Sign-in / Sign-up
Your question

Spyware?

Tags:
  • Computers
  • Spyware
  • Windows XP
Last response: in Windows XP
August 31, 2005 11:49:02 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Ive got a problem with my computer, every time it connects to the internet it
stays a while then cuts.After it also has this software on add or remove
programs called winxpwebfldrs, after it sometimes said windows has occured a
serious error.this is very annoying,

If theres any programs or something to make my computer at a healthy
performance please reply

More about : spyware

Anonymous
August 31, 2005 11:57:05 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

As I recall, that is a piece of spyware. Spyware hunting is a specialized
issue because it changes so much.

I'd recommend downloading the MS AntiSpyware Beta and installing it on your
system. For assistance in removing spyware, I'd suggest the following 2
resources:

http://help.lockergnome.com - click on the Problem Solvers sub-forum about ½
way down the page.

http://www.spywareinfo.org - the source for the training for most of the
folks in the above forum

"Ian" wrote:

> Ive got a problem with my computer, every time it connects to the internet it
> stays a while then cuts.After it also has this software on add or remove
> programs called winxpwebfldrs, after it sometimes said windows has occured a
> serious error.this is very annoying,
>
> If theres any programs or something to make my computer at a healthy
> performance please reply
Anonymous
August 31, 2005 8:11:08 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Download, install, update and run all of the following.

Ad-Aware
http://www.pcbutts1.com/downloads/aawsepersonal.exe

Spybot search and destroy
http://www.pcbutts1.com/downloads/spybotsd14.exe

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

Microsoft Windows AntiSpyware (Beta1)
http://www.microsoft.com/downloads/details.aspx?FamilyI...

If none of the above fixes the issue then download Hijack this, run it, save
a copy of the log file and cut and paste it back here to this group so that
I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
to see it not them.


HijackThis
http://www.pcbutts1.com/downloads/HijackThis.zip

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Ian" <Ian@discussions.microsoft.com> wrote in message
news:E9896229-CA9F-483A-9E81-73B58697B786@microsoft.com...
> Ive got a problem with my computer, every time it connects to the internet
> it
> stays a while then cuts.After it also has this software on add or remove
> programs called winxpwebfldrs, after it sometimes said windows has occured
> a
> serious error.this is very annoying,
>
> If theres any programs or something to make my computer at a healthy
> performance please reply
Related resources
Can't find your answer ? Ask !
Anonymous
August 31, 2005 8:11:09 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"pcbutts1" wrote:

> Download, install, update and run all of the following.
>
> Ad-Aware
> http://www.pcbutts1.com/downloads/aawsepersonal.exe
>
> Spybot search and destroy
> http://www.pcbutts1.com/downloads/spybotsd14.exe
>
> Ewido Security Suite Trial version
> http://www.pcbutts1.com/downloads/ewidosetup.exe
>
> Microsoft Windows AntiSpyware (Beta1)
> http://www.microsoft.com/downloads/details.aspx?FamilyI...
>
> If none of the above fixes the issue then download Hijack this, run it, save
> a copy of the log file and cut and paste it back here to this group so that
> I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
> to see it not them.
>
>
> HijackThis
> http://www.pcbutts1.com/downloads/HijackThis.zip
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "Ian" <Ian@discussions.microsoft.com> wrote in message
> news:E9896229-CA9F-483A-9E81-73B58697B786@microsoft.com...
> > Ive got a problem with my computer, every time it connects to the internet
> > it
> > stays a while then cuts.After it also has this software on add or remove
> > programs called winxpwebfldrs, after it sometimes said windows has occured
> > a
> > serious error.this is very annoying,
> >
> > If theres any programs or something to make my computer at a healthy
> > performance please reply
>

> > Logfile of HijackThis v1.99.1
Scan saved at 10:36:58 AM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Here is mine so if you can help me that would be great cause I keep getting
a blue screen that keeps doing dumps and each one of them say different
things.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\MARSHA~1\LOCALS~1\Temp\Temporary Directory 1 for
HijackThis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank (file
missing)
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank (file
missing)
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
Nik'ole\Application Data\woet.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink
TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.yugioh-deck.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
http://entimg.msn.com/client/msnmusax2729.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{6FF45968-FC5F-405E-A24F-4B2A7828E486}:
NameServer = 66.93.87.2,216.231.41.2
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program
Files\Prime95\prime95.exe (file missing)
Anonymous
August 31, 2005 8:11:09 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"pcbutts1" wrote:

> Download, install, update and run all of the following.
>
> Ad-Aware
> http://www.pcbutts1.com/downloads/aawsepersonal.exe
>
> Spybot search and destroy
> http://www.pcbutts1.com/downloads/spybotsd14.exe
>
> Ewido Security Suite Trial version
> http://www.pcbutts1.com/downloads/ewidosetup.exe
>
> Microsoft Windows AntiSpyware (Beta1)
> http://www.microsoft.com/downloads/details.aspx?FamilyI...
>
> If none of the above fixes the issue then download Hijack this, run it, save
> a copy of the log file and cut and paste it back here to this group so that
> I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
> to see it not them.
>
>
> HijackThis
> http://www.pcbutts1.com/downloads/HijackThis.zip

What does this logfile tell you, Please?

