Sign in with
Sign up | Sign in
Your question

Deleting Temp folder

Tags:
  • Windows XP
Last response: in Windows XP
Share
September 14, 2005 1:09:20 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Hi, please can some one offer some advice?
2 days ago I opened a downloaded quick time movie but it didnt play so when
i clicked the play icon i had lots of pop ups which directed me to a website
which said
THIS WEBSPACE HAS BEEN SUSPENDED DUE TO NON PAYMENT!.
It gave the name of the www. to get the site online. "control dot
streameline dot net" and because I had a web page open at that time now each
time i go to that web page it says the same thing. I know there is nothing
wrong with the real website as I have another pc and it is ok on there. Also
the websites address doesnt change as if it is redirected.
So i have done virus scans, and adaware scans, (I also had my firewall on
and pop up blocker on too) but nothing found anything except for one online
scan which said I had an unknown Trojan in
"C:\Documents and Settings\chrissy\local settings\temp\autorun.exe"
"C:\Documents and Settings\chrissy\local settings\temp\autorungui.dll"
But the online scan wont remove it. So I remembered that on my other pc
Windows ME i could delete the temp contents without causing problems.
However now this laptop is XP and the Temp folder is quite different. In it
i have seen lots of other folders and things that look like they are not
meant to be deleted.
Can I safely delete the Temp folder in XP? I did a search for the files
that the online scan found and my search on my laptop couldnt find it at
all.
Is it possible for me to edit the registry to detach the trojan from this
web site? Can some one tell me how to do that please? I really need access
to the website on this laptop.
Please can any one offer me any help?
Thanks so much in advance.
Chris

More about : deleting temp folder

Anonymous
September 14, 2005 1:09:21 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Temp files are all safe to delete, they are temp. files, after all, designed
for quick access. You will have to re-enter passwords, etc for sites that
you normally have passwords, etc, saved because the following procedure
removes them.
You can delete temp files in a couple of different ways,
This is for I.E.
Start>control panel>internet options>general tab> delete files, delete
cookies.
Also, click My Computer> right click local C: (assuming C is your local
drive) click properties>disk cleanup.

>Is it possible for me to edit the registry to detach the trojan from this
> web site?

No, you cannot edit the registry of the web site that you are trying to
enter.
You can, however, get a program designed to hunt and destroy Trojans from
your registry.
The Major Geeks have some that you can purchase, and they have freeware
versions.

"Katie" <anonymous@discussions.microsoft.com> wrote in message
news:u0$qI8JuFHA.1136@TK2MSFTNGP12.phx.gbl...
> Hi, please can some one offer some advice?
> 2 days ago I opened a downloaded quick time movie but it didnt play so
> when i clicked the play icon i had lots of pop ups which directed me to a
> website which said
> THIS WEBSPACE HAS BEEN SUSPENDED DUE TO NON PAYMENT!.
> It gave the name of the www. to get the site online. "control dot
> streameline dot net" and because I had a web page open at that time now
> each time i go to that web page it says the same thing. I know there is
> nothing
> wrong with the real website as I have another pc and it is ok on there.
> Also the websites address doesnt change as if it is redirected.
> So i have done virus scans, and adaware scans, (I also had my firewall on
> and pop up blocker on too) but nothing found anything except for one
> online scan which said I had an unknown Trojan in
> "C:\Documents and Settings\chrissy\local settings\temp\autorun.exe"
> "C:\Documents and Settings\chrissy\local settings\temp\autorungui.dll"
> But the online scan wont remove it. So I remembered that on my other pc
> Windows ME i could delete the temp contents without causing problems.
> However now this laptop is XP and the Temp folder is quite different. In
> it i have seen lots of other folders and things that look like they are
> not meant to be deleted.
> Can I safely delete the Temp folder in XP? I did a search for the files
> that the online scan found and my search on my laptop couldnt find it at
> all.
> Is it possible for me to edit the registry to detach the trojan from this
> web site? Can some one tell me how to do that please? I really need
> access to the website on this laptop.
> Please can any one offer me any help?
> Thanks so much in advance.
> Chris
>
>
>
Anonymous
September 14, 2005 1:09:21 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

You can try Bazooka which will give you detailed instructions on how to
remove the trojan.
http://www.kephyr.com/spywarescanner/library/


"Katie" <anonymous@discussions.microsoft.com> wrote in message
news:u0$qI8JuFHA.1136@TK2MSFTNGP12.phx.gbl...
> Hi, please can some one offer some advice?
> 2 days ago I opened a downloaded quick time movie but it didnt play so
> when i clicked the play icon i had lots of pop ups which directed me to a
> website which said
> THIS WEBSPACE HAS BEEN SUSPENDED DUE TO NON PAYMENT!.
> It gave the name of the www. to get the site online. "control dot
> streameline dot net" and because I had a web page open at that time now
> each time i go to that web page it says the same thing. I know there is
> nothing
> wrong with the real website as I have another pc and it is ok on there.
> Also the websites address doesnt change as if it is redirected.
> So i have done virus scans, and adaware scans, (I also had my firewall on
> and pop up blocker on too) but nothing found anything except for one
> online scan which said I had an unknown Trojan in
> "C:\Documents and Settings\chrissy\local settings\temp\autorun.exe"
> "C:\Documents and Settings\chrissy\local settings\temp\autorungui.dll"
> But the online scan wont remove it. So I remembered that on my other pc
> Windows ME i could delete the temp contents without causing problems.
> However now this laptop is XP and the Temp folder is quite different. In
> it i have seen lots of other folders and things that look like they are
> not meant to be deleted.
> Can I safely delete the Temp folder in XP? I did a search for the files
> that the online scan found and my search on my laptop couldnt find it at
> all.
> Is it possible for me to edit the registry to detach the trojan from this
> web site? Can some one tell me how to do that please? I really need
> access to the website on this laptop.
> Please can any one offer me any help?
> Thanks so much in advance.
> Chris
>
>
>
Related resources
Anonymous
September 14, 2005 8:21:49 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Does anybody know how to fix this issue.

