PDA

View Full Version : startup config error opening Netscape


Jo'Anne
May 18th 04, 04:20 PM
When ever I try to open Netscape mail or browser i get on
error message:

An error occurred reading the startup configuration file.
Please contact your admisistrator.

prefs.js, line 89: SyntaxError: illegal character.
user_pref
("browser.startup.homepage", "mysearchnow.com");\nuser_pref
("browser.startup.page", 1);


My homepage was Netscape not this one! I've lost my mail,
bookmarks and passwords. I resave and reinstall them and
when I open Netscape the next time I have to do it all
over again. They keep disappearing!!! PLEASE HELP!!!!!

Mike M
May 18th 04, 04:35 PM
It looks like you've been hijacked.

I think your system is host to either the Lop parasite (See
http://www.doxdesk.com/parasite/lop.html for more details of this pest) or
more likely the odious CoolWebSearch parasite.

I would suggest you download and run merijn's CWShredder which targets the
CoolWebSearch parasite. CWShredder can be downloaded from
(http://www.zerosrealm.com/downloads/CWShredder.zip or
http://www.spywareinfo.com/~merijn/files/cwshredder.zip). Details of the many
forms of the CoolWebSearch hijacker can be found at
http://www.spywareinfo.com/~merijn/cwschronicles.html and also
http://www.pestpatrol.com/pestinfo/c/cws.asp.

This might be a good time to download and use the free Ad-Aware 6.0 from
Lavasoft (http://www.lavasoftusa.com/software/adaware/) and also SpyBot
(http://www.safer-networking.org/) and scan your system for and remove all
unwanted parasites, adware and spyware that might be hiding on your PC.
--?
Mike Maltby MS-MVP



Jo'Anne > wrote:

> When ever I try to open Netscape mail or browser i get on
> error message:
>
> An error occurred reading the startup configuration file.
> Please contact your admisistrator.
>
> prefs.js, line 89: SyntaxError: illegal character.
> user_pref
> ("browser.startup.homepage", "mysearchnow.com");\nuser_pref
> ("browser.startup.page", 1);
>
>
> My homepage was Netscape not this one! I've lost my mail,
> bookmarks and passwords. I resave and reinstall them and
> when I open Netscape the next time I have to do it all
> over again. They keep disappearing!!! PLEASE HELP!!!!!

Jo'Anne
May 18th 04, 07:11 PM
Thanks for the info! I've done this parasite search and=20
found things that I deleted, they helped my IE navigator=20
but not my Netscape> Any other Ideas??????????????
Thanks for your time


>-----Original Message-----
>It looks like you've been hijacked.
>
>I think your system is host to either the Lop parasite=20
(See
>http://www.doxdesk.com/parasite/lop.html for more details=20
of this pest) or
>more likely the odious CoolWebSearch parasite.
>
>I would suggest you download and run merijn's CWShredder=20
which targets the
>CoolWebSearch parasite. CWShredder can be downloaded from
>(http://www.zerosrealm.com/downloads/CWShredder.zip or
>http://www.spywareinfo.com/~merijn/files/cwshredder.zip).=20
Details of the many
>forms of the CoolWebSearch hijacker can be found at
>http://www.spywareinfo.com/~merijn/cwschronicles.html and=20
also
>http://www.pestpatrol.com/pestinfo/c/cws.asp.
>
>This might be a good time to download and use the free Ad-
Aware 6.0 from
>Lavasoft (http://www.lavasoftusa.com/software/adaware/)=20
and also SpyBot
>(http://www.safer-networking.org/) and scan your system=20
for and remove all
>unwanted parasites, adware and spyware that might be=20
hiding on your PC.
>--=81
>Mike Maltby MS-MVP

>
>
>Jo'Anne > wrote:
>
>> When ever I try to open Netscape mail or browser i get=20
on
>> error message:
>>
>> An error occurred reading the startup configuration=20
file.
>> Please contact your admisistrator.
>>
>> prefs.js, line 89: SyntaxError: illegal character.
>> user_pref
>>=20
("browser.startup.homepage", "mysearchnow.com");\nuser_pref
>> ("browser.startup.page", 1);
>>
>>
>> My homepage was Netscape not this one! I've lost my=20
mail,
>> bookmarks and passwords. I resave and reinstall them and
>> when I open Netscape the next time I have to do it all
>> over again. They keep disappearing!!! PLEASE HELP!!!!!
>
>
>.
>

Mike M
May 18th 04, 07:53 PM
If you have mysearchnow.com as your startup page you probably still have
either Lop or CoolWebSearch and need to get them off your PC.

