Can't find folder

John · Sep 17, 2005

When I look at Start-Up, there are entries like "My WebSearch Email Plugin"
and they are supposed to start from
"C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE"

But when I use Windows Explorer to look in the C:\Program Filse folder,
I can not find the folder "MyWebSearch".
Under "Tools" "Folder Options" "File Type" I have the "Show hidden files and
folders" turned on (radio button selected).

Also can't find MWSOEMON in the registry.

Help, anyone?

Thanks!

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

Jose Francisco · Sep 17, 2005

Hi John,

Looks you got a case of spyware/malware/adware. I suggest you read my quick
article about how to delete and remove spyware from your system. Take at
look (URL) - http://www.xpsource.com/security/removing-spyware/

Hope this helps!

--
Best of luck,

Jose Francisco
(e-mail address removed) or (e-mail address removed)
XPSource - http://www.xpsource.com

pcbutts1 · Sep 17, 2005

Download, install, update and run all of the following.

Ad-Aware
http://www.pcbutts1.com/downloads/aawsepersonal.exe

Spybot search and destroy
http://www.pcbutts1.com/downloads/spybotsd14.exe

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

Microsoft Windows AntiSpyware (Beta1)
http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

If none of the above fixes the issue then download Hijack this, run it, save
a copy of the log file and cut and paste it back here to this group so that
I can analyze it. Ignore anyone especially the troll Leythos, who will tag
along a nonsense post to this message, who tells you to post it elsewhere. I
need to see it not them.

HijackThis
http://www.pcbutts1.com/downloads/HijackThis.zip

--

The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

Nepatsfan · Sep 17, 2005

John said:
When I look at Start-Up, there are entries like "My
WebSearch Email Plugin" and they are supposed to start from
"C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE"

But when I use Windows Explorer to look in the C:\Program
Filse folder,
I can not find the folder "MyWebSearch".
Under "Tools" "Folder Options" "File Type" I have the "Show
hidden files and folders" turned on (radio button selected).

Also can't find MWSOEMON in the registry.

Help, anyone?

Thanks!

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

Run any antispyware scans lately? Spybot S &D? AdAware?
Microsoft Anti Spyware Beta?

I think what you're seeing is the result of an antispyware
program removing the My Web Search toolbar. Unfortunately, it
left behind the startup entry in your registry. Are you getting
an error message at startup about Windows not being able to
find that file? If so, then that's because the program has been
removed.

The simplest way to solve your problem would be to run the
Registry Editor (Start -> Run -> Regedit.exe) and Navigate to
the location that msconfig displays for that file. It will be
one of these two locations:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Look for an entry in the right hand pane for that file. Right
click on it and select Delete from the drop down menu.

Here's an article that discusses removal instructions for My
Web Search:

http://www.pchell.com/support/mywebsearch.shtml

If you need help analyzing a HijackThis log, you should post it
to one of these forums:

http://forum.aumha.org/
http://castlecops.com/forum67.html
http://www.bleepingcomputer.com/forums/HijackThis_Logs_and_Analysis-f22.html
http://forums.tomcoyote.org/index.php?showforum=27
http://spywarewarrior.com/viewforum.php?f=5

To be on the safe side you might want to make sure your
antivirus program is up-to-date and run a scan.
You should also run a scan with AdAware and Spybot S & D.

AdAware
http://www.spychecker.com/program/adaware.html

Spybot S & D
http://www.spychecker.com/program/spybot.html

You might also consider running some of the online virus
scanners:

http://housecall.trendmicro.com/

http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm

http://us.mcafee.com/root/mfs/default.asp?WWW_URL=www.mcafee.com/myapps/mfs/default.asp

Post back if you have any questions.

Nepatsfan

John · Sep 17, 2005

Download, install, update and run all of the following.

Ad-Aware
http://www.pcbutts1.com/downloads/aawsepersonal.exe

Already have it (and use it weekly)

Spybot search and destroy
http://www.pcbutts1.com/downloads/spybotsd14.exe

Already have it, and use it weekly also.

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

Microsoft Windows AntiSpyware (Beta1)
http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

Thanks, Jose and pcbutts1 !!

I ran Spybot-S&D, and it found several istances of nasties on my computer, which
I deleted.
However, the start up manager still showed some instances of the same malware.
I D/L'd and installed EWIDO - It found some (more?) malware.
Now, my faith in Spybot-S&D is shaken.
Question # 1: Should I spend the $ 30 (US) to get EWIDO? or would it also miss
certain malware files which a $ 40 or $ 50 program would find?