THIS WEBSPACE HAS BEEN SUSPENDED DUE TO NON PAYMENT

I've started getting the same problem recently when visiting certain
sites.
I've used all the ad/spy ware cleaners mentioned above but none of them
have corrected the problem. I have my Firewall active and I use Norton
AntiVirus 2005 so not sure how I got this problem.

Cheers,

Anthony
Anonymous
September 14, 2005 12:18:44 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

If you read all the posts you'll see its got nothing to do with a web
site owner paying the bill. If it was that simple I would not be asking
for help.
It's various web sites, one example is www.theaa.com, but it has
nothing to do with them not paying the bill as the site works fine from
other computers. For some reason certain web sites seem to be
redirected to this page saying the web site has been suspended. I've
seen others report the same issue on some other posts but no solution
found yet.
Anonymous
September 14, 2005 7:06:45 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

What website? Tell the owner to pay his bill.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



<anthonyyates@btinternet.com> wrote in message
news:1126696909.230065.77350@g14g2000cwa.googlegroups.com...
> Does anybody know how to fix this issue.
>
> THIS WEBSPACE HAS BEEN SUSPENDED DUE TO NON PAYMENT
>
> I've started getting the same problem recently when visiting certain
> sites.
> I've used all the ad/spy ware cleaners mentioned above but none of them
> have corrected the problem. I have my Firewall active and I use Norton
> AntiVirus 2005 so not sure how I got this problem.
>
> Cheers,
>
> Anthony
>
September 14, 2005 9:54:58 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I have done a thorough spyware test and so many different virus checks, I
have done reg cleaning but still I have this problem. Nothing can detect
what this thing is and more to the point how to make it go away.
So far this has only affected one website and now I have been able to get
around that issue by going to a different part of the website (a sub page)
and accessing it through that.
Good luck for you and I hope some kind person will be able to help solve
this problem.

<anthonyyates@btinternet.com> wrote in message
news:1126711124.878616.168320@f14g2000cwb.googlegroups.com...
> If you read all the posts you'll see its got nothing to do with a web
> site owner paying the bill. If it was that simple I would not be asking
> for help.
> It's various web sites, one example is www.theaa.com, but it has
> nothing to do with them not paying the bill as the site works fine from
> other computers. For some reason certain web sites seem to be
> redirected to this page saying the web site has been suspended. I've
> seen others report the same issue on some other posts but no solution
> found yet.
>
Anonymous
September 14, 2005 9:54:59 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Use these 2 programs and post your HJT log please.

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe


If none of the above fixes the issue then download Hijack this, run it, save
a copy of the log file and cut and paste it back here to this group so that
I can analyze it. Ignore anyone especially the troll Leythos, who will tag
along a nonsense post to this message, who tells you to post it elsewhere. I
need to see it not them.


HijackThis
http://www.pcbutts1.com/downloads/HijackThis.zip



--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Katie" <anonymous@discussions.microsoft.com> wrote in message
news:ee2kL0UuFHA.3424@tk2msftngp13.phx.gbl...
>I have done a thorough spyware test and so many different virus checks, I
>have done reg cleaning but still I have this problem. Nothing can detect
>what this thing is and more to the point how to make it go away.
> So far this has only affected one website and now I have been able to get
> around that issue by going to a different part of the website (a sub page)
> and accessing it through that.
> Good luck for you and I hope some kind person will be able to help solve
> this problem.
>
> <anthonyyates@btinternet.com> wrote in message
> news:1126711124.878616.168320@f14g2000cwb.googlegroups.com...
>> If you read all the posts you'll see its got nothing to do with a web
>> site owner paying the bill. If it was that simple I would not be asking
>> for help.
>> It's various web sites, one example is www.theaa.com, but it has
>> nothing to do with them not paying the bill as the site works fine from
>> other computers. For some reason certain web sites seem to be
>> redirected to this page saying the web site has been suspended. I've
>> seen others report the same issue on some other posts but no solution
>> found yet.
>>
>
>
September 14, 2005 11:13:49 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I tried both these programs last night, I also tried so many different
programs for spyware and viruses that i had added about 7 new programs onto
my laptop. I didnt want all these extra programs at once and as I didnt know
which was the best to keep I went back to my original Adaware and Mcafee the
Google tool bar which stops popups.. Up until now (for the past 5 years) I
have been able to stop most of the annoying problems (such as this current
one) from my laptop, but this one beats me.
Sorry I didnt keep the log files and it didnt cure my problem. But maybe I
will try again and with your help we can get shot of this problem.
I really am grateful to you for taking the trouble to try and help.
Thanks
Chris
"pcbutts1" <pcbutts1@seedsv.com> wrote in message
news:0gZVe.830$5n4.154@newssvr29.news.prodigy.net...
> Use these 2 programs and post your HJT log please.
>
> Ewido Security Suite Trial version
> http://www.pcbutts1.com/downloads/ewidosetup.exe
>
>
> If none of the above fixes the issue then download Hijack this, run it,
> save a copy of the log file and cut and paste it back here to this group
> so that I can analyze it. Ignore anyone especially the troll Leythos, who
> will tag along a nonsense post to this message, who tells you to post it
> elsewhere. I need to see it not them.
>
>
> HijackThis
> http://www.pcbutts1.com/downloads/HijackThis.zip
>
>
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "Katie" <anonymous@discussions.microsoft.com> wrote in message
> news:ee2kL0UuFHA.3424@tk2msftngp13.phx.gbl...
>>I have done a thorough spyware test and so many different virus checks, I
>>have done reg cleaning but still I have this problem. Nothing can detect
>>what this thing is and more to the point how to make it go away.
>> So far this has only affected one website and now I have been able to get
>> around that issue by going to a different part of the website (a sub
>> page) and accessing it through that.
>> Good luck for you and I hope some kind person will be able to help solve
>> this problem.
>>
>> <anthonyyates@btinternet.com> wrote in message
>> news:1126711124.878616.168320@f14g2000cwb.googlegroups.com...
>>> If you read all the posts you'll see its got nothing to do with a web
>>> site owner paying the bill. If it was that simple I would not be asking
>>> for help.
>>> It's various web sites, one example is www.theaa.com, but it has
>>> nothing to do with them not paying the bill as the site works fine from
>>> other computers. For some reason certain web sites seem to be
>>> redirected to this page saying the web site has been suspended. I've
>>> seen others report the same issue on some other posts but no solution
>>> found yet.
>>>
>>
>>
>
>
September 14, 2005 11:31:12 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