If you feel that you have done all you can to remove unwanted parasites and
other malware from your system and are still experiencing problems download a
copy of HijackThis from
(http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called
hijackthis on C: and copy the file you downloaded to that folder. Close as
many applications as you can including all instances of Internet Explorer and
then run hijackthis.exe and post back the log, provided that it isn't too
long, to this thread, otherwise to the HijackThis Forum at
http://www.spywareinfo.com/forums/ and hopefully that will enable someone to
identify the cause of your problem.
--?
Mike Maltby MS-MVP



Jo'Anne > wrote:

> Thanks for the info! I've done this parasite search and
> found things that I deleted, they helped my IE navigator
> but not my Netscape> Any other Ideas??????????????
> Thanks for your time

Jo'Anne
May 18th 04, 08:30 PM
Here is the log from Hijackthis:


Logfile of HijackThis v1.97.7
Scan saved at 1:27:55 PM, on 18/05/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON=20
SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON=20
SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start=20
Page =3D http://mysearchnow.com/passthrough/index.html?
http://www.msn.com/
N3 - Netscape 7: user_pref
("browser.startup.homepage", "mysearchnow.com");\nuser_pref
("browser.startup.page", 1); (C:\WINDOWS\Application=20
Data\Mozilla\Profiles\default\iy633fw0.slt\prefs.j s)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-
170DE4475CCA} - C:\PROGRAM=20
FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-
072E-44cf-8957-5838F569A31D} - C:\PROGRAM=20
FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: (no name) - {77712A64-F30B-47C8-A363-
CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
O2 - BHO: (no name) - {09F0F280-FB9A-481B-B69A-
CB00DC44D027} - C:\PROGRA~1\ADVANC~1\POPUPJ~1.DLL
O2 - BHO: (no name) - {DD18418C-4F21-9BC3-EA26-
E48292561CC3} - C:\PROGRAM FILES\INTERNET SETTINGS=20
FIRST\LESS ONCE.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-
170DE4475CCA} - C:\PROGRAM=20
FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: PlatformTrayLove - {0638B657-540D-0055-66B2-
4848702F3D66} - C:\PROGRAM FILES\INTERNET SETTINGS=20
FIRST\LESS ONCE.DLL
O4 - HKLM\..\Run: [ScanRegistry]=20
C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth]=20
C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe=20
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1
\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1
\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1
\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program=20
Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy=20
Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common=20
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program=20
Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [SHPC32] shpc32.exe
O4 - HKLM\..\Run: [GW Port Controller] C:\PROGRA~1
\SAMSUNG\SMARTHRU\PORTCT95.EXE
O4 - HKLM\..\Run: [Real Program] C:\PROGRA~1\STOREK~1
\HideMixChin.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe=20
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr]=20
C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1
\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [SSDPSRV]=20
C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [StillImageMonitor]=20
C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [PopupJammer] C:\PROGRAM FILES\ADVANCED=20
SEARCHBAR\JAMMER.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk =3D=20
C:\Program Files\Common Files\Microsoft Shared\Works=20
Shared\wkcalrem.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: Add to White List -=20
C:\PROGRAM FILES\ADVANCED SEARCHBAR\addtolist.js
O8 - Extra context menu item: Delete from White List -=20
C:\PROGRAM FILES\ADVANCED SEARCHBAR\delfromlist.js
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update=20
Class) -=20
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
B?1060485860920
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}=20
(McAfee.com Operating System Class) -=20
http://bin.mcafee.com/molbin/shared/mcinsctl/en-
us/4,0,0,72/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}=20
(DwnldGroupMgr Class) -=20
http://download.mcafee.com/molbin/shared/mcgdmgr/en-
us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}=20
(Shockwave Flash Object) -=20
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}=20
(MessengerStatsClient Class) -=20
http://messenger.zone.msn.com/binary/MessengerStatsClient.c
ab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}=20
(Checkers Class) -=20
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}=20
(Solitaire Showdown Class) -=20
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}=20
(Minesweeper Flags Class) -=20
http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web=20
Products Installer Start) -=20
http://imgfarm.com/images/nocache/funwebproducts/SmileyCent
ralInitialSetup1.0.0.5.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE=20
Class) -=20
http://207.188.7.150/09ecf7c2adf6c9194d15/netzip/RdxIE601.c
ab