Logfile of HijackThis v1.99.1
Scan saved at 3:42:33 PM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BullGuard Software\BullGuard\BgUpdSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\AT&T Worldnet Accelerator\PropelAC.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE
C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\HJT\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by AT&T Worldnet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Local Spool Net support DLL -
{4E7BD750-2C8E-469B-C1E2-F063C081BF33} - c:\windows\system32\localsplnet.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN
Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -
C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup
Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\AT&T Worldnet
Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser
Pro\te.exe min
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard
Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: Swebexec.lnk = F:\Program Files\Webshots\Swebexec.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program
Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program
Files\AT&T Worldnet Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality -
C:\Program Files\AT&T Worldnet Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144
- {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://www.msnusers.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
http://www.gamespot.com/KDX/download/kdx.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{904177BF-5785-4D59-886D-BC3912283139}:
NameServer = 12.102.244.1 204.127.129.3
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program
Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: BullGuard LiveUpdate Service (BGLiveSvc) - BullGuard, Ltd. -
C:\Program Files\BullGuard Software\BullGuard\BgUpdSvc.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION -
C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program
Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
August 31, 2005 8:44:23 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"usasma" <usasma@discussions.microsoft.com> wrote in message
news:FDA75F51-3D21-49B2-8C4A-7F9667190DD1@microsoft.com...
> As I recall, that is a piece of spyware. Spyware hunting is a specialized
> issue because it changes so much.
>
> I'd recommend downloading the MS AntiSpyware Beta and installing it on
> your
> system. For assistance in removing spyware, I'd suggest the following 2
> resources:



I would recommend NOT downloading the MS Anti-spyware software - it is Beta
and not something you want to be trying out at a time of need. Download
Spyboat S&D.

If you cannot stay connected for long eneough you may need to terminate the
spyware process that is running in the background. To do this bring up the
task manager with ctrl+alt+del, look in the applications and processes tabs
for winxpwebfldrs - for each occurance select the item and click end task /
end process as appropriate. This will stop the spyware running and allow
your connection to be stable for at least long enough to downlaod the
anti-spyware software.

Andy
Anonymous
August 31, 2005 8:44:24 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"Andrew" <andrewportess@nospamhotmail.com> wrote:

>
>"usasma" <usasma@discussions.microsoft.com> wrote in message
>news:FDA75F51-3D21-49B2-8C4A-7F9667190DD1@microsoft.com...
>> As I recall, that is a piece of spyware. Spyware hunting is a specialized
>> issue because it changes so much.
>>
>> I'd recommend downloading the MS AntiSpyware Beta and installing it on
>> your
>> system. For assistance in removing spyware, I'd suggest the following 2
>> resources:
>
>
>
>I would recommend NOT downloading the MS Anti-spyware software - it is Beta
>and not something you want to be trying out at a time of need. Download
>Spyboat S&D.
>

While it is true that the Microsoft Antispyware is still a Beta
version, it is also true that it is always in the top 3 category on
any independent comparative test of antispyware products.

I have no reservations about using it or suggesting it to other users.

Spybot S&D has been a good product, but more recently it has been
plagued with serious "false positive" issues which have caused
problems for a number of users. Most recently is has been falsely
identifying the Microsoft RDP Client Control as malware.


Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm
Anonymous
August 31, 2005 10:48:48 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In article <h1ubh1520macq5r9nju1s4g601vqafg04i@4ax.com>,
ron.martell@gmail.com says...
> While it is true that the Microsoft Antispyware is still a Beta
> version, it is also true that it is always in the top 3 category on
> any independent comparative test of antispyware products.

And the generally accepted method is to NOT use Beta software on any
machine you care about.

SBS&D and AdAwareSE and quality AV software, when run in Safe Mode, is a
good choice for most items - manual editing of the registry can also be
good if one is capable.

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
August 31, 2005 11:08:44 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

You have at least 3 viruses. Have hijackthis fix the following lines, get
antivirus www.avast.com software and run a full and complete scan. Your
current antivirus is not working and has been disabled probably by the
virus.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank (file
missing)
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank (file
missing)
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
PestPatrol\PPActiveDetection.exe"
O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
Nik'ole\Application Data\woet.exe
O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
http://entimg.msn.com/client/msnmusax2729.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Prime95 Service - Unknown owner - C:\Program
Files\Prime95\prime95.exe (file missing)



--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"bocher" <bocher@discussions.microsoft.com> wrote in message
news:E8E9E181-20E9-4C9C-92DD-BEB86543C5BF@microsoft.com...
>
>
Anonymous
August 31, 2005 11:08:45 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"pcbutts1" <pcbutts1@seedsv.com> wrote in message
news:0fnRe.12$ua1.2@newssvr21.news.prodigy.com...
> You have at least 3 viruses.