Question # 2: Every so often, Bill Gates reminds me that my Windows Firewall
is not activated.
I know that - I have a router and consider its firewall sufficient.
Hoevever: What is/are the (dis)advantage(s) of having Windows Firewall
activated along with the router?

Thanks!

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

John · Sep 17, 2005

I ran Spybot-S&D, and it found several istances of nasties on my computer, which
I deleted.
However, the start up manager still showed some instances of the same malware.
I D/L'd and installed EWIDO - It found some (more?) malware.
Now, my faith in Spybot-S&D is shaken.
Question # 1: Should I spend the $ 30 (US) to get EWIDO? or would it also miss
certain malware files which a $ 40 or $ 50 program would find?

Question # 2: Every so often, Bill Gates reminds me that my Windows Firewall
is not activated.
I know that - I have a router and consider its firewall sufficient.
Hoevever: What is/are the (dis)advantage(s) of having Windows Firewall
activated along with the router?

I ran Spybot-S&D. It found a lot of nasties, and removed them.
It removed all but two references to "MyWebSearch" from the startup manager.
I ran EWIDO. It found and removed a whole slew more of nasties.
However, the two references to "MyWebSearch" are still in the startup manager.
I ran "Spyware Doctor" - it told me there are six spyware files on my nachine -
none of them called "MyWebSearch". However, it won't remove them unless you buy
the program first.
The reference to "MyWebSearch" in the startup manager is still there.

Is there one program that will remove *all* the garbage? Can I afford it?

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

pcbutts1 · Sep 18, 2005

Ewido is worth buying. To remove the start up entry I need to see your HJT
log so I can tell you what to have it fix.

--

The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

John · Sep 18, 2005

Run any antispyware scans lately? Spybot S &D? AdAware?
Microsoft Anti Spyware Beta?

I do so regularly; I also have Spyware Blater running all the time.
Unfortunately, I found that Spybot-S&D is not doing the job I trusted it to do.

Trend Micro Anti-Spyware seems to have done the job.

Thanks to all who offered helpful suggesttions!

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

John · Sep 18, 2005

Ewido is worth buying. To remove the start up entry I need to see your HJT
log so I can tell you what to have it fix.

Actually, Trend Micro Anti-Spyware removed it OK.
Ewido didn't, and Spyware Doctor won't let you try and remove anything unless
you buy it first.
I'm sort-of leaning towards getting Trend Micro Anti-Spyware

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

Nepatsfan · Sep 18, 2005

John said:
I do so regularly; I also have Spyware Blater running all
the time. Unfortunately, I found that Spybot-S&D is not
doing the job I trusted it to do.

Trend Micro Anti-Spyware seems to have done the job.

Thanks to all who offered helpful suggesttions!

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

You're welcome. Thanks for letting us know you got it fixed.

And, since no one answered your earlier question about the
Windows Firewall, I'll offer my opinion. The main advantage of
running a software firewall is that it allows the user to have
some control over internet access. That said, the Windows
Firewall would not be my first choice since it doesn't monitor
outbound activity. Here are a few free firewall programs that
will do the job:

Zone Alarm
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

Sygate Personal Firewall
http://smb.sygate.com/products/spf_standard.htm

Kerio Personal Firewall
http://www.kerio.com/kpf_download.html

Here's an article that does a pretty good job of explaining why
running a software firewall is a good idea even if your system
is behing a router:

Should I run a software firewall behind my NAT router?
http://www.dslreports.com/faq/4629

Nepatsfan

John · Sep 20, 2005

Ewido is worth buying. To remove the start up entry I need to see your HJT
log so I can tell you what to have it fix.

OK - I have run several programs, and pretty well cleaned out my computer
(I think and hope).

I realize the only way to know for sure is to wipe everything, and start from
scratch.
I have done this before, but am not quite ready to do this now.

One program (Spyware Doctor) tells me that I have two entries to be concerned
about: " HKCR\.b3d " and " HKCR\.b3d ## " (note there's a "dot" in these
names). It tellls me it's a medium risk thing, installed "silently" by
"Brilliant Digital Entertainment with older versions of KaZaa".
I have never used KAZAA or any other music or file-sharing program.

Incidentally, as an aside, I have been using "idisk utilities for Windows" but
right now (and for the last few days - probably since I acquired all this
garbage) it will not work I tried it from my wife's computer, and it works fine
(proving I am using the correct log-in and password).
I notice the entry from my "windows/sys32/drivers/etc/host" file is in the
hijackthis log. Coincidence?