How safe is it to copy and paste my hijack file here?
Will the info that I show here in any way compromise my security more?
Thanks
Chris

"Katie" <anonymous@discussions.microsoft.com> wrote in message
news:eMvbPgVuFHA.1028@TK2MSFTNGP12.phx.gbl...
>I tried both these programs last night, I also tried so many different
>programs for spyware and viruses that i had added about 7 new programs
>onto my laptop. I didnt want all these extra programs at once and as I
>didnt know which was the best to keep I went back to my original Adaware
>and Mcafee the Google tool bar which stops popups.. Up until now (for the
>past 5 years) I have been able to stop most of the annoying problems (such
>as this current one) from my laptop, but this one beats me.
> Sorry I didnt keep the log files and it didnt cure my problem. But maybe I
> will try again and with your help we can get shot of this problem.
> I really am grateful to you for taking the trouble to try and help.
> Thanks
> Chris
> "pcbutts1" <pcbutts1@seedsv.com> wrote in message
> news:0gZVe.830$5n4.154@newssvr29.news.prodigy.net...
>> Use these 2 programs and post your HJT log please.
>>
>> Ewido Security Suite Trial version
>> http://www.pcbutts1.com/downloads/ewidosetup.exe
>>
>>
>> If none of the above fixes the issue then download Hijack this, run it,
>> save a copy of the log file and cut and paste it back here to this group
>> so that I can analyze it. Ignore anyone especially the troll Leythos, who
>> will tag along a nonsense post to this message, who tells you to post it
>> elsewhere. I need to see it not them.
>>
>>
>> HijackThis
>> http://www.pcbutts1.com/downloads/HijackThis.zip
>>
>>
>>
>> --
>>
>>
>> The best live web video on the internet http://www.seedsv.com/webdemo.htm
>> NEW Embedded system W/Linux. We now sell DVR cards.
>> See it all at http://www.seedsv.com/products.htm
>> Sharpvision simply the best http://www.seedsv.com
>>
>>
>>
>> "Katie" <anonymous@discussions.microsoft.com> wrote in message
>> news:ee2kL0UuFHA.3424@tk2msftngp13.phx.gbl...
>>>I have done a thorough spyware test and so many different virus checks, I
>>>have done reg cleaning but still I have this problem. Nothing can detect
>>>what this thing is and more to the point how to make it go away.
>>> So far this has only affected one website and now I have been able to
>>> get around that issue by going to a different part of the website (a sub
>>> page) and accessing it through that.
>>> Good luck for you and I hope some kind person will be able to help solve
>>> this problem.
>>>
>>> <anthonyyates@btinternet.com> wrote in message
>>> news:1126711124.878616.168320@f14g2000cwb.googlegroups.com...
>>>> If you read all the posts you'll see its got nothing to do with a web
>>>> site owner paying the bill. If it was that simple I would not be asking
>>>> for help.
>>>> It's various web sites, one example is www.theaa.com, but it has
>>>> nothing to do with them not paying the bill as the site works fine from
>>>> other computers. For some reason certain web sites seem to be
>>>> redirected to this page saying the web site has been suspended. I've
>>>> seen others report the same issue on some other posts but no solution
>>>> found yet.
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
September 14, 2005 11:31:13 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