## Which are the viruses?

Have hijackthis fix the following lines,

## Which following lines? You didn't point out any that I can see and I'm
trying to learn. :-))

get
> antivirus www.avast.com software and run a full and complete scan. Your
> current antivirus is not working and has been disabled probably by the
> virus.

## Can we disable Norton to run this AV software on a Norton protected
machine, or do we have to UNINSTALL Norton (including keys it leaves in the
registry?)

FS~
>
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.mail.yahoo.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
> O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank
> (file
> missing)
> O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank
> (file
> missing)
> O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
> O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
> Files\MoodLogic\Service\Updater.exe
> O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\PhilipsRemote.exe
> O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
> 2000\Pop3trap.exe"
> O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
> 2000\WebTrapNT.exe"
> O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
> O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
> O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
> O4 - HKLM\..\Run: [EarthLink Installer] " /C
> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
> O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
> O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
> O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
> O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
> PestPatrol\PPActiveDetection.exe"
> O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
> Nik'ole\Application Data\woet.exe
> O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
> O4 - Global Startup: Microsoft Office.lnk.disabled
> O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
> http://entimg.msn.com/client/msnmusax2729.cab
> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
> http://chat.msn.com/bin/msnchat45.cab
> O23 - Service: Prime95 Service - Unknown owner - C:\Program
> Files\Prime95\prime95.exe (file missing)
>
Anonymous
August 31, 2005 11:08:45 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"pcbutts1" wrote:

> You have at least 3 viruses. Have hijackthis fix the following lines, get
> antivirus www.avast.com software and run a full and complete scan. Your
> current antivirus is not working and has been disabled probably by the
> virus.
>
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.mail.yahoo.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
> O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank (file
> missing)
> O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank (file
> missing)
> O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
> O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
> Files\MoodLogic\Service\Updater.exe
> O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
> Jukebox\PhilipsRemote.exe
> O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
> 2000\Pop3trap.exe"
> O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
> 2000\WebTrapNT.exe"
> O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
> O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
> O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
> O4 - HKLM\..\Run: [EarthLink Installer] " /C
> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
> O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
> O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
> O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
> O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
> PestPatrol\PPActiveDetection.exe"
> O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
> Nik'ole\Application Data\woet.exe
> O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
> O4 - Global Startup: Microsoft Office.lnk.disabled
> O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
> http://entimg.msn.com/client/msnmusax2729.cab
> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
> http://chat.msn.com/bin/msnchat45.cab
> O23 - Service: Prime95 Service - Unknown owner - C:\Program
> Files\Prime95\prime95.exe (file missing)
>
>
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "bocher" <bocher@discussions.microsoft.com> wrote in message
> news:E8E9E181-20E9-4C9C-92DD-BEB86543C5BF@microsoft.com...
> >
> >
> can you single out the three lines for me thanks.
>
>
Anonymous
September 1, 2005 12:48:16 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

What? My reply was to bocher who posted his log not you. Are you the same
person.? Do not follow my advice or any advice unless I directly reply to
your post.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"~ FreeSpirit ~" <spammenot@nospam.net> wrote in message
news:%23888iomrFHA.1028@TK2MSFTNGP12.phx.gbl...
>
> "pcbutts1" <pcbutts1@seedsv.com> wrote in message
> news:0fnRe.12$ua1.2@newssvr21.news.prodigy.com...
>> You have at least 3 viruses.
>
> ## Which are the viruses?
>
> Have hijackthis fix the following lines,
>
> ## Which following lines? You didn't point out any that I can see and I'm
> trying to learn. :-))
>
> get
>> antivirus www.avast.com software and run a full and complete scan. Your
>> current antivirus is not working and has been disabled probably by the
>> virus.
>
> ## Can we disable Norton to run this AV software on a Norton protected
> machine, or do we have to UNINSTALL Norton (including keys it leaves in
> the registry?)
>
> FS~
>>
>>
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
>> http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
>> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
>> http://www.mail.yahoo.com/
>> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
>> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
>> O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank
>> (file
>> missing)
>> O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank
>> (file
>> missing)
>> O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
>> O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
>> Files\MoodLogic\Service\Updater.exe
>> O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
>> Jukebox\PhilipsRemote.exe
>> O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
>> 2000\Pop3trap.exe"
>> O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
>> 2000\WebTrapNT.exe"
>> O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
>> O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
>> O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
>> O4 - HKLM\..\Run: [EarthLink Installer] " /C
>> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
>> O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
>> O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
>> O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
>> O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
>> PestPatrol\PPActiveDetection.exe"
>> O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
>> Nik'ole\Application Data\woet.exe
>> O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
>> O4 - Global Startup: Microsoft Office.lnk.disabled
>> O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
>> http://entimg.msn.com/client/msnmusax2729.cab
>> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
>> 4.5) -
>> http://chat.msn.com/bin/msnchat45.cab
>> O23 - Service: Prime95 Service - Unknown owner - C:\Program
>> Files\Prime95\prime95.exe (file missing)
>>
>
Anonymous
September 1, 2005 1:25:16 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Bullguard is installed by P2P software right along with spyware. You should
remove it and use Zone Alarm for your firewall and Avast for your Antivirus
http://www.avast.com . Letting hjt fix the files below will disable it not
uninstall it. It's your choice, I don't trust it. Use add/remove programs to
uninstall it. ZA is all you need. The BHO listed below is a remnant of the
CWS Coolwebsearch malware at it should be removed/fixed by HJT. The same for
R3.