The log follows:

Logfile of HijackThis v1.99.1
Scan saved at 19:22:36, on 09/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\LanLight\LanLight.exe
D:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
D:\TOOLS\Systools\TMAS\Tmas.exe
D:\TOOLS\OnLineTools\FireTrust\MailWasher Pro\MailWasher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Handspring\HOTSYNC.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Agent\agent.exe
C:\Install\HijackThis\HijackThis.exe

O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com
idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com
idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com
idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com
idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com
idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
D:\TOOLS\Systools\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Dimension4] D:\TOOLS\OnLineTools\D4\D4.exe
O4 - HKLM\..\RunServices: [MOSearch]
C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MailWasherPro.lnk = D:\TOOLS\OnLineTools\FireTrust\MailWasher
Pro\MailWasher.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: LanLight.lnk = D:\Program Files\LanLight\LanLight.exe
O4 - Global Startup: Firefox Preloader.lnk = D:\Program
Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk =
D:\TOOLS\Systools\TMAS\Tmas.exe
O8 - Extra context menu item: &eBay Search - res://D:\Program Files\eBay\eBay
Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZH
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
(file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
NameServer = 209.226.175.223,192.168.0.1,4.2.2.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

pcbutts1 · Sep 20, 2005

Have HJT fix the following lines by placing a check mark next to each line
in HJT then click on the fix checked button on the bottom. Once that is done
then download this hosts file. I have created a self extracting zip file
which will automatically replace your hosts file.
http://www.pcbutts1.com/downloads/hosts.exe

O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com
idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com
idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com
idisk12.mac.com
idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com
idisk17.mac.com
idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com
idisk22.mac.com
idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\RunServices: [MOSearch]
C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZH
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
(file missing)

--

The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

John · Sep 20, 2005

Have HJT fix the following lines by placing a check mark next to each line
in HJT then click on the fix checked button on the bottom.
Done

Once that is done
then download this hosts file. I have created a self extracting zip file
which will automatically replace your hosts file.
http://www.pcbutts1.com/downloads/hosts.exe

Done

Tried to use idisk utility -
Message: "Idisk Utilities requires additional entries into your host file"
I clicked "OK" the "Idisk Utility for XP" comes up - I enter the iDisk account
and password. The progression bar stopd halfway, with the message
"iDisk Utility failed to mount your Disk" (the same as it was before I had HJT
remove the lines you instructed.

This is my current HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 23:19:34, on 09/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\LanLight\LanLight.exe
D:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\TOOLS\Systools\TMAS\Tmas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\TOOLS\OnLineTools\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Agent\agent.exe
C:\Install\HijackThis\HijackThis.exe

O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com
idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com
idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com
idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com
idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com
idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
D:\TOOLS\Systools\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Dimension4] D:\TOOLS\OnLineTools\D4\D4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MailWasherPro.lnk = D:\TOOLS\OnLineTools\FireTrust\MailWasher
Pro\MailWasher.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: LanLight.lnk = D:\Program Files\LanLight\LanLight.exe
O4 - Global Startup: Firefox Preloader.lnk = D:\Program
Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk =
D:\TOOLS\Systools\TMAS\Tmas.exe
O8 - Extra context menu item: &eBay Search - res://D:\Program Files\eBay\eBay
Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
Domain = sympatico.ca
O17 - HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
NameServer = 209.226.175.223,192.168.0.1,4.2.2.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

pcbutts1 · Sep 20, 2005

Do you have a membership at .mac? If you don't then set one up here
http://www.apple.com/dotmac/ if you do then
Try this

1. Go to your explorer file menu and choose "Open"
2. Type in "http://idisk.mac.com/username/"
3. Select "Open As Web Folder"
Does it let you in?

--

The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

John said:
Have HJT fix the following lines by placing a check mark next to each line
in HJT then click on the fix checked button on the bottom.
Done

Once that is done
then download this hosts file. I have created a self extracting zip file
which will automatically replace your hosts file.
http://www.pcbutts1.com/downloads/hosts.exe

Click to expand...

Done

Tried to use idisk utility -
Message: "Idisk Utilities requires additional entries into your host file"
I clicked "OK" the "Idisk Utility for XP" comes up - I enter the iDisk
account
and password. The progression bar stopd halfway, with the message
"iDisk Utility failed to mount your Disk" (the same as it was before I
had HJT
remove the lines you instructed.

