Spyware?

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Ive got a problem with my computer, every time it connects to the internet it
stays a while then cuts.After it also has this software on add or remove
programs called winxpwebfldrs, after it sometimes said windows has occured a
serious error.this is very annoying,

If theres any programs or something to make my computer at a healthy
performance please reply
20 answers Last reply
More about spyware
  1. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    As I recall, that is a piece of spyware. Spyware hunting is a specialized
    issue because it changes so much.

    I'd recommend downloading the MS AntiSpyware Beta and installing it on your
    system. For assistance in removing spyware, I'd suggest the following 2
    resources:

    http://help.lockergnome.com - click on the Problem Solvers sub-forum about ½
    way down the page.

    http://www.spywareinfo.org - the source for the training for most of the
    folks in the above forum

    "Ian" wrote:

    > Ive got a problem with my computer, every time it connects to the internet it
    > stays a while then cuts.After it also has this software on add or remove
    > programs called winxpwebfldrs, after it sometimes said windows has occured a
    > serious error.this is very annoying,
    >
    > If theres any programs or something to make my computer at a healthy
    > performance please reply
  2. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Download, install, update and run all of the following.

    Ad-Aware
    http://www.pcbutts1.com/downloads/aawsepersonal.exe

    Spybot search and destroy
    http://www.pcbutts1.com/downloads/spybotsd14.exe

    Ewido Security Suite Trial version
    http://www.pcbutts1.com/downloads/ewidosetup.exe

    Microsoft Windows AntiSpyware (Beta1)
    http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

    If none of the above fixes the issue then download Hijack this, run it, save
    a copy of the log file and cut and paste it back here to this group so that
    I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
    to see it not them.


    HijackThis
    http://www.pcbutts1.com/downloads/HijackThis.zip

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Ian" <Ian@discussions.microsoft.com> wrote in message
    news:E9896229-CA9F-483A-9E81-73B58697B786@microsoft.com...
    > Ive got a problem with my computer, every time it connects to the internet
    > it
    > stays a while then cuts.After it also has this software on add or remove
    > programs called winxpwebfldrs, after it sometimes said windows has occured
    > a
    > serious error.this is very annoying,
    >
    > If theres any programs or something to make my computer at a healthy
    > performance please reply
  3. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    "pcbutts1" wrote:

    > Download, install, update and run all of the following.
    >
    > Ad-Aware
    > http://www.pcbutts1.com/downloads/aawsepersonal.exe
    >
    > Spybot search and destroy
    > http://www.pcbutts1.com/downloads/spybotsd14.exe
    >
    > Ewido Security Suite Trial version
    > http://www.pcbutts1.com/downloads/ewidosetup.exe
    >
    > Microsoft Windows AntiSpyware (Beta1)
    > http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
    >
    > If none of the above fixes the issue then download Hijack this, run it, save
    > a copy of the log file and cut and paste it back here to this group so that
    > I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
    > to see it not them.
    >
    >
    > HijackThis
    > http://www.pcbutts1.com/downloads/HijackThis.zip
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > "Ian" <Ian@discussions.microsoft.com> wrote in message
    > news:E9896229-CA9F-483A-9E81-73B58697B786@microsoft.com...
    > > Ive got a problem with my computer, every time it connects to the internet
    > > it
    > > stays a while then cuts.After it also has this software on add or remove
    > > programs called winxpwebfldrs, after it sometimes said windows has occured
    > > a
    > > serious error.this is very annoying,
    > >
    > > If theres any programs or something to make my computer at a healthy
    > > performance please reply
    >

    > > Logfile of HijackThis v1.99.1
    Scan saved at 10:36:58 AM, on 8/31/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Here is mine so if you can help me that would be great cause I keep getting
    a blue screen that keeps doing dumps and each one of them say different
    things.

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\MARSHA~1\LOCALS~1\Temp\Temporary Directory 1 for
    HijackThis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.mail.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank (file
    missing)
    O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank (file
    missing)
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
    O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
    Files\MoodLogic\Service\Updater.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
    2000\Pop3trap.exe"
    O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
    2000\WebTrapNT.exe"
    O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\PhilipsRemote.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
    AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [EarthLink Installer] " /C
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
    PestPatrol\PPActiveDetection.exe"
    O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
    Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
    Nik'ole\Application Data\woet.exe
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink
    TotalAccess\TaskPanl.exe" -winstart
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
    Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
    O4 - Global Startup: Microsoft Office.lnk.disabled
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.yugioh-deck.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
    https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
    http://entimg.msn.com/client/msnmusax2729.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
    http://chat.msn.com/bin/msnchat45.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{6FF45968-FC5F-405E-A24F-4B2A7828E486}:
    NameServer = 66.93.87.2,216.231.41.2
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Prime95 Service - Unknown owner - C:\Program
    Files\Prime95\prime95.exe (file missing)
  4. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    "pcbutts1" wrote:

    > Download, install, update and run all of the following.
    >
    > Ad-Aware
    > http://www.pcbutts1.com/downloads/aawsepersonal.exe
    >
    > Spybot search and destroy
    > http://www.pcbutts1.com/downloads/spybotsd14.exe
    >
    > Ewido Security Suite Trial version
    > http://www.pcbutts1.com/downloads/ewidosetup.exe
    >
    > Microsoft Windows AntiSpyware (Beta1)
    > http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
    >
    > If none of the above fixes the issue then download Hijack this, run it, save
    > a copy of the log file and cut and paste it back here to this group so that
    > I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
    > to see it not them.
    >
    >
    > HijackThis
    > http://www.pcbutts1.com/downloads/HijackThis.zip

    What does this logfile tell you, Please?