R3 - Default URLSearchHook is missing

O2 - BHO: Local Spool Net support DLL -
{4E7BD750-2C8E-469B-C1E2-F063C081BF33} - c:\windows\system32\localsplnet.dll

O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard
Software\BullGuard\BullGuard.exe"

O23 - Service: BullGuard LiveUpdate Service (BGLiveSvc) - BullGuard, Ltd. -
C:\Program Files\BullGuard Software\BullGuard\BgUpdSvc.exe


--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Boat Dr" <BoatDr@discussions.microsoft.com> wrote in message
news:6135287D-6916-4A04-BD6F-6F9E1095CECA@microsoft.com...
>
>
> "pcbutts1" wrote:
>
>> Download, install, update and run all of the following.
>>
>> Ad-Aware
>> http://www.pcbutts1.com/downloads/aawsepersonal.exe
>>
>> Spybot search and destroy
>> http://www.pcbutts1.com/downloads/spybotsd14.exe
>>
>> Ewido Security Suite Trial version
>> http://www.pcbutts1.com/downloads/ewidosetup.exe
>>
>> Microsoft Windows AntiSpyware (Beta1)
>> http://www.microsoft.com/downloads/details.aspx?FamilyI...
>>
>> If none of the above fixes the issue then download Hijack this, run it,
>> save
>> a copy of the log file and cut and paste it back here to this group so
>> that
>> I can analyze it. Ignore anyone who tells you to post it elsewhere. I
>> need
>> to see it not them.
>>
>>
>> HijackThis
>> http://www.pcbutts1.com/downloads/HijackThis.zip
>
> What does this logfile tell you, Please?
>
> Logfile of HijackThis v1.99.1
> Scan saved at 3:42:33 PM, on 8/31/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\BullGuard Software\BullGuard\BgUpdSvc.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
> C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Startup Mechanic\StartupMonitor.exe
> C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
> C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
> C:\Program Files\AT&T Worldnet Accelerator\PropelAC.exe
> C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
> C:\PROGRA~1\Webshots\webshots.scr
> C:\WINDOWS\system32\rundll32.exe
> C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
> C:\WINDOWS\system32\hpoipm07.exe
> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE
> C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
> C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1.EXE
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\WINDOWS\system32\wuauclt.exe
> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
> C:\WINDOWS\system32\taskmgr.exe
> C:\HJT\hijackthis.exe
>
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.att.net
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
> Microsoft
> Internet Explorer provided by AT&T Worldnet Service
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyServer = http=localhost:8080
> R3 - Default URLSearchHook is missing
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
> O2 - BHO: Local Spool Net support DLL -
> {4E7BD750-2C8E-469B-C1E2-F063C081BF33} -
> c:\windows\system32\localsplnet.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
> Files\MSN
> Apps\ST\01.03.0000.1005\en-xu\stmain.dll
> O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
> C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
> O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
> Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
> O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -
> C:\Program Files\ICQToolbar\toolbaru.dll
> O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup
> Mechanic\StartupMonitor.exe
> O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\AT&T Worldnet
> Accelerator\trayctl.exe" /STARTUPLAUNCH
> O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks
> Eraser
> Pro\te.exe min
> O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard
> Software\BullGuard\BullGuard.exe"
> O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
> O4 - Startup: Swebexec.lnk = F:\Program Files\Webshots\Swebexec.exe
> O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
> O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program
> Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office10\OSA.EXE
> O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
> Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
> O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program
> Files\AT&T Worldnet Accelerator\pac-page.html
> O8 - Extra context menu item: Refresh Pi&cture with Full Quality -
> C:\Program Files\AT&T Worldnet Accelerator\pac-image.html
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
> O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
> C:\Program Files\ICQ\ICQ.exe
> O9 - Extra 'Tools' menuitem: ICQ -
> {6224f700-cba3-4071-b251-47cb894244cd} -
> C:\Program Files\ICQ\ICQ.exe
> O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
> C:\Program Files\ICQLite\ICQLite.exe
> O9 - Extra 'Tools' menuitem: ICQ Lite -
> {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program
> Files\ICQLite\ICQLite.exe
> O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: @C:\Program
> Files\Messenger\Msgslang.dll,-61144
> - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O12 - Plugin for .mid: C:\Program Files\Internet
> Explorer\PLUGINS\npqtplugin.dll
> O12 - Plugin for .spop: C:\Program Files\Internet
> Explorer\Plugins\NPDocBox.dll
> O12 - Plugin for .tif: C:\Program Files\Internet
> Explorer\PLUGINS\npqtplugin3.dll
> O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
> Tool) -
> http://www.msnusers.com/controls/PhotoUC/MsnPUpld.cab
> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
> http://update.microsoft.com/microsoftupdate/v6/V5Contro...
> O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
> http://www.gamespot.com/KDX/download/kdx.cab
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{904177BF-5785-4D59-886D-BC3912283139}:
> NameServer = 12.102.244.1 204.127.129.3
> O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program
> Files\Acesoft\Tracks Eraser Pro\autocomp.exe
> O23 - Service: BullGuard LiveUpdate Service (BGLiveSvc) - BullGuard,
> Ltd. -
> C:\Program Files\BullGuard Software\BullGuard\BgUpdSvc.exe
> O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION -
> C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
> O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program
> Files\Common Files\EPSON\EBAPI\eEBSVC.exe
> O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO
> EPSON
> CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
> O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
>
>
Anonymous
September 1, 2005 6:43:43 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

