\Systools\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Dimension4] D:\TOOLS\OnLineTools\D4\D4.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: MailWasherPro.lnk = D:\TOOLS\OnLineTools\FireTrust\MailWasher
    Pro\MailWasher.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
    O4 - Global Startup: LanLight.lnk = D:\Program Files\LanLight\LanLight.exe
    O4 - Global Startup: Firefox Preloader.lnk = D:\Program
    Files\FirefoxPreloader\FirefoxPreloader.exe
    O4 - Global Startup: Trend Micro Anti-Spyware.lnk =
    D:\TOOLS\Systools\TMAS\Tmas.exe
    O8 - Extra context menu item: &eBay Search - res://D:\Program Files\eBay\eBay
    Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
    Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
    http://housecall60.trendmicro.com/housecall/xscan60.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
    Domain = sympatico.ca
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
    NameServer = 209.226.175.223,192.168.0.1,4.2.2.2
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
  13. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Do you have a membership at .mac? If you don't then set one up here
    http://www.apple.com/dotmac/ if you do then
    Try this

    1. Go to your explorer file menu and choose "Open"
    2. Type in "http://idisk.mac.com/username/"
    3. Select "Open As Web Folder"
    Does it let you in?

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "John <><" <nospam@nospam.ca> wrote in message
    news:h50vi1tj1gf8vlortuk7fu7qb4min83b90@4ax.com...
    > On Tue, 20 Sep 2005 02:23:32 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:
    >
    >>Have HJT fix the following lines by placing a check mark next to each line
    >>in HJT then click on the fix checked button on the bottom.
    >
    > Done
    >
    >>Once that is done
    >>then download this hosts file. I have created a self extracting zip file
    >>which will automatically replace your hosts file.
    >>http://www.pcbutts1.com/downloads/hosts.exe
    >
    > Done
    >
    > Tried to use idisk utility -
    > Message: "Idisk Utilities requires additional entries into your host file"
    > I clicked "OK" the "Idisk Utility for XP" comes up - I enter the iDisk
    > account
    > and password. The progression bar stopd halfway, with the message
    > "iDisk Utility failed to mount your Disk" (the same as it was before I
    > had HJT
    > remove the lines you instructed.
    >
    > This is my current HJT log:
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 23:19:34, on 09/19/2005
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    > C:\WINDOWS\system32\ctfmon.exe
    > C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    > D:\Program Files\LanLight\LanLight.exe
    > D:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
    > C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    > D:\TOOLS\Systools\TMAS\Tmas.exe
    > C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    > D:\TOOLS\OnLineTools\FireTrust\MailWasher Pro\MailWasher.exe
    > C:\Program Files\Handspring\HOTSYNC.EXE
    > C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    > C:\WINDOWS\system32\svchost.exe
    > D:\Program Files\Mozilla Firefox\firefox.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\system32\wbem\wmiapsrv.exe
    > D:\Program Files\Agent\agent.exe
    > C:\Install\HijackThis\HijackThis.exe
    >
    > O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com
    > idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com
    > idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com
    > idisk12.mac.com
    > idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com
    > idisk17.mac.com
    > idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com
    > idisk22.mac.com
    > idisk23.mac.com idisk24.mac.com idisk25.mac.com
    > O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    > C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    > D:\TOOLS\Systools\Spybot - Search & Destroy\SDHelper.dll
    > O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    > C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    > O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    > O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    > /STARTUP
    > O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    > O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    > O4 - HKLM\..\Run: [Dimension4] D:\TOOLS\OnLineTools\D4\D4.exe
    > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    > O4 - Startup: MailWasherPro.lnk =
    > D:\TOOLS\OnLineTools\FireTrust\MailWasher
    > Pro\MailWasher.exe
    > O4 - Startup: HotSync Manager.lnk = C:\Program
    > Files\Handspring\HOTSYNC.EXE
    > O4 - Global Startup: LanLight.lnk = D:\Program Files\LanLight\LanLight.exe
    > O4 - Global Startup: Firefox Preloader.lnk = D:\Program
    > Files\FirefoxPreloader\FirefoxPreloader.exe
    > O4 - Global Startup: Trend Micro Anti-Spyware.lnk =
    > D:\TOOLS\Systools\TMAS\Tmas.exe
    > O8 - Extra context menu item: &eBay Search - res://D:\Program
    > Files\eBay\eBay
    > Toolbar2\eBayTb.dll/RCSearch.html
    > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
    > Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    > D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    > O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
    > http://housecall60.trendmicro.com/housecall/xscan60.cab
    > O17 -
    > HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
    > Domain = sympatico.ca
    > O17 -
    > HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
    > NameServer = 209.226.175.223,192.168.0.1,4.2.2.2
    > O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
    > C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    > O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
    > C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    > O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    >
    >
    >
    > John <><
    >
    > A wise monkey is a monkey who doesn't monkey
    > with an other monkey's monkey.
  14. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    I'm afraid I have to own up to my ignorance here . . . .