    Logfile of HijackThis v1.99.1
    Scan saved at 3:42:33 PM, on 8/31/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\BullGuard Software\BullGuard\BgUpdSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Startup Mechanic\StartupMonitor.exe
    C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
    C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
    C:\Program Files\AT&T Worldnet Accelerator\PropelAC.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
    C:\WINDOWS\system32\hpoipm07.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE
    C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
    C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\HJT\hijackthis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.att.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    Internet Explorer provided by AT&T Worldnet Service
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = http=localhost:8080
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Local Spool Net support DLL -
    {4E7BD750-2C8E-469B-C1E2-F063C081BF33} - c:\windows\system32\localsplnet.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN
    Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
    Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -
    C:\Program Files\ICQToolbar\toolbaru.dll
    O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup
    Mechanic\StartupMonitor.exe
    O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\AT&T Worldnet
    Accelerator\trayctl.exe" /STARTUPLAUNCH
    O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser
    Pro\te.exe min
    O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard
    Software\BullGuard\BullGuard.exe"
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - Startup: Swebexec.lnk = F:\Program Files\Webshots\Swebexec.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program
    Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
    Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program
    Files\AT&T Worldnet Accelerator\pac-page.html
    O8 - Extra context menu item: Refresh Pi&cture with Full Quality -
    C:\Program Files\AT&T Worldnet Accelerator\pac-image.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
    C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
    C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
    C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite -
    {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144
    - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O12 - Plugin for .mid: C:\Program Files\Internet
    Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .tif: C:\Program Files\Internet
    Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
    http://www.msnusers.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125322866162
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
    http://www.gamespot.com/KDX/download/kdx.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{904177BF-5785-4D59-886D-BC3912283139}:
    NameServer = 12.102.244.1 204.127.129.3
    O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program
    Files\Acesoft\Tracks Eraser Pro\autocomp.exe
    O23 - Service: BullGuard LiveUpdate Service (BGLiveSvc) - BullGuard, Ltd. -
    C:\Program Files\BullGuard Software\BullGuard\BgUpdSvc.exe
    O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION -
    C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program
    Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
    CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  5. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    "usasma" <usasma@discussions.microsoft.com> wrote in message
    news:FDA75F51-3D21-49B2-8C4A-7F9667190DD1@microsoft.com...
    > As I recall, that is a piece of spyware. Spyware hunting is a specialized
    > issue because it changes so much.
    >
    > I'd recommend downloading the MS AntiSpyware Beta and installing it on
    > your
    > system. For assistance in removing spyware, I'd suggest the following 2
    > resources:


    I would recommend NOT downloading the MS Anti-spyware software - it is Beta
    and not something you want to be trying out at a time of need. Download
    Spyboat S&D.

    If you cannot stay connected for long eneough you may need to terminate the
    spyware process that is running in the background. To do this bring up the
    task manager with ctrl+alt+del, look in the applications and processes tabs
    for winxpwebfldrs - for each occurance select the item and click end task /
    end process as appropriate. This will stop the spyware running and allow
    your connection to be stable for at least long enough to downlaod the
    anti-spyware software.

    Andy
  6. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    "Andrew" <andrewportess@nospamhotmail.com> wrote:

    >
    >"usasma" <usasma@discussions.microsoft.com> wrote in message
    >news:FDA75F51-3D21-49B2-8C4A-7F9667190DD1@microsoft.com...
    >> As I recall, that is a piece of spyware. Spyware hunting is a specialized
    >> issue because it changes so much.
    >>
    >> I'd recommend downloading the MS AntiSpyware Beta and installing it on
    >> your
    >> system. For assistance in removing spyware, I'd suggest the following 2
    >> resources:
    >
    >
    >
    >I would recommend NOT downloading the MS Anti-spyware software - it is Beta
    >and not something you want to be trying out at a time of need. Download
    >Spyboat S&D.
    >

    While it is true that the Microsoft Antispyware is still a Beta
    version, it is also true that it is always in the top 3 category on
    any independent comparative test of antispyware products.

    I have no reservations about using it or suggesting it to other users.

    Spybot S&D has been a good product, but more recently it has been
    plagued with serious "false positive" issues which have caused
    problems for a number of users. Most recently is has been falsely
    identifying the Microsoft RDP Client Control as malware.


    Ron Martell Duncan B.C. Canada
    --
    Microsoft MVP
    On-Line Help Computer Service
    http://onlinehelp.bc.ca

    In memory of a dear friend Alex Nichol MVP
    http://aumha.org/alex.htm
  7. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    In article <h1ubh1520macq5r9nju1s4g601vqafg04i@4ax.com>,
    ron.martell@gmail.com says...
    > While it is true that the Microsoft Antispyware is still a Beta
    > version, it is also true that it is always in the top 3 category on
    > any independent comparative test of antispyware products.

    And the generally accepted method is to NOT use Beta software on any
    machine you care about.