No it will not. It is safe.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Katie" <anonymous@discussions.microsoft.com> wrote in message
news:eZUJ9pVuFHA.4080@TK2MSFTNGP12.phx.gbl...
> How safe is it to copy and paste my hijack file here?
> Will the info that I show here in any way compromise my security more?
> Thanks
> Chris
>
> "Katie" <anonymous@discussions.microsoft.com> wrote in message
> news:eMvbPgVuFHA.1028@TK2MSFTNGP12.phx.gbl...
>>I tried both these programs last night, I also tried so many different
>>programs for spyware and viruses that i had added about 7 new programs
>>onto my laptop. I didnt want all these extra programs at once and as I
>>didnt know which was the best to keep I went back to my original Adaware
>>and Mcafee the Google tool bar which stops popups.. Up until now (for the
>>past 5 years) I have been able to stop most of the annoying problems (such
>>as this current one) from my laptop, but this one beats me.
>> Sorry I didnt keep the log files and it didnt cure my problem. But maybe
>> I will try again and with your help we can get shot of this problem.
>> I really am grateful to you for taking the trouble to try and help.
>> Thanks
>> Chris
>> "pcbutts1" <pcbutts1@seedsv.com> wrote in message
>> news:0gZVe.830$5n4.154@newssvr29.news.prodigy.net...
>>> Use these 2 programs and post your HJT log please.
>>>
>>> Ewido Security Suite Trial version
>>> http://www.pcbutts1.com/downloads/ewidosetup.exe
>>>
>>>
>>> If none of the above fixes the issue then download Hijack this, run it,
>>> save a copy of the log file and cut and paste it back here to this group
>>> so that I can analyze it. Ignore anyone especially the troll Leythos,
>>> who will tag along a nonsense post to this message, who tells you to
>>> post it elsewhere. I need to see it not them.
>>>
>>>
>>> HijackThis
>>> http://www.pcbutts1.com/downloads/HijackThis.zip
>>>
>>>
>>>
>>> --
>>>
>>>
>>> The best live web video on the internet
>>> http://www.seedsv.com/webdemo.htm
>>> NEW Embedded system W/Linux. We now sell DVR cards.
>>> See it all at http://www.seedsv.com/products.htm
>>> Sharpvision simply the best http://www.seedsv.com
>>>
>>>
>>>
>>> "Katie" <anonymous@discussions.microsoft.com> wrote in message
>>> news:ee2kL0UuFHA.3424@tk2msftngp13.phx.gbl...
>>>>I have done a thorough spyware test and so many different virus checks,
>>>>I have done reg cleaning but still I have this problem. Nothing can
>>>>detect what this thing is and more to the point how to make it go away.
>>>> So far this has only affected one website and now I have been able to
>>>> get around that issue by going to a different part of the website (a
>>>> sub page) and accessing it through that.
>>>> Good luck for you and I hope some kind person will be able to help
>>>> solve this problem.
>>>>
>>>> <anthonyyates@btinternet.com> wrote in message
>>>> news:1126711124.878616.168320@f14g2000cwb.googlegroups.com...
>>>>> If you read all the posts you'll see its got nothing to do with a web
>>>>> site owner paying the bill. If it was that simple I would not be
>>>>> asking
>>>>> for help.
>>>>> It's various web sites, one example is www.theaa.com, but it has
>>>>> nothing to do with them not paying the bill as the site works fine
>>>>> from
>>>>> other computers. For some reason certain web sites seem to be
>>>>> redirected to this page saying the web site has been suspended. I've
>>>>> seen others report the same issue on some other posts but no solution
>>>>> found yet.
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
September 15, 2005 4:07:42 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Logfile of HijackThis v1.99.1
Scan saved at 19:19:02, on 14/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\FTPExpert\FTPXpert.exe
C:\Program Files\Microsoft Office\Office\FRONTPG.EXE
C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe
C:\DOCUME~1\chrissy\LOCALS~1\Temp\Temporary Directory 1 for
HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
/checktask
O4 - HKLM\..\Run: [VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus!
3\MsgPlus.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O9 - Extra button: Messenger Addon -
{FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file
missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon -
{FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file
missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX
Control) - http://thesims.ea.com/teleport/hotdate/MaxisHotDateTele...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan
Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.mcafee.com/molbin/shared/mcinsctl/en-gb...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld....
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -
http://www.my-etrust.com/Support/PestScanner/pestscan.c...
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX
Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstar...
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image
Viewer) - http://64.119.5.59/home/SonySncRz30View.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004033001/housecall...
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX
Control) - http://thesims.ea.com/teleport/families/MaxisSimsFamily...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/vso/en-us/too...
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee,
Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -
Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: SmartLinkService (SLService) - -
C:\WINDOWS\SYSTEM32\slserv.exe

There is one thing that noticed in MSCONFIG / startup There is a blank
space added but the location is
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
I know this is a new entry as I often check my start up list. Could this be
something?
Thanks
Chris