You need to have Hijackthis fix all of those lines I listed, all of them,
not 3. Run hjt again and place a check mark next to each of those lines then
click on the fix checked button on the bottom.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"bocher" <bocher@discussions.microsoft.com> wrote in message
news:68DE5E12-AB7E-4850-91A0-DB655B92FC16@microsoft.com...
>
>
> "pcbutts1" wrote:
>
>> You have at least 3 viruses. Have hijackthis fix the following lines, get
>> antivirus www.avast.com software and run a full and complete scan. Your
>> current antivirus is not working and has been disabled probably by the
>> virus.
>>
>>
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
>> http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
>> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
>> http://www.mail.yahoo.com/
>> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
>> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
>> O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank
>> (file
>> missing)
>> O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank
>> (file
>> missing)
>> O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
>> O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
>> Files\MoodLogic\Service\Updater.exe
>> O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
>> Jukebox\PhilipsRemote.exe
>> O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
>> 2000\Pop3trap.exe"
>> O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
>> 2000\WebTrapNT.exe"
>> O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
>> O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
>> O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
>> O4 - HKLM\..\Run: [EarthLink Installer] " /C
>> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
>> O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
>> O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
>> O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
>> O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
>> PestPatrol\PPActiveDetection.exe"
>> O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
>> Nik'ole\Application Data\woet.exe
>> O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
>> O4 - Global Startup: Microsoft Office.lnk.disabled
>> O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
>> http://entimg.msn.com/client/msnmusax2729.cab
>> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
>> 4.5) -
>> http://chat.msn.com/bin/msnchat45.cab
>> O23 - Service: Prime95 Service - Unknown owner - C:\Program
>> Files\Prime95\prime95.exe (file missing)
>>
>>
>>
>> --
>>
>>
>> The best live web video on the internet http://www.seedsv.com/webdemo.htm
>> NEW Embedded system W/Linux. We now sell DVR cards.
>> See it all at http://www.seedsv.com/products.htm
>> Sharpvision simply the best http://www.seedsv.com
>>
>>
>>
>> "bocher" <bocher@discussions.microsoft.com> wrote in message
>> news:E8E9E181-20E9-4C9C-92DD-BEB86543C5BF@microsoft.com...
>> >
>> >
>> can you single out the three lines for me thanks.
>>
>>
Anonymous
September 1, 2005 6:44:50 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Only check the ones I listed.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"bocher" <bocher@discussions.microsoft.com> wrote in message
news:68DE5E12-AB7E-4850-91A0-DB655B92FC16@microsoft.com...
>
>
> "pcbutts1" wrote:
>
>> You have at least 3 viruses. Have hijackthis fix the following lines, get
>> antivirus www.avast.com software and run a full and complete scan. Your
>> current antivirus is not working and has been disabled probably by the
>> virus.
>>
>>
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
>> http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
>> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
>> http://www.mail.yahoo.com/
>> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
>> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
>> O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank
>> (file
>> missing)
>> O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank
>> (file
>> missing)
>> O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
>> O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
>> Files\MoodLogic\Service\Updater.exe
>> O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
>> Jukebox\PhilipsRemote.exe
>> O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
>> 2000\Pop3trap.exe"
>> O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
>> 2000\WebTrapNT.exe"
>> O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
>> O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
>> O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
>> O4 - HKLM\..\Run: [EarthLink Installer] " /C
>> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
>> O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
>> O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
>> O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
>> O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
>> PestPatrol\PPActiveDetection.exe"
>> O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
>> Nik'ole\Application Data\woet.exe
>> O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
>> O4 - Global Startup: Microsoft Office.lnk.disabled
>> O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
>> http://entimg.msn.com/client/msnmusax2729.cab
>> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
>> 4.5) -
>> http://chat.msn.com/bin/msnchat45.cab
>> O23 - Service: Prime95 Service - Unknown owner - C:\Program
>> Files\Prime95\prime95.exe (file missing)
>>
>>
>>
>> --
>>
>>
>> The best live web video on the internet http://www.seedsv.com/webdemo.htm
>> NEW Embedded system W/Linux. We now sell DVR cards.
>> See it all at http://www.seedsv.com/products.htm
>> Sharpvision simply the best http://www.seedsv.com
>>
>>
>>
>> "bocher" <bocher@discussions.microsoft.com> wrote in message
>> news:E8E9E181-20E9-4C9C-92DD-BEB86543C5BF@microsoft.com...
>> >
>> >
>> can you single out the three lines for me thanks.
>>
>>
Anonymous
September 1, 2005 5:59:18 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"pcbutts1" <pcbutts1@seedsv.com> wrote in message
news:kIoRe.255$XY7.59@newssvr11.news.prodigy.com...
> What? My reply was to bocher who posted his log not you.