    SBS&D and AdAwareSE and quality AV software, when run in Safe Mode, is a
    good choice for most items - manual editing of the registry can also be
    good if one is capable.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  8. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    You have at least 3 viruses. Have hijackthis fix the following lines, get
    antivirus www.avast.com software and run a full and complete scan. Your
    current antivirus is not working and has been disabled probably by the
    virus.


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.mail.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank (file
    missing)
    O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank (file
    missing)
    O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
    O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
    Files\MoodLogic\Service\Updater.exe
    O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\PhilipsRemote.exe
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
    2000\Pop3trap.exe"
    O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
    2000\WebTrapNT.exe"
    O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
    O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [EarthLink Installer] " /C
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
    O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
    PestPatrol\PPActiveDetection.exe"
    O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
    Nik'ole\Application Data\woet.exe
    O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
    O4 - Global Startup: Microsoft Office.lnk.disabled
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
    http://entimg.msn.com/client/msnmusax2729.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
    http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: Prime95 Service - Unknown owner - C:\Program
    Files\Prime95\prime95.exe (file missing)


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "bocher" <bocher@discussions.microsoft.com> wrote in message
    news:E8E9E181-20E9-4C9C-92DD-BEB86543C5BF@microsoft.com...
    >
    >
  9. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    "pcbutts1" <pcbutts1@seedsv.com> wrote in message
    news:0fnRe.12$ua1.2@newssvr21.news.prodigy.com...
    > You have at least 3 viruses.

    ## Which are the viruses?

    Have hijackthis fix the following lines,

    ## Which following lines? You didn't point out any that I can see and I'm
    trying to learn. :-))

    get
    > antivirus www.avast.com software and run a full and complete scan. Your
    > current antivirus is not working and has been disabled probably by the
    > virus.

    ## Can we disable Norton to run this AV software on a Norton protected
    machine, or do we have to UNINSTALL Norton (including keys it leaves in the
    registry?)

    FS~
    >
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    > http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://www.mail.yahoo.com/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    > http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    > O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank
    > (file
    > missing)
    > O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank
    > (file
    > missing)
    > O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
    > O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
    > Files\MoodLogic\Service\Updater.exe
    > O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
    > Jukebox\PhilipsRemote.exe
    > O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
    > 2000\Pop3trap.exe"
    > O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
    > 2000\WebTrapNT.exe"
    > O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
    > O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    > O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    > O4 - HKLM\..\Run: [EarthLink Installer] " /C
    > O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    > O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    > O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
    > O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    > O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
    > PestPatrol\PPActiveDetection.exe"
    > O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
    > Nik'ole\Application Data\woet.exe
    > O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
    > O4 - Global Startup: Microsoft Office.lnk.disabled
    > O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
    > http://entimg.msn.com/client/msnmusax2729.cab
    > O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
    > http://chat.msn.com/bin/msnchat45.cab
    > O23 - Service: Prime95 Service - Unknown owner - C:\Program
    > Files\Prime95\prime95.exe (file missing)
    >
  10. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    "pcbutts1" wrote:

    > You have at least 3 viruses. Have hijackthis fix the following lines, get
    > antivirus www.avast.com software and run a full and complete scan. Your
    > current antivirus is not working and has been disabled probably by the
    > virus.
    >
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    > http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://www.mail.yahoo.com/
    > R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    > http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    > O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank (file
    > missing)
    > O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank (file
    > missing)
    > O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
    > O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
    > Files\MoodLogic\Service\Updater.exe
    > O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
    > Jukebox\PhilipsRemote.exe
    > O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
    > 2000\Pop3trap.exe"
    > O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
    > 2000\WebTrapNT.exe"
    > O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
    > O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    > O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    > O4 - HKLM\..\Run: [EarthLink Installer] " /C
    > O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    > O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    > O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
    > O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    > O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
    > PestPatrol\PPActiveDetection.exe"
    > O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
    > Nik'ole\Application Data\woet.exe
    > O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
    > O4 - Global Startup: Microsoft Office.lnk.disabled
    > O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
    > http://entimg.msn.com/client/msnmusax2729.cab
    > O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
    > http://chat.msn.com/bin/msnchat45.cab
    > O23 - Service: Prime95 Service - Unknown owner - C:\Program
    > Files\Prime95\prime95.exe (file missing)
    >
    >
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > "bocher" <bocher@discussions.microsoft.com> wrote in message
    > news:E8E9E181-20E9-4C9C-92DD-BEB86543C5BF@microsoft.com...
    > >
    > >
    > can you single out the three lines for me thanks.
    >
    >
  11. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    What? My reply was to bocher who posted his log not you. Are you the same
    person.? Do not follow my advice or any advice unless I directly reply to
    your post.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "~ FreeSpirit ~" <spammenot@nospam.net> wrote in message
    news:%23888iomrFHA.1028@TK2MSFTNGP12.phx.gbl...
    >
    > "pcbutts1" <pcbutts1@seedsv.com> wrote in message
    > news:0fnRe.12$ua1.2@newssvr21.news.prodigy.com...
    >> You have at least 3 viruses.
    >
    > ## Which are the viruses?
    >
    > Have hijackthis fix the following lines,
    >
    > ## Which following lines? You didn't point out any that I can see and I'm
    > trying to learn. :-))
    >
    > get
    >> antivirus www.avast.com software and run a full and complete scan. Your
    >> current antivirus is not working and has been disabled probably by the
    >> virus.
    >
    > ## Can we disable Norton to run this AV software on a Norton protected
    > machine, or do we have to UNINSTALL Norton (including keys it leaves in
    > the registry?)
    >
    > FS~
    >>
    >>
    >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    >> http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    >> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    >> http://www.mail.yahoo.com/
    >> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    >> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    >> O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank
    >> (file
    >> missing)
    >> O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank
    >> (file
    >> missing)
    >> O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
    >> O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
    >> Files\MoodLogic\Service\Updater.exe
    >> O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
    >> Jukebox\PhilipsRemote.exe
    >> O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
    >> 2000\Pop3trap.exe"
    >> O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
    >> 2000\WebTrapNT.exe"
    >> O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
    >> O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    >> O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    >> O4 - HKLM\..\Run: [EarthLink Installer] " /C
    >> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    >> O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    >> O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
    >> O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    >> O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
    >> PestPatrol\PPActiveDetection.exe"
    >> O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
    >> Nik'ole\Application Data\woet.exe
    >> O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
    >> O4 - Global Startup: Microsoft Office.lnk.disabled
    >> O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
    >> http://entimg.msn.com/client/msnmusax2729.cab
    >> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
    >> 4.5) -
    >> http://chat.msn.com/bin/msnchat45.cab
    >> O23 - Service: Prime95 Service - Unknown owner - C:\Program
    >> Files\Prime95\prime95.exe (file missing)
    >>
    >
  12. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Bullguard is installed by P2P software right along with spyware. You should
    remove it and use Zone Alarm for your firewall and Avast for your Antivirus
    http://www.avast.com . Letting hjt fix the files below will disable it not
    uninstall it. It's your choice, I don't trust it. Use add/remove programs to
    uninstall it. ZA is all you need. The BHO listed below is a remnant of the
    CWS Coolwebsearch malware at it should be removed/fixed by HJT. The same for
    R3.