This is my current HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 23:19:34, on 09/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\LanLight\LanLight.exe
D:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\TOOLS\Systools\TMAS\Tmas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\TOOLS\OnLineTools\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Agent\agent.exe
C:\Install\HijackThis\HijackThis.exe

O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com
idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com
idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com
idisk12.mac.com
idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com
idisk17.mac.com
idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com
idisk22.mac.com
idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
D:\TOOLS\Systools\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Dimension4] D:\TOOLS\OnLineTools\D4\D4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MailWasherPro.lnk =
D:\TOOLS\OnLineTools\FireTrust\MailWasher
Pro\MailWasher.exe
O4 - Startup: HotSync Manager.lnk = C:\Program
Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: LanLight.lnk = D:\Program Files\LanLight\LanLight.exe
O4 - Global Startup: Firefox Preloader.lnk = D:\Program
Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk =
D:\TOOLS\Systools\TMAS\Tmas.exe
O8 - Extra context menu item: &eBay Search - res://D:\Program
Files\eBay\eBay
Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
Domain = sympatico.ca
O17 -
HKLM\System\CCS\Services\Tcpip\..\{F35521A5-5B6F-4347-9CC6-063A90A4643D}:
NameServer = 209.226.175.223,192.168.0.1,4.2.2.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

John · Sep 20, 2005

I'm afraid I have to own up to my ignorance here . . . .

Do you have a membership at .mac?

Not personally, but I have a log-in and password

If you don't then set one up here
http://www.apple.com/dotmac/

I did (a 60-day trial one).

if you do then
Try this

1. Go to your explorer file menu and choose "Open"

Tis is where I'm lost. Do you mean "Windows Explorer"?
If so, where do I choose "open"?

2. Type in "http://idisk.mac.com/username/"
3. Select "Open As Web Folder"
Does it let you in?

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

John · Sep 20, 2005

I'm a Firefox person, and did not at first think you might mean MS IE.
But, I tried that.

Do you have a membership at .mac? If you don't then set one up here
http://www.apple.com/dotmac/ if you do then
Try this

1. Go to your explorer file menu and choose "Open"
2. Type in "http://idisk.mac.com/username/"
3. Select "Open As Web Folder"
Does it let you in?

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

John · Sep 20, 2005

OK - I did not think you would mean Internet Explorer (I'm a Firefox user).

Do you have a membership at .mac? If you don't then set one up here
http://www.apple.com/dotmac/ if you do then
Try this

1. Go to your explorer file menu and choose "Open"
2. Type in "http://idisk.mac.com/username/"
3. Select "Open As Web Folder"
Does it let you in?

Yes it does.

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

pcbutts1 · Sep 20, 2005

While logged into the site try your idisk but make sure you are logged in
using Explorer or IE I really don't think it matters but not Firefox.

--

The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

John · Sep 21, 2005

While logged into the site try your idisk but make sure you are logged in
using Explorer or IE I really don't think it matters but not Firefox.

Well this is a weird one.
I went to http://idisk.mac.com/username
That works OK. - I can see the files.

I minimized that page, tried to log in using idisk utility - no go.

I'm not sure if this ties in with the malware I had on the machine, although it
seems to have started about the same time.
Everything else seems to behave OK - several programs (except Spyware Doctor)
can not find anything that should not be there,
(repeated from an earlier post: One program (Spyware Doctor) tells me that I
have two entries to be concerned about: " HKCR\.b3d " and " HKCR\.b3d ## "
(note there's a "dot" in these names). It tellls me it's a medium risk thing,
installed "silently" by "Brilliant Digital Entertainment with older versions of
KaZaa".
I have never used KAZAA or any other music or file-sharing program.)

Bottom line - I may have to break down and reinstall Windows - other solutions
seem to elude us.

John <><

A wise monkey is a monkey who doesn't monkey
with an other monkey's monkey.

Sounds	3	Jul 23, 2005
System32 folder opens on startup, post reg key contents	2	Feb 12, 2007
C:\Progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL for rundll error msg	1	Oct 9, 2007
IE 8 won't start	2	Feb 14, 2009
Control Panel Missing	1	May 21, 2008
Possible Virus infection...	1	Jul 12, 2007
HP psc1110 System Error Message	4	Mar 17, 2006
RUNDLL error	9	Mar 8, 2007

Can't find folder

John

Jose Francisco

pcbutts1

Nepatsfan

John

John

pcbutts1

John

John

Nepatsfan

John

pcbutts1

John

pcbutts1

John

John

John

pcbutts1

John

Ask a Question

Similar Threads