$$ How can I learn anything if I don't ask questions. I'm learning to read
the HiJackThis log for my own use. I find it very helpful.

Are you the same
> person.? Do not follow my advice or any advice unless I directly reply to
> your post.

$$ I'm curious as to what you saw as viruses on his log.

FS~
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "~ FreeSpirit ~" <spammenot@nospam.net> wrote in message
> news:%23888iomrFHA.1028@TK2MSFTNGP12.phx.gbl...
>>
>> "pcbutts1" <pcbutts1@seedsv.com> wrote in message
>> news:0fnRe.12$ua1.2@newssvr21.news.prodigy.com...
>>> You have at least 3 viruses.
>>
>> ## Which are the viruses?
>>
>> Have hijackthis fix the following lines,
>>
>> ## Which following lines? You didn't point out any that I can see and
>> I'm trying to learn. :-))
>>
>> get
>>> antivirus www.avast.com software and run a full and complete scan. Your
>>> current antivirus is not working and has been disabled probably by the
>>> virus.
>>
>> ## Can we disable Norton to run this AV software on a Norton protected
>> machine, or do we have to UNINSTALL Norton (including keys it leaves in
>> the registry?)
>>
>> FS~
>>>
>>>
>>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
>>> http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
>>> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
>>> http://www.mail.yahoo.com/
>>> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
>>> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
>>> O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank
>>> (file
>>> missing)
>>> O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank
>>> (file
>>> missing)
>>> O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
>>> O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
>>> Files\MoodLogic\Service\Updater.exe
>>> O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
>>> Jukebox\PhilipsRemote.exe
>>> O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
>>> 2000\Pop3trap.exe"
>>> O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend
>>> Micro\PC-cillin
>>> 2000\WebTrapNT.exe"
>>> O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
>>> O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
>>> O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
>>> O4 - HKLM\..\Run: [EarthLink Installer] " /C
>>> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
>>> O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
>>> O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
>>> O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
>>> O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
>>> PestPatrol\PPActiveDetection.exe"
>>> O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
>>> Nik'ole\Application Data\woet.exe
>>> O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
>>> O4 - Global Startup: Microsoft Office.lnk.disabled
>>> O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
>>> http://entimg.msn.com/client/msnmusax2729.cab
>>> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
>>> 4.5) -
>>> http://chat.msn.com/bin/msnchat45.cab
>>> O23 - Service: Prime95 Service - Unknown owner - C:\Program
>>> Files\Prime95\prime95.exe (file missing)
>>>
>>
>
>
Anonymous
September 1, 2005 9:04:13 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

~ FreeSpirit ~ wrote:
> "pcbutts1" <pcbutts1@seedsv.com> wrote in message
> news:kIoRe.255$XY7.59@newssvr11.news.prodigy.com...
>> What? My reply was to bocher who posted his log not you.
>
> $$ How can I learn anything if I don't ask questions. I'm
> learning to read the HiJackThis log for my own use. I find
> it very helpful.
> Are you the same
>> person.? Do not follow my advice or any advice unless I
>> directly reply to your post.
>
> $$ I'm curious as to what you saw as viruses on his log.
>
> FS~

<snipped>

Here are a couple of HijackThis tutorials that you might find
helpful:

HijackThis Log Tutorial
http://aumha.org/a/hjttutor.htm

http://www.merijn.org/htlogtutorial.html

There are a number of web sites where HijackThis logs should be
posted. Here are some of the more popular ones:

CastleCops HijackThis Forum
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Wo...