    R3 - Default URLSearchHook is missing

    O2 - BHO: Local Spool Net support DLL -
    {4E7BD750-2C8E-469B-C1E2-F063C081BF33} - c:\windows\system32\localsplnet.dll

    O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard
    Software\BullGuard\BullGuard.exe"

    O23 - Service: BullGuard LiveUpdate Service (BGLiveSvc) - BullGuard, Ltd. -
    C:\Program Files\BullGuard Software\BullGuard\BgUpdSvc.exe


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Boat Dr" <BoatDr@discussions.microsoft.com> wrote in message
    news:6135287D-6916-4A04-BD6F-6F9E1095CECA@microsoft.com...
    >
    >
    > "pcbutts1" wrote:
    >
    >> Download, install, update and run all of the following.
    >>
    >> Ad-Aware
    >> http://www.pcbutts1.com/downloads/aawsepersonal.exe
    >>
    >> Spybot search and destroy
    >> http://www.pcbutts1.com/downloads/spybotsd14.exe
    >>
    >> Ewido Security Suite Trial version
    >> http://www.pcbutts1.com/downloads/ewidosetup.exe
    >>
    >> Microsoft Windows AntiSpyware (Beta1)
    >> http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
    >>
    >> If none of the above fixes the issue then download Hijack this, run it,
    >> save
    >> a copy of the log file and cut and paste it back here to this group so
    >> that
    >> I can analyze it. Ignore anyone who tells you to post it elsewhere. I
    >> need
    >> to see it not them.
    >>
    >>
    >> HijackThis
    >> http://www.pcbutts1.com/downloads/HijackThis.zip
    >
    > What does this logfile tell you, Please?
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 3:42:33 PM, on 8/31/2005
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\Program Files\BullGuard Software\BullGuard\BgUpdSvc.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    > C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\Program Files\Startup Mechanic\StartupMonitor.exe
    > C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
    > C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
    > C:\Program Files\AT&T Worldnet Accelerator\PropelAC.exe
    > C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    > C:\PROGRA~1\Webshots\webshots.scr
    > C:\WINDOWS\system32\rundll32.exe
    > C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
    > C:\WINDOWS\system32\hpoipm07.exe
    > C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE
    > C:\Program Files\AT&T\WnClient\Programs\WNConnect.exe
    > C:\PROGRA~1\AT&T\WnClient\Programs\WNCSMS~1.EXE
    > C:\Program Files\Internet Explorer\iexplore.exe
    > C:\WINDOWS\system32\wuauclt.exe
    > C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
    > C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
    > C:\WINDOWS\system32\taskmgr.exe
    > C:\HJT\hijackthis.exe
    >
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://www.att.net
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
    > Microsoft
    > Internet Explorer provided by AT&T Worldnet Service
    > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    > Settings,ProxyServer = http=localhost:8080
    > R3 - Default URLSearchHook is missing
    > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    > O2 - BHO: Local Spool Net support DLL -
    > {4E7BD750-2C8E-469B-C1E2-F063C081BF33} -
    > c:\windows\system32\localsplnet.dll
    > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    > C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    > O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
    > Files\MSN
    > Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    > O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    > C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    > O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
    > Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    > O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -
    > C:\Program Files\ICQToolbar\toolbaru.dll
    > O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup
    > Mechanic\StartupMonitor.exe
    > O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\AT&T Worldnet
    > Accelerator\trayctl.exe" /STARTUPLAUNCH
    > O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks
    > Eraser
    > Pro\te.exe min
    > O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard
    > Software\BullGuard\BullGuard.exe"
    > O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    > O4 - Startup: Swebexec.lnk = F:\Program Files\Webshots\Swebexec.exe
    > O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    > O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program
    > Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    > O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    > Office\Office10\OSA.EXE
    > O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
    > Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    > O8 - Extra context menu item: E&xport to Microsoft Excel -
    > res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    > O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program
    > Files\AT&T Worldnet Accelerator\pac-page.html
    > O8 - Extra context menu item: Refresh Pi&cture with Full Quality -
    > C:\Program Files\AT&T Worldnet Accelerator\pac-image.html
    > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    > O9 - Extra 'Tools' menuitem: Sun Java Console -
    > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    > Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
    > O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
    > C:\Program Files\ICQ\ICQ.exe
    > O9 - Extra 'Tools' menuitem: ICQ -
    > {6224f700-cba3-4071-b251-47cb894244cd} -
    > C:\Program Files\ICQ\ICQ.exe
    > O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
    > C:\Program Files\ICQLite\ICQLite.exe
    > O9 - Extra 'Tools' menuitem: ICQ Lite -
    > {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program
    > Files\ICQLite\ICQLite.exe
    > O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 -
    > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    > Files\Messenger\msmsgs.exe
    > O9 - Extra 'Tools' menuitem: @C:\Program
    > Files\Messenger\Msgslang.dll,-61144
    > - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    > Files\Messenger\msmsgs.exe
    > O12 - Plugin for .mid: C:\Program Files\Internet
    > Explorer\PLUGINS\npqtplugin.dll
    > O12 - Plugin for .spop: C:\Program Files\Internet
    > Explorer\Plugins\NPDocBox.dll
    > O12 - Plugin for .tif: C:\Program Files\Internet
    > Explorer\PLUGINS\npqtplugin3.dll
    > O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
    > Tool) -
    > http://www.msnusers.com/controls/PhotoUC/MsnPUpld.cab
    > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125322866162
    > O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
    > http://www.gamespot.com/KDX/download/kdx.cab
    > O17 -
    > HKLM\System\CCS\Services\Tcpip\..\{904177BF-5785-4D59-886D-BC3912283139}:
    > NameServer = 12.102.244.1 204.127.129.3
    > O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program
    > Files\Acesoft\Tracks Eraser Pro\autocomp.exe
    > O23 - Service: BullGuard LiveUpdate Service (BGLiveSvc) - BullGuard,
    > Ltd. -
    > C:\Program Files\BullGuard Software\BullGuard\BgUpdSvc.exe
    > O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION -
    > C:\Program Files\Common Files\EPSON\EBAPI\eEBAgent.exe
    > O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program
    > Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    > O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO
    > EPSON
    > CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    > O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
    > C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    >
    >
  13. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    You need to have Hijackthis fix all of those lines I listed, all of them,
    not 3. Run hjt again and place a check mark next to each of those lines then
    click on the fix checked button on the bottom.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "bocher" <bocher@discussions.microsoft.com> wrote in message
    news:68DE5E12-AB7E-4850-91A0-DB655B92FC16@microsoft.com...
    >
    >
    > "pcbutts1" wrote:
    >
    >> You have at least 3 viruses. Have hijackthis fix the following lines, get
    >> antivirus www.avast.com software and run a full and complete scan. Your
    >> current antivirus is not working and has been disabled probably by the
    >> virus.
    >>
    >>
    >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    >> http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    >> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    >> http://www.mail.yahoo.com/
    >> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    >> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    >> O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank
    >> (file
    >> missing)
    >> O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank
    >> (file
    >> missing)
    >> O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
    >> O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
    >> Files\MoodLogic\Service\Updater.exe
    >> O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
    >> Jukebox\PhilipsRemote.exe
    >> O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
    >> 2000\Pop3trap.exe"
    >> O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
    >> 2000\WebTrapNT.exe"
    >> O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
    >> O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    >> O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    >> O4 - HKLM\..\Run: [EarthLink Installer] " /C
    >> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    >> O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    >> O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
    >> O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    >> O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
    >> PestPatrol\PPActiveDetection.exe"
    >> O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
    >> Nik'ole\Application Data\woet.exe
    >> O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
    >> O4 - Global Startup: Microsoft Office.lnk.disabled
    >> O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
    >> http://entimg.msn.com/client/msnmusax2729.cab
    >> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
    >> 4.5) -
    >> http://chat.msn.com/bin/msnchat45.cab
    >> O23 - Service: Prime95 Service - Unknown owner - C:\Program
    >> Files\Prime95\prime95.exe (file missing)
    >>
    >>
    >>
    >> --
    >>
    >>
    >> The best live web video on the internet http://www.seedsv.com/webdemo.htm
    >> NEW Embedded system W/Linux. We now sell DVR cards.
    >> See it all at http://www.seedsv.com/products.htm
    >> Sharpvision simply the best http://www.seedsv.com
    >>
    >>
    >>
    >> "bocher" <bocher@discussions.microsoft.com> wrote in message
    >> news:E8E9E181-20E9-4C9C-92DD-BEB86543C5BF@microsoft.com...
    >> >
    >> >
    >> can you single out the three lines for me thanks.
    >>
    >>
  14. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Only check the ones I listed.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "bocher" <bocher@discussions.microsoft.com> wrote in message
    news:68DE5E12-AB7E-4850-91A0-DB655B92FC16@microsoft.com...
    >
    >
    > "pcbutts1" wrote:
    >
    >> You have at least 3 viruses. Have hijackthis fix the following lines, get
    >> antivirus www.avast.com software and run a full and complete scan. Your
    >> current antivirus is not working and has been disabled probably by the
    >> virus.
    >>
    >>
    >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    >> http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    >> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    >> http://www.mail.yahoo.com/
    >> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    >> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    >> O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank
    >> (file
    >> missing)
    >> O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank
    >> (file
    >> missing)
    >> O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
    >> O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
    >> Files\MoodLogic\Service\Updater.exe
    >> O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
    >> Jukebox\PhilipsRemote.exe
    >> O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
    >> 2000\Pop3trap.exe"
    >> O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin
    >> 2000\WebTrapNT.exe"
    >> O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
    >> O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    >> O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    >> O4 - HKLM\..\Run: [EarthLink Installer] " /C
    >> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    >> O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    >> O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
    >> O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    >> O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
    >> PestPatrol\PPActiveDetection.exe"
    >> O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
    >> Nik'ole\Application Data\woet.exe
    >> O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
    >> O4 - Global Startup: Microsoft Office.lnk.disabled
    >> O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
    >> http://entimg.msn.com/client/msnmusax2729.cab
    >> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
    >> 4.5) -
    >> http://chat.msn.com/bin/msnchat45.cab
    >> O23 - Service: Prime95 Service - Unknown owner - C:\Program
    >> Files\Prime95\prime95.exe (file missing)
    >>
    >>
    >>
    >> --
    >>
    >>
    >> The best live web video on the internet http://www.seedsv.com/webdemo.htm
    >> NEW Embedded system W/Linux. We now sell DVR cards.
    >> See it all at http://www.seedsv.com/products.htm
    >> Sharpvision simply the best http://www.seedsv.com
    >>
    >>
    >>
    >> "bocher" <bocher@discussions.microsoft.com> wrote in message
    >> news:E8E9E181-20E9-4C9C-92DD-BEB86543C5BF@microsoft.com...
    >> >
    >> >
    >> can you single out the three lines for me thanks.
    >>
    >>
  15. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    "pcbutts1" <pcbutts1@seedsv.com> wrote in message
    news:kIoRe.255$XY7.59@newssvr11.news.prodigy.com...
    > What? My reply was to bocher who posted his log not you.