    On Tue, 20 Sep 2005 15:44:51 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

    >Do you have a membership at .mac?

    Not personally, but I have a log-in and password

    > If you don't then set one up here
    >http://www.apple.com/dotmac/

    I did (a 60-day trial one).


    > if you do then
    >Try this
    >
    >1. Go to your explorer file menu and choose "Open"

    Tis is where I'm lost. Do you mean "Windows Explorer"?
    If so, where do I choose "open"?


    >2. Type in "http://idisk.mac.com/username/"
    >3. Select "Open As Web Folder"
    >Does it let you in?


    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
  15. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    I'm a Firefox person, and did not at first think you might mean MS IE.
    But, I tried that.

    On Tue, 20 Sep 2005 15:44:51 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

    >Do you have a membership at .mac? If you don't then set one up here
    >http://www.apple.com/dotmac/ if you do then
    >Try this
    >
    >1. Go to your explorer file menu and choose "Open"
    >2. Type in "http://idisk.mac.com/username/"
    >3. Select "Open As Web Folder"
    >Does it let you in?


    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
  16. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    OK - I did not think you would mean Internet Explorer (I'm a Firefox user).

    On Tue, 20 Sep 2005 15:44:51 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

    >Do you have a membership at .mac? If you don't then set one up here
    >http://www.apple.com/dotmac/ if you do then
    >Try this
    >
    >1. Go to your explorer file menu and choose "Open"
    >2. Type in "http://idisk.mac.com/username/"
    >3. Select "Open As Web Folder"
    >Does it let you in?

    Yes it does.


    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
  17. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    While logged into the site try your idisk but make sure you are logged in
    using Explorer or IE I really don't think it matters but not Firefox.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "John <><" <nospam@nospam.ca> wrote in message
    news:a8r0j11qb544cucuglli7rml3k1t2ai4r7@4ax.com...
    > OK - I did not think you would mean Internet Explorer (I'm a Firefox
    > user).
    >
    > On Tue, 20 Sep 2005 15:44:51 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:
    >
    >>Do you have a membership at .mac? If you don't then set one up here
    >>http://www.apple.com/dotmac/ if you do then
    >>Try this
    >>
    >>1. Go to your explorer file menu and choose "Open"
    >>2. Type in "http://idisk.mac.com/username/"
    >>3. Select "Open As Web Folder"
    >>Does it let you in?
    >
    > Yes it does.
    >
    >
    > John <><
    >
    > A wise monkey is a monkey who doesn't monkey
    > with an other monkey's monkey.
  18. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    On Tue, 20 Sep 2005 21:26:21 GMT, "pcbutts1" <pcbutts1@seedsv.com> wrote:

    >While logged into the site try your idisk but make sure you are logged in
    >using Explorer or IE I really don't think it matters but not Firefox.

    Well this is a weird one.
    I went to http://idisk.mac.com/username
    That works OK. - I can see the files.

    I minimized that page, tried to log in using idisk utility - no go.

    I'm not sure if this ties in with the malware I had on the machine, although it
    seems to have started about the same time.
    Everything else seems to behave OK - several programs (except Spyware Doctor)
    can not find anything that should not be there,
    (repeated from an earlier post: One program (Spyware Doctor) tells me that I
    have two entries to be concerned about: " HKCR\.b3d " and " HKCR\.b3d ## "
    (note there's a "dot" in these names). It tellls me it's a medium risk thing,
    installed "silently" by "Brilliant Digital Entertainment with older versions of
    KaZaa".
    I have never used KAZAA or any other music or file-sharing program.)

    Bottom line - I may have to break down and reinstall Windows - other solutions
    seem to elude us.

    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
Ask a new question

Read More

Mywebsearch Windows XP