"pcbutts1" <pcbutts1@seedsv.com> wrote in message
news:Is_Ve.2007$Op3.1573@newssvr25.news.prodigy.net...
> No it will not. It is safe.
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "Katie" <anonymous@discussions.microsoft.com> wrote in message
> news:eZUJ9pVuFHA.4080@TK2MSFTNGP12.phx.gbl...
>> How safe is it to copy and paste my hijack file here?
>> Will the info that I show here in any way compromise my security more?
>> Thanks
>> Chris
>>
>> "Katie" <anonymous@discussions.microsoft.com> wrote in message
>> news:eMvbPgVuFHA.1028@TK2MSFTNGP12.phx.gbl...
>>>I tried both these programs last night, I also tried so many different
>>>programs for spyware and viruses that i had added about 7 new programs
>>>onto my laptop. I didnt want all these extra programs at once and as I
>>>didnt know which was the best to keep I went back to my original Adaware
>>>and Mcafee the Google tool bar which stops popups.. Up until now (for the
>>>past 5 years) I have been able to stop most of the annoying problems
>>>(such as this current one) from my laptop, but this one beats me.
>>> Sorry I didnt keep the log files and it didnt cure my problem. But maybe
>>> I will try again and with your help we can get shot of this problem.
>>> I really am grateful to you for taking the trouble to try and help.
>>> Thanks
>>> Chris
>>> "pcbutts1" <pcbutts1@seedsv.com> wrote in message
>>> news:0gZVe.830$5n4.154@newssvr29.news.prodigy.net...
>>>> Use these 2 programs and post your HJT log please.
>>>>
>>>> Ewido Security Suite Trial version
>>>> http://www.pcbutts1.com/downloads/ewidosetup.exe
>>>>
>>>>
>>>> If none of the above fixes the issue then download Hijack this, run it,
>>>> save a copy of the log file and cut and paste it back here to this
>>>> group so that I can analyze it. Ignore anyone especially the troll
>>>> Leythos, who will tag along a nonsense post to this message, who tells
>>>> you to post it elsewhere. I need to see it not them.
>>>>
>>>>
>>>> HijackThis
>>>> http://www.pcbutts1.com/downloads/HijackThis.zip
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>> The best live web video on the internet
>>>> http://www.seedsv.com/webdemo.htm
>>>> NEW Embedded system W/Linux. We now sell DVR cards.
>>>> See it all at http://www.seedsv.com/products.htm
>>>> Sharpvision simply the best http://www.seedsv.com
>>>>
>>>>
>>>>
>>>> "Katie" <anonymous@discussions.microsoft.com> wrote in message
>>>> news:ee2kL0UuFHA.3424@tk2msftngp13.phx.gbl...
>>>>>I have done a thorough spyware test and so many different virus checks,
>>>>>I have done reg cleaning but still I have this problem. Nothing can
>>>>>detect what this thing is and more to the point how to make it go away.
>>>>> So far this has only affected one website and now I have been able to
>>>>> get around that issue by going to a different part of the website (a
>>>>> sub page) and accessing it through that.
>>>>> Good luck for you and I hope some kind person will be able to help
>>>>> solve this problem.
>>>>>
>>>>> <anthonyyates@btinternet.com> wrote in message
>>>>> news:1126711124.878616.168320@f14g2000cwb.googlegroups.com...
>>>>>> If you read all the posts you'll see its got nothing to do with a web
>>>>>> site owner paying the bill. If it was that simple I would not be
>>>>>> asking
>>>>>> for help.
>>>>>> It's various web sites, one example is www.theaa.com, but it has
>>>>>> nothing to do with them not paying the bill as the site works fine
>>>>>> from
>>>>>> other computers. For some reason certain web sites seem to be
>>>>>> redirected to this page saying the web site has been suspended. I've
>>>>>> seen others report the same issue on some other posts but no solution
>>>>>> found yet.
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
September 15, 2005 5:28:53 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Have hijackthis fix the following line by placing a check next to each line
and clicking on fix checked at the bottom.

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX
Control) - http://thesims.ea.com/teleport/hotdate/MaxisHotDateTele...
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX
Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstar...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX
Control) - http://thesims.ea.com/teleport/families/MaxisSimsFamily...

When that's done then download this hosts file. It is a self extracting zip
file that will install itself automatically. All you have to do is double
click on it and choose extract. It will replace your hosts file with a clean
one.
http://www.pcbutts1.com/downloads/hosts.exe

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Katie" <anonymous@discussions.microsoft.com> wrote in message
news:uA$MeEYuFHA.4032@TK2MSFTNGP15.phx.gbl...
> Logfile of HijackThis v1.99.1
> Scan saved at 19:19:02, on 14/09/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
>
Anonymous
September 15, 2005 3:30:46 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

How about, as you insist on vandalising this group, you get your idiots to post with
X-No-Archive: Yes

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"pcbutts1" <pcbutts1@seedsv.com> wrote in message news:p 74We.966$3V6.37@newssvr11.news.prodigy.com...
> Have hijackthis fix the following line by placing a check next to each line
> and clicking on fix checked at the bottom.
>
> O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
> O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX
> Control) - http://thesims.ea.com/teleport/hotdate/MaxisHotDateTele...
> O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX
> Control) - http://thesims.ea.com/teleport/superstar/MaxisSuperstar...
> O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
> http://www.bitdefender.com/scan/Msie/bitdefender.cab
> O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX
> Control) - http://thesims.ea.com/teleport/families/MaxisSimsFamily...
>
> When that's done then download this hosts file. It is a self extracting zip
> file that will install itself automatically. All you have to do is double
> click on it and choose extract. It will replace your hosts file with a clean
> one.
> http://www.pcbutts1.com/downloads/hosts.exe
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "Katie" <anonymous@discussions.microsoft.com> wrote in message
> news:uA$MeEYuFHA.4032@TK2MSFTNGP15.phx.gbl...
>> Logfile of HijackThis v1.99.1
>> Scan saved at 19:19:02, on 14/09/2005
>> Platform: Windows XP SP2 (WinNT 5.01.2600)
>> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>>
>>
>
>
September 15, 2005 3:30:47 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

If you are calling me an idiot then I strongly protest against your
attitude! Maybe I shouldnt have posted my last post but all I wanted to do
was to find a solution. I thought news groups were a way to find solutions
to problems. This was a way to help people so I thought.
Vandalising for your information is intentionally distroying something in a
malicious way, This was not the case in this post! All that was trying to be
done was to help me and others!
What harm could this do??
I wont be posting anything like this again and now you should now that your
horrible comment about me being an idiot has upset me when all i wanted was
help!
Next time try and be more tactful and try and think about just who you call
names! I dont need this from you or any one!
"David Candy" <.> wrote in message
news:o er0bUZuFHA.1572@TK2MSFTNGP10.phx.gbl...
How about, as you insist on vandalising this group, you get your idiots to
post with
X-No-Archive: Yes