    $$ How can I learn anything if I don't ask questions. I'm learning to read
    the HiJackThis log for my own use. I find it very helpful.

    Are you the same
    > person.? Do not follow my advice or any advice unless I directly reply to
    > your post.

    $$ I'm curious as to what you saw as viruses on his log.

    FS~
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > "~ FreeSpirit ~" <spammenot@nospam.net> wrote in message
    > news:%23888iomrFHA.1028@TK2MSFTNGP12.phx.gbl...
    >>
    >> "pcbutts1" <pcbutts1@seedsv.com> wrote in message
    >> news:0fnRe.12$ua1.2@newssvr21.news.prodigy.com...
    >>> You have at least 3 viruses.
    >>
    >> ## Which are the viruses?
    >>
    >> Have hijackthis fix the following lines,
    >>
    >> ## Which following lines? You didn't point out any that I can see and
    >> I'm trying to learn. :-))
    >>
    >> get
    >>> antivirus www.avast.com software and run a full and complete scan. Your
    >>> current antivirus is not working and has been disabled probably by the
    >>> virus.
    >>
    >> ## Can we disable Norton to run this AV software on a Norton protected
    >> machine, or do we have to UNINSTALL Norton (including keys it leaves in
    >> the registry?)
    >>
    >> FS~
    >>>
    >>>
    >>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    >>> http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    >>> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    >>> http://www.mail.yahoo.com/
    >>> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    >>> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    >>> O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank
    >>> (file
    >>> missing)
    >>> O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank
    >>> (file
    >>> missing)
    >>> O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
    >>> O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program
    >>> Files\MoodLogic\Service\Updater.exe
    >>> O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH
    >>> Jukebox\PhilipsRemote.exe
    >>> O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin
    >>> 2000\Pop3trap.exe"
    >>> O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend
    >>> Micro\PC-cillin
    >>> 2000\WebTrapNT.exe"
    >>> O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
    >>> O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    >>> O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    >>> O4 - HKLM\..\Run: [EarthLink Installer] " /C
    >>> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    >>> O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    >>> O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
    >>> O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe
    >>> O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
    >>> PestPatrol\PPActiveDetection.exe"
    >>> O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha
    >>> Nik'ole\Application Data\woet.exe
    >>> O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe
    >>> O4 - Global Startup: Microsoft Office.lnk.disabled
    >>> O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
    >>> http://entimg.msn.com/client/msnmusax2729.cab
    >>> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
    >>> 4.5) -
    >>> http://chat.msn.com/bin/msnchat45.cab
    >>> O23 - Service: Prime95 Service - Unknown owner - C:\Program
    >>> Files\Prime95\prime95.exe (file missing)
    >>>
    >>
    >
    >
  16. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    ~ FreeSpirit ~ wrote:
    > "pcbutts1" <pcbutts1@seedsv.com> wrote in message
    > news:kIoRe.255$XY7.59@newssvr11.news.prodigy.com...
    >> What? My reply was to bocher who posted his log not you.
    >
    > $$ How can I learn anything if I don't ask questions. I'm
    > learning to read the HiJackThis log for my own use. I find
    > it very helpful.
    > Are you the same
    >> person.? Do not follow my advice or any advice unless I
    >> directly reply to your post.
    >
    > $$ I'm curious as to what you saw as viruses on his log.
    >
    > FS~