Aumha Forums - HijackThis Logs
http://forum.aumha.org/

HijackThis Logs and Analysis
http://www.bleepingcomputer.com/forums/HijackThis_Logs_...

HijackThis Logs and Spyware/Malware Removal
http://forums.tomcoyote.org/index.php?showforum=27

Spyware Warrior HijackThis Logs
http://spywarewarrior.com/viewforum.php?f=5

These forums are staffed by volunteers who have demonstrated
their ability to interpret these logs and provide safe and
helpful assistance. Also, the forums are moderated, adding a
degree of assurance that the advice given is valid. Posting an
HJT log to a newsgroup, such as this one, is an open invitation
to make an already bad situation worse.

One of the best ways to familiarize yourself with how these
logs are interpreted is to go to one of the forums and take a
look at how the expert handles a log. Do a Google search for
the items that the expert recommends be removed. After doing
this for a few logs, start with a fresh log and see if you can
separate the good from the bad and then match your results up
with what the expert found.

For obvious reasons, the latest version, 1.99.1, should be
downloaded from one of the officially sanctioned download sites
listed on the developer's web site:

http://www.merijn.org/downloads.html

Good luck

Nepatsfan
Anonymous
September 1, 2005 11:37:38 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Oh ok, well the easiest way to learn would be to Google it. When you see
something in the log that you are not familiar with Google the file name
which is usually the last part of the line but not always. For example: O4 -
HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe. Teekids.exe is added to the
system as a result of the Lovesan worm so you know that needs to be fixed.
You also have O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe and O4 -
HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe those are all reg keys that
automatically run when the system is booted. The first few lines of the log
are browser hijacks, the string shows links to known spam websites and
default search engines. You see that after the word search=. For example in
this line R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch redirects the
search to MSN but the next line shows the default search engine is Yahoo
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com.HJT will fix those and reset them to the IE default. A lot of time you seein the log lines that say file missing those should also be fixed. HJT makesa backup of everything it fixes so if there are mistakes they can be undone.When you do enough of them, like me, You will see patterns that the spywareand viruses do to the logs and how they effect the system. It takes time butyou will see what I am talking about.--The best live web video on the internet http://www.seedsv.com/webdemo.htmNEW Embedded system W/Linux. We now sell DVR cards.See it all at http://www.seedsv.com/products.htmSharpvision simply the best http://www.seedsv.com"~ FreeSpirit ~" <spammenot@nospam.net> wrote in messagenews:ePVKCdyrFHA.3080@TK2MSFTNGP15.phx.gbl...>> "pcbutts1" <pcbutts1@seedsv.com> wrote in messagenews:kIoRe.255$XY7.59@newssvr11.news.prodigy.com...>> What? My reply was to bocher who posted his log not you.>> $$ How can I learn anything if I don't ask questions. I'm learning toread the HiJackThis log for my own use. I find it very helpful.>> Are you the same>> person.? Do not follow my advice or any advice unless I directly reply toyour post.>> $$ I'm curious as to what you saw as viruses on his log.>> FS~>>>> -->>>>>> The best live web video on the internet http://www.seedsv.com/webdemo.htm&gt;> NEW Embedded system W/Linux. We now sell DVR cards.>> See it all at http://www.seedsv.com/products.htm&gt;> Sharpvision simply the best http://www.seedsv.com&gt;>>>>>>> "~ FreeSpirit ~" <spammenot@nospam.net> wrote in messagenews:%23888iomrFHA.1028@TK2MSFTNGP12.phx.gbl...>>>>>> "pcbutts1" <pcbutts1@seedsv.com> wrote in messagenews:0fnRe.12$ua1.2@newssvr21.news.prodigy.com...>>>> You have at least 3 viruses.>>>>>> ## Which are the viruses?>>>>>> Have hijackthis fix the following lines,>>>>>> ## Which following lines? You didn't point out any that I can see andI'm trying to learn. :-))>>>>>> get>>>> antivirus www.avast.com software and run a full and complete scan. Yourcurrent antivirus is not working and has been disabled probably by thevirus.>>>>>> ## Can we disable Norton to run this AV software on a Norton protectedmachine, or do we have to UNINSTALL Norton (including keys it leaves in theregistry?)>>>>>> FS~>>>>>>>>>>>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =>>>> http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch...;>>> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =>>>> http://www.mail.yahoo.com/&gt;>>> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =>>>>http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com&gt;>>> O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank(file>>>> missing)>>>> O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank(file>>>> missing)>>>> O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe>>>> O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program>>>> Files\MoodLogic\Service\Updater.exe>>>> O4 - HKLM\..