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"pcbutts1" <pcbutts1@seedsv.com> wrote in message
news:p 74We.966$3V6.37@newssvr11.news.prodigy.com...
> Have hijackthis fix the following line by placing a check next to each
> line
> and clicking on fix checked at the bottom.
>
> O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
> O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX
> Control) - http://thesims.ea.com/teleport/hotdate/MaxisHotDateTele...
> O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX
> Control) -
> http://thesims.ea.com/teleport/superstar/MaxisSuperstar...
> O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline
> Control) -
> http://www.bitdefender.com/scan/Msie/bitdefender.cab
> O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX
> Control) -
> http://thesims.ea.com/teleport/families/MaxisSimsFamily...
>
> When that's done then download this hosts file. It is a self extracting
> zip
> file that will install itself automatically. All you have to do is double
> click on it and choose extract. It will replace your hosts file with a
> clean
> one.
> http://www.pcbutts1.com/downloads/hosts.exe
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "Katie" <anonymous@discussions.microsoft.com> wrote in message
> news:uA$MeEYuFHA.4032@TK2MSFTNGP15.phx.gbl...
>> Logfile of HijackThis v1.99.1
>> Scan saved at 19:19:02, on 14/09/2005
>> Platform: Windows XP SP2 (WinNT 5.01.2600)
>> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>>
>>
>
>
Anonymous
September 15, 2005 10:45:11 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

The post was addressed to butthead. You long post of 99% perfectly normal entries will prevent us from searching and researching. So your post is vandalising the ability to search on issues.

For instance a AV companies context menu extension (doesn't matter which one) seems to be causing problems. I will search on people who have posted on that file then conduct a survey with them to find common themes. Your post (and one can no longer search the web as it's filled with hijack files) will prevent finding anything usefull as you post perfectly normal things.

Buttface knows this but is determined to destroy the group and you are assisting him/her/it.

But I replied to butthead not you as I recognise you are probably ignorant (and this is an ongoing dispute and has been for months).
--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Katie" <anonymous@discussions.microsoft.com> wrote in message news:%23kPBj4cuFHA.1572@TK2MSFTNGP10.phx.gbl...
> If you are calling me an idiot then I strongly protest against your
> attitude! Maybe I shouldnt have posted my last post but all I wanted to do
> was to find a solution. I thought news groups were a way to find solutions
> to problems. This was a way to help people so I thought.
> Vandalising for your information is intentionally distroying something in a
> malicious way, This was not the case in this post! All that was trying to be
> done was to help me and others!
> What harm could this do??
> I wont be posting anything like this again and now you should now that your
> horrible comment about me being an idiot has upset me when all i wanted was
> help!
> Next time try and be more tactful and try and think about just who you call
> names! I dont need this from you or any one!
> "David Candy" <.> wrote in message
> news:o er0bUZuFHA.1572@TK2MSFTNGP10.phx.gbl...
> How about, as you insist on vandalising this group, you get your idiots to
> post with
> X-No-Archive: Yes
>
> --
> --------------------------------------------------------------------------------------------------
> http://webdiary.smh.com.au/archives/_comment/001075.htm...
> =================================================
> "pcbutts1" <pcbutts1@seedsv.com> wrote in message
> news:p 74We.966$3V6.37@newssvr11.news.prodigy.com...
>> Have hijackthis fix the following line by placing a check next to each
>> line
>> and clicking on fix checked at the bottom.
>>
>> O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
>> O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX
>> Control) - http://thesims.ea.com/teleport/hotdate/MaxisHotDateTele...
>> O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX
>> Control) -
>> http://thesims.ea.com/teleport/superstar/MaxisSuperstar...
>> O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline
>> Control) -
>> http://www.bitdefender.com/scan/Msie/bitdefender.cab
>> O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX
>> Control) -
>> http://thesims.ea.com/teleport/families/MaxisSimsFamily...
>>
>> When that's done then download this hosts file. It is a self extracting
>> zip
>> file that will install itself automatically. All you have to do is double
>> click on it and choose extract. It will replace your hosts file with a
>> clean
>> one.
>> http://www.pcbutts1.com/downloads/hosts.exe
>>
>> --
>>
>>
>> The best live web video on the internet http://www.seedsv.com/webdemo.htm
>> NEW Embedded system W/Linux. We now sell DVR cards.
>> See it all at http://www.seedsv.com/products.htm
>> Sharpvision simply the best http://www.seedsv.com
>>
>>
>>
>> "Katie" <anonymous@discussions.microsoft.com> wrote in message
>> news:uA$MeEYuFHA.4032@TK2MSFTNGP15.phx.gbl...
>>> Logfile of HijackThis v1.99.1
>>> Scan saved at 19:19:02, on 14/09/2005
>>> Platform: Windows XP SP2 (WinNT 5.01.2600)
>>> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>>>
>>>
>>
>>
>
>
September 15, 2005 10:45:12 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I appreciate your help, however I have done everything that everyone has
suggested and still this one website will open saying ..
THIS WEBSPACE HAS BEEN SUSPENDED DUE TO NON PAYMENT
I have deleted my temp folder contents, done a system restore, cleaned my
registry, run spyware removal programs, run antivirus programs, and the
things that have been suggested to do in this news group, and not anything
can detect anything wrong, so why am I still having the same problem? I
guess I will reformat at some stage and then it should be ok, but I will do
this as a last resort and for this one little problem with one website I
think I will tolerate it, providing there is really nothing else horrible
lurking on my laptop.
Thanks again for all your help.
Anonymous
September 15, 2005 10:45:13 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Flush your DNS resolver cache. Click start>run>cmd press enter. In the
command windows type " ipconfig /flushdns " without the quotes then pres
enter.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"katie" <anonymous@discussions.microsoft.com> wrote in message
news:uVdAaQhuFHA.3100@TK2MSFTNGP12.phx.gbl...
>I appreciate your help, however I have done everything that everyone has
>suggested and still this one website will open saying ..
> THIS WEBSPACE HAS BEEN SUSPENDED DUE TO NON PAYMENT
> I have deleted my temp folder contents, done a system restore, cleaned my
> registry, run spyware removal programs, run antivirus programs, and the
> things that have been suggested to do in this news group, and not anything
> can detect anything wrong, so why am I still having the same problem? I
> guess I will reformat at some stage and then it should be ok, but I will
> do this as a last resort and for this one little problem with one website
> I think I will tolerate it, providing there is really nothing else
> horrible lurking on my laptop.
> Thanks again for all your help.
>
>
Anonymous
September 15, 2005 10:45:14 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In article <9EhWe.844$7x4.23@newssvr13.news.prodigy.com>, pcbutts1
@seedsv.com says...
> Flush your DNS resolver cache. Click start>run>cmd press enter. In the
> command windows type " ipconfig /flushdns " without the quotes then pres
> enter.