    <snipped>

    Here are a couple of HijackThis tutorials that you might find
    helpful:

    HijackThis Log Tutorial
    http://aumha.org/a/hjttutor.htm

    http://www.merijn.org/htlogtutorial.html

    There are a number of web sites where HijackThis logs should be
    posted. Here are some of the more popular ones:

    CastleCops HijackThis Forum
    http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

    Aumha Forums - HijackThis Logs
    http://forum.aumha.org/

    HijackThis Logs and Analysis
    http://www.bleepingcomputer.com/forums/HijackThis_Logs_and_Analysis-f22.html

    HijackThis Logs and Spyware/Malware Removal
    http://forums.tomcoyote.org/index.php?showforum=27

    Spyware Warrior HijackThis Logs
    http://spywarewarrior.com/viewforum.php?f=5

    These forums are staffed by volunteers who have demonstrated
    their ability to interpret these logs and provide safe and
    helpful assistance. Also, the forums are moderated, adding a
    degree of assurance that the advice given is valid. Posting an
    HJT log to a newsgroup, such as this one, is an open invitation
    to make an already bad situation worse.

    One of the best ways to familiarize yourself with how these
    logs are interpreted is to go to one of the forums and take a
    look at how the expert handles a log. Do a Google search for
    the items that the expert recommends be removed. After doing
    this for a few logs, start with a fresh log and see if you can
    separate the good from the bad and then match your results up
    with what the expert found.

    For obvious reasons, the latest version, 1.99.1, should be
    downloaded from one of the officially sanctioned download sites
    listed on the developer's web site:

    http://www.merijn.org/downloads.html

    Good luck

    Nepatsfan
  17. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Oh ok, well the easiest way to learn would be to Google it. When you see
    something in the log that you are not familiar with Google the file name
    which is usually the last part of the line but not always. For example: O4 -
    HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe. Teekids.exe is added to the
    system as a result of the Lovesan worm so you know that needs to be fixed.
    You also have O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe and O4 -
    HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe those are all reg keys that
    automatically run when the system is booted. The first few lines of the log
    are browser hijacks, the string shows links to known spam websites and
    default search engines. You see that after the word search=. For example in
    this line R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch redirects the
    search to MSN but the next line shows the default search engine is Yahoo
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com.HJT will fix those and reset them to the IE default. A lot of time you seein the log lines that say file missing those should also be fixed. HJT makesa backup of everything it fixes so if there are mistakes they can be undone.When you do enough of them, like me, You will see patterns that the spywareand viruses do to the logs and how they effect the system. It takes time butyou will see what I am talking about.--The best live web video on the internet http://www.seedsv.com/webdemo.htmNEW Embedded system W/Linux. We now sell DVR cards.See it all at http://www.seedsv.com/products.htmSharpvision simply the best http://www.seedsv.com"~ FreeSpirit ~" <spammenot@nospam.net> wrote in messagenews:ePVKCdyrFHA.3080@TK2MSFTNGP15.phx.gbl...>> "pcbutts1" <pcbutts1@seedsv.com> wrote in messagenews:kIoRe.255$XY7.59@newssvr11.news.prodigy.com...>> What? My reply was to bocher who posted his log not you.>> $$ How can I learn anything if I don't ask questions. I'm learning toread the HiJackThis log for my own use. I find it very helpful.>> Are you the same>> person.? Do not follow my advice or any advice unless I directly reply toyour post.>> $$ I'm curious as to what you saw as viruses on his log.>> FS~>>>> -->>>>>> The best live web video on the internet http://www.seedsv.com/webdemo.htm>> NEW Embedded system W/Linux. We now sell DVR cards.>> See it all at http://www.seedsv.com/products.htm>> Sharpvision simply the best http://www.seedsv.com>>>>>>>> "~ FreeSpirit ~" <spammenot@nospam.net> wrote in messagenews:%23888iomrFHA.1028@TK2MSFTNGP12.phx.gbl...>>>>>> "pcbutts1" <pcbutts1@seedsv.com> wrote in messagenews:0fnRe.12$ua1.2@newssvr21.news.prodigy.com...>>>> You have at least 3 viruses.>>>>>> ## Which are the viruses?>>>>>> Have hijackthis fix the following lines,>>>>>> ## Which following lines? You didn't point out any that I can see andI'm trying to learn. :-))>>>>>> get>>>> antivirus www.avast.com software and run a full and complete scan. Yourcurrent antivirus is not working and has been disabled probably by thevirus.>>>>>> ## Can we disable Norton to run this AV software on a Norton protectedmachine, or do we have to UNINSTALL Norton (including keys it leaves in theregistry?)>>>>>> FS~>>>>>>>>>>>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =>>>> http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch>>>> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =>>>> http://www.mail.yahoo.com/>>>> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =>>>>http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com>>>> O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - blank(file>>>> missing)>>>> O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - blank(file>>>> missing)>>>> O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe>>>> O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program>>>> Files\MoodLogic\Service\Updater.exe>>>> O4 - HKLM\..\Run: [PhilipsRemote] C:\ProgramFiles\MUSICMATCH\MUSICMATCH>>>> Jukebox\PhilipsRemote.exe>>>> O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\TrendMicro\PC-cillin>>>> 2000\Pop3trap.exe">>>> O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\TrendMicro\PC-cillin>>>> 2000\WebTrapNT.exe">>>> O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe>>>> O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe>>>> O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup>>>> O4 - HKLM\..\Run: [EarthLink Installer] " /C>>>> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k>>>> O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe>>>> O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe>>>> O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] Wntsf.exe>>>> O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust>>>> PestPatrol\PPActiveDetection.exe">>>> O4 - HKCU\..\Run: [Cmcn] C:\Documents and Settings\Marsha>>>> Nik'ole\Application Data\woet.exe>>>> O4 - HKCU\..\Run: [Xdkw] C:\WINDOWS\System32\??oolsv.exe>>>> O4 - Global Startup: Microsoft Office.lnk.disabled>>>> O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) ->>>> http://entimg.msn.com/client/msnmusax2729.cab>>>> O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control4.5) ->>>> http://chat.msn.com/bin/msnchat45.cab>>>> O23 - Service: Prime95 Service - Unknown owner - C:\Program>>>> Files\Prime95\prime95.exe (file missing)>>>>>>>>>>>>
  18. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Oh ok, well the easiest way to learn would be to Google it. When you see
    something in the log that you are not familiar with Google the file name
    which is usually the last part of the line but not always. For example: O4 -
    HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe. Teekids.exe is added to the
    system as a result of the Lovesan worm so you know that needs to be fixed.
    You also have O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe and O4 -
    HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe those are all reg keys that
    automatically run when the system is booted. The first few lines of the log
    are browser hijacks, the string shows links to known spam websites and
    default search engines. You see that after the word search=. For example in
    this line R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch redirects the
    search to MSN but the next line shows the default search engine is Yahoo
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com.HJTwill fix those and reset them to the IE default. A lot of time you seein thelog lines that say file missing those should also be fixed. HJT makes abackup of everything it fixes so if there are mistakes they can beundone.When you do enough of them, like me, You will see patterns that thespywareand viruses do to the logs and how they effect the system. It takestime but you will see what I am talking about.--The best live web video on the internet http://www.seedsv.com/webdemo.htmNEW Embedded system W/Linux. We now sell DVR cards.See it all at http://www.seedsv.com/products.htmSharpvision simply the best http://www.seedsv.com"~ FreeSpirit ~" <spammenot@nospam.net> wrote in messagenews:ePVKCdyrFHA.3080@TK2MSFTNGP15.phx.gbl...>> "pcbutts1" <pcbutts1@seedsv.com> wrote in messagenews:kIoRe.255$XY7.59@newssvr11.news.prodigy.com...>> What? My reply was to bocher who posted his log not you.>> $$ How can I learn anything if I don't ask questions. I'm learning toread the HiJackThis log for my own use. I find it very helpful.>
  19. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    "~ FreeSpirit ~" <spammenot@nospam.net> wrote:

    >
    >"pcbutts1" <pcbutts1@seedsv.com> wrote in message
    >news:kIoRe.255$XY7.59@newssvr11.news.prodigy.com...
    >> What? My reply was to bocher who posted his log not you.
    >
    >$$ How can I learn anything if I don't ask questions. I'm learning to read
    >the HiJackThis log for my own use. I find it very helpful.
    >
    HiJackThis tutorial:
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=42


    also http://www.aumha.org/a/hjttutor.htm

    Good luck

    Ron Martell Duncan B.C. Canada
    --
    Microsoft MVP
    On-Line Help Computer Service
    http://onlinehelp.bc.ca

    In memory of a dear friend Alex Nichol MVP
    http://aumha.org/alex.htm
  20. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Oh ok, well the easiest way to learn would be to Google it. When you see
    something in the log that you are not familiar with Google the file name
    which is usually the last part of the line but not always. For example: O4 -
    HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe. Teekids.exe is added to the
    system as a result of the Lovesan worm so you know that needs to be fixed.
    You also have O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe and O4 -
    HKLM\..\Run: [NTSF MICROSOFT SYSTEM] Wntsf.exe those are all reg keys that
    automatically run when the system is booted. The first few lines of the log
    are browser hijacks, the string shows links to known spam websites and
    default search engines. You see that after the word search=. For example in
    this line R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch redirects the
    search to MSN but the next line shows the default search engine is Yahoo
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=
    http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com.
    HJT will fix those and reset them to the IE default. A lot of time you
    seeing
    the log lines that say file missing those should also be fixed. HJT makes a
    backup of everything it fixes so if there are mistakes they can be undone.
    When you do enough of them, like me, You will see patterns that the spyware
    and viruses do to the logs and how they effect the system. It takes time but
    you will see what I am talking about.

    --
Ask a new question

Read More

Computers Spyware Windows XP