\Run: [PhilipsRemote] C:\ProgramFiles\MUSICMATCH\MUSICMATCH>>>> Jukebox\PhilipsRemote.exe>>>> O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\TrendMicro\PC-cillin>>>> 2000\Pop3trap.exe">>>> O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\TrendMicro\PC-cillin>>>> 2000\WebTrapNT.exe">>>> O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe>>>> O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe>>>> O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup>>>> O4 - HKLM\..\Run: [EarthLink Installer] " /C>>>> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k>>>> O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe>>>> O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe>>>> O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe>>>> O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust>>>> PestPatrol\PPActiveDetection.exe">>>> O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha>>>> Nik'ole\Application Data\woet.exe>>>> O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe>>>> O4 - Global Startup: Microsoft Office.lnk.disabled>>>> O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) ->>>> http://entimg.msn.com/client/msnmusax2729.cab&gt;>>> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control4.5) ->>>> http://chat.msn.com/bin/msnchat45.cab&gt;>>> O23 - Service: Prime95 Service - Unknown owner - C:\Program>>>> Files\Prime95\prime95.exe (file missing)>>>>>>>>>>>>
Anonymous
September 2, 2005 2:13:17 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Oh ok, well the easiest way to learn would be to Google it. When you see
something in the log that you are not familiar with Google the file name
which is usually the last part of the line but not always. For example: O4 -
HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe. Teekids.exe is added to the
system as a result of the Lovesan worm so you know that needs to be fixed.
You also have O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe and O4 -
HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe those are all reg keys that
automatically run when the system is booted. The first few lines of the log
are browser hijacks, the string shows links to known spam websites and
default search engines. You see that after the word search=. For example in
this line R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch redirects the
search to MSN but the next line shows the default search engine is Yahoo
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com.HJTwill fix those and reset them to the IE default. A lot of time you seein thelog lines that say file missing those should also be fixed. HJT makes abackup of everything it fixes so if there are mistakes they can beundone.When you do enough of them, like me, You will see patterns that thespywareand viruses do to the logs and how they effect the system. It takestime but you will see what I am talking about.--The best live web video on the internet http://www.seedsv.com/webdemo.htmNEW Embedded system W/Linux. We now sell DVR cards.See it all at http://www.seedsv.com/products.htmSharpvision simply the best http://www.seedsv.com"~ FreeSpirit ~" <spammenot@nospam.net> wrote in messagenews:ePVKCdyrFHA.3080@TK2MSFTNGP15.phx.gbl...>> "pcbutts1" <pcbutts1@seedsv.com> wrote in messagenews:kIoRe.255$XY7.59@newssvr11.news.prodigy.com...>> What? My reply was to bocher who posted his log not you.>> $$ How can I learn anything if I don't ask questions. I'm learning toread the HiJackThis log for my own use. I find it very helpful.>
Anonymous
September 2, 2005 2:23:54 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"~ FreeSpirit ~" <spammenot@nospam.net> wrote:

>
>"pcbutts1" <pcbutts1@seedsv.com> wrote in message
>news:kIoRe.255$XY7.59@newssvr11.news.prodigy.com...
>> What? My reply was to bocher who posted his log not you.
>
>$$ How can I learn anything if I don't ask questions. I'm learning to read
>the HiJackThis log for my own use. I find it very helpful.
>
HiJackThis tutorial:
http://www.bleepingcomputer.com/forums/index.php?showtu...


also http://www.aumha.org/a/hjttutor.htm

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm
Anonymous
September 2, 2005 2:34:12 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Oh ok, well the easiest way to learn would be to Google it. When you see
something in the log that you are not familiar with Google the file name
which is usually the last part of the line but not always. For example: O4 -
HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe. Teekids.exe is added to the
system as a result of the Lovesan worm so you know that needs to be fixed.
You also have O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe and O4 -
HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe those are all reg keys that
automatically run when the system is booted. The first few lines of the log
are browser hijacks, the string shows links to known spam websites and
default search engines. You see that after the word search=. For example in
this line R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch redirects the
search to MSN but the next line shows the default search engine is Yahoo
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com.
HJT will fix those and reset them to the IE default. A lot of time you
seeing
the log lines that say file missing those should also be fixed. HJT makes a
backup of everything it fixes so if there are mistakes they can be undone.
When you do enough of them, like me, You will see patterns that the spyware
and viruses do to the logs and how they effect the system. It takes time but
you will see what I am talking about.

--