In case you didn't notice, no one will complain about your posts when
you follow the group charters and when you don't violate security norms
by posting links to files on personal sites instead of the vendors own
download site.

See, you really can do something proper when you want to.

--

spam999free@rrohio.com
remove 999 in order to email me
September 15, 2005 10:49:54 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I have done that and still the same thing happens when I go to the home page
of this particular website. All other areas of the website are ok.
Shall I just give up?


"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1d9372e920cda0a898a064@news-server.columbus.rr.com...
> In article <9EhWe.844$7x4.23@newssvr13.news.prodigy.com>, pcbutts1
> @seedsv.com says...
>> Flush your DNS resolver cache. Click start>run>cmd press enter. In the
>> command windows type " ipconfig /flushdns " without the quotes then pres
>> enter.
>
> In case you didn't notice, no one will complain about your posts when
> you follow the group charters and when you don't violate security norms
> by posting links to files on personal sites instead of the vendors own
> download site.
>
> See, you really can do something proper when you want to.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
Anonymous
September 15, 2005 10:55:29 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Are you using a favorite to access that page or are you manually typing in
the address?

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"katie" <anonymous@discussions.microsoft.com> wrote in message
news:uzHli3huFHA.2076@TK2MSFTNGP14.phx.gbl...
>I have done that and still the same thing happens when I go to the home
>page of this particular website. All other areas of the website are ok.
> Shall I just give up?
>
>
> "Leythos" <void@nowhere.lan> wrote in message
> news:MPG.1d9372e920cda0a898a064@news-server.columbus.rr.com...
>> In article <9EhWe.844$7x4.23@newssvr13.news.prodigy.com>, pcbutts1
>> @seedsv.com says...
>>> Flush your DNS resolver cache. Click start>run>cmd press enter. In the
>>> command windows type " ipconfig /flushdns " without the quotes then pres
>>> enter.
>>
>> In case you didn't notice, no one will complain about your posts when
>> you follow the group charters and when you don't violate security norms
>> by posting links to files on personal sites instead of the vendors own
>> download site.
>>
>> See, you really can do something proper when you want to.
>>
>> --
>>
>> spam999free@rrohio.com
>> remove 999 in order to email me
>
>
Anonymous
September 16, 2005 4:01:22 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Rename both files. If you have permissions too you will be allowed to rename but not delete. Then reboot and the name change may fool the program. Then you should be able to delete.


--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"Katie" <anonymous@discussions.microsoft.com> wrote in message news:u0$qI8JuFHA.1136@TK2MSFTNGP12.phx.gbl...
> Hi, please can some one offer some advice?
> 2 days ago I opened a downloaded quick time movie but it didnt play so when
> i clicked the play icon i had lots of pop ups which directed me to a website
> which said
> THIS WEBSPACE HAS BEEN SUSPENDED DUE TO NON PAYMENT!.
> It gave the name of the www. to get the site online. "control dot
> streameline dot net" and because I had a web page open at that time now each
> time i go to that web page it says the same thing. I know there is nothing
> wrong with the real website as I have another pc and it is ok on there. Also
> the websites address doesnt change as if it is redirected.
> So i have done virus scans, and adaware scans, (I also had my firewall on
> and pop up blocker on too) but nothing found anything except for one online
> scan which said I had an unknown Trojan in
> "C:\Documents and Settings\chrissy\local settings\temp\autorun.exe"
> "C:\Documents and Settings\chrissy\local settings\temp\autorungui.dll"
> But the online scan wont remove it. So I remembered that on my other pc
> Windows ME i could delete the temp contents without causing problems.
> However now this laptop is XP and the Temp folder is quite different. In it
> i have seen lots of other folders and things that look like they are not
> meant to be deleted.
> Can I safely delete the Temp folder in XP? I did a search for the files
> that the online scan found and my search on my laptop couldnt find it at
> all.
> Is it possible for me to edit the registry to detach the trojan from this
> web site? Can some one tell me how to do that please? I really need access
> to the website on this laptop.
> Please can any one offer me any help?
> Thanks so much in advance.
> Chris
>
>
>
September 16, 2005 1:01:42 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

No, that is "The Sims" it is a game made by Maxis. No problems with that at
all as I havent actually played that for a while and the problem didnt exist
at that time. This is a new problem that stemmed from playing a quick time
movie. I didnt actually do anything other than press the play icon in quick
time. Then I had loads of pop ups all leading to the same site saying "THIS
WEBSPACE HAS BEEN SUSPENDED DUE TO NON PAYMENT" it just happened to attach
itself to the one web page that I had open at that time.
Thanks for your support and help.
Anonymous
September 16, 2005 2:34:17 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Your HJ logs show sus things. Like a HotDate thing. Do you subscribe to a hot date thing.

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"katie" <anonymous@discussions.microsoft.com> wrote in message news:uzHli3huFHA.2076@TK2MSFTNGP14.phx.gbl...
>I have done that and still the same thing happens when I go to the home page
> of this particular website. All other areas of the website are ok.
> Shall I just give up?
>
>
> "Leythos" <void@nowhere.lan> wrote in message
> news:MPG.1d9372e920cda0a898a064@news-server.columbus.rr.com...
>> In article <9EhWe.844$7x4.23@newssvr13.news.prodigy.com>, pcbutts1
>> @seedsv.com says...
>>> Flush your DNS resolver cache. Click start>run>cmd press enter. In the
>>> command windows type " ipconfig /flushdns " without the quotes then pres
>>> enter.
>>
>> In case you didn't notice, no one will complain about your posts when
>> you follow the group charters and when you don't violate security norms
>> by posting links to files on personal sites instead of the vendors own
>> download site.
>>
>> See, you really can do something proper when you want to.
>>
>> --
>>
>> spam999free@rrohio.com
>> remove 999 in order to email me
>
>
Anonymous
September 16, 2005 9:56:36 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

When you did your av and spyware , etc. , checks ,
did you also verify the legitamacy of all your running processes?
and check your hosts file for entries that refere that website?

"katie" <anonymous@discussions.microsoft.com> wrote in message
news:uzHli3huFHA.2076@TK2MSFTNGP14.phx.gbl...
>I have done that and still the same thing happens when I go to the home
>page of this particular website. All other areas of the website are ok.
> Shall I just give up?
>
>
> "Leythos" <void@nowhere.lan> wrote in message
> news:MPG.1d9372e920cda0a898a064@news-server.columbus.rr.com...
>> In article <9EhWe.844$7x4.23@newssvr13.news.prodigy.com>, pcbutts1
>> @seedsv.com says...
>>> Flush your DNS resolver cache. Click start>run>cmd press enter. In the
>>> command windows type " ipconfig /flushdns " without the quotes then pres
>>> enter.
>>
>> In case you didn't notice, no one will complain about your posts when
>> you follow the group charters and when you don't violate security norms
>> by posting links to files on personal sites instead of the vendors own
>> download site.
>>
>> See, you really can do something proper when you want to.
>>
>> --
>>
>> spam999free@rrohio.com
>> remove 999 in order to email me
>
>
Anonymous
September 16, 2005 10:33:16 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Some video files can tell certain video players to open 1 or more websites,
including Windows Media Player.
These webpages can then install malicious activex programs that in turn
install
spyware, hijackers, etc.
I've even seen a webpage trick IE 6 into running an HTA file, without asking
me for permission,
which opened several full sized IE windows to try and distract me from the
fact that it was
creating a couple dozen shortcuts and trying to download and run a screen
saver.

While cleaning up the mess, i also discovered, that the site had installed
an activex object that downloaded 2 files, 1 to C:\
and 1 to the system folder. 1 of them would copy and rename the other file
each time i shutdown and make sure a start up entry existed for it.

What it sounds like happened to you, is that the video file opened multiple
to websites, and atleast 1 of them installed a hijacker
that mat be running as a BHO of some sort.

There are very few ways for a program to autorun in windows:
1) Start folder entry
2) Registry Run entries
3) BHO's
4) Virus infected file loads it or is it.
5) It's also possible that entries were added to your hosts file, to
redirect you to a
certain website without altering the address bar.

IF you still have malicious software running you need to verfiy every
running process.
1) Easily checked and verified.
2) You can check these entrie with Spybot Search & Destroy or msconfig.exe
3) You should be able to view most, if not all installed BHO's from IE's
Tools | Internet | Programs Tab | Manage Add-ons Button

5) Spybot can show you the contents of your host file or you can navigate it
in a text editor

Spybot can also show you your installed BHO's and registered ActiveX
objects, Running Processes, and Start Up Items.
I would find each file that loads as a start up item, all BHO's, and ActiveX
objects.. Check filenames that seem odd or out of place.
Right click on each file and select Properties. If it's a system file or
from MS it should have a version Tab with author|company info, description
etc..
This info should give you a clue as to it legitimacy, and I've found that
many authors of malicious software, can't help but use this area
to brag how L33T they are. (please pardon my use of really really lame slang
used by really really really lame persons).

If, after reviewing each loading file, you still don't have an suspicions,
you can usemsconfig.exe, to keep Start Up items from loading,
to try and narrow down the possibilities, by booting with a limited startup
and try to browse the net.

You can also ask here, about any entries (Startup, BHO,ActiveX,Hosts file,
etc.) that you unsure about.

"katie" <anonymous@discussions.microsoft.com> wrote in message
news:%23z9sgTpuFHA.3752@TK2MSFTNGP09.phx.gbl...
> No, that is "The Sims" it is a game made by Maxis. No problems with that
> at all as I havent actually played that for a while and the problem didnt
> exist at that time. This is a new problem that stemmed from playing a
> quick time movie. I didnt actually do anything other than press the play
> icon in quick time. Then I had loads of pop ups all leading to the same
> site saying "THIS WEBSPACE HAS BEEN SUSPENDED DUE TO NON PAYMENT" it just
> happened to attach itself to the one web page that I had open at that
> time.
> Thanks for your support and help.
>
>
>
!