Thanks for all your time!!! :-)

>-----Original Message-----
>If you have mysearchnow.com as your startup page you=20
probably still have
>either Lop or CoolWebSearch and need to get them off your=20
PC.
>
>If you feel that you have done all you can to remove=20
unwanted parasites and
>other malware from your system and are still experiencing=20
problems download a
>copy of HijackThis from
>(http://www.spywareinfo.com/~merijn/downloads.html). =20
Create a folder called
>hijackthis on C: and copy the file you downloaded to that=20
folder. Close as
>many applications as you can including all instances of=20
Internet Explorer and
>then run hijackthis.exe and post back the log, provided=20
that it isn't too
>long, to this thread, otherwise to the HijackThis Forum at
>http://www.spywareinfo.com/forums/ and hopefully that=20
will enable someone to
>identify the cause of your problem.
>--=81
>Mike Maltby MS-MVP

>
>
>Jo'Anne > wrote:
>
>> Thanks for the info! I've done this parasite search and
>> found things that I deleted, they helped my IE navigator
>> but not my Netscape> Any other Ideas??????????????
>> Thanks for your time
>
>
>.
>

Mike M
May 18th 04, 08:50 PM
> O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-
> 170DE4475CCA} - C:\PROGRAM
> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

This is the MyWebSearch Toolbar. This could well be the cause of your
problems. If unwanted either uninstall or use HijackThis to remove this
toolbar.

> O3 - Toolbar: PlatformTrayLove - {0638B657-540D-0055-66B2-
> 4848702F3D66} - C:\PROGRAM FILES\INTERNET SETTINGS
> FIRST\LESS ONCE.DLL

I am unfamiliar with this. If unwanted either uninstall or use HijackThis to
remove this toolbar.
--
Mike Maltby MS-MVP



Jo'Anne > wrote:

> Here is the log from Hijackthis:
>
>
> Logfile of HijackThis v1.97.7
> Scan saved at 1:27:55 PM, on 18/05/2004
> Platform: Windows ME (Win9x 4.90.3000)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\SYSTEM\KERNEL32.DLL
> C:\WINDOWS\SYSTEM\MSGSRV32.EXE
> C:\WINDOWS\SYSTEM\mmtask.tsk
> C:\WINDOWS\SYSTEM\MPREXE.EXE
> C:\WINDOWS\SYSTEM\MSTASK.EXE
> C:\WINDOWS\SYSTEM\SSDPSRV.EXE
> C:\WINDOWS\SYSTEM\STIMON.EXE
> C:\WINDOWS\EXPLORER.EXE
> C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
> C:\WINDOWS\TASKMON.EXE
> C:\WINDOWS\SYSTEM\SYSTRAY.EXE
> C:\WINDOWS\SYSTEM\WMIEXE.EXE
> C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
> C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
> C:\WINDOWS\SYSTEM\LEXBCES.EXE
> C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
> SUPPORT\BTTNSERV.EXE
> C:\WINDOWS\SYSTEM\RPCSS.EXE
> C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
> SUPPORT\EAUSBKBD.EXE
> C:\WINDOWS\SYSTEM\DDHELP.EXE
> C:\WINDOWS\SYSTEM\SPOOL32.EXE
> C:\HIJACKTHIS\HIJACKTHIS.EXE
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
> Page = http://mysearchnow.com/passthrough/index.html?
> http://www.msn.com/
> N3 - Netscape 7: user_pref
> ("browser.startup.homepage", "mysearchnow.com");\nuser_pref
> ("browser.startup.page", 1); (C:\WINDOWS\Application
> Data\Mozilla\Profiles\default\iy633fw0.slt\prefs.j s)
> O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-
> 170DE4475CCA} - C:\PROGRAM
> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
> O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-
> 072E-44cf-8957-5838F569A31D} - C:\PROGRAM
> FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
> O2 - BHO: (no name) - {77712A64-F30B-47C8-A363-
> CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
> O2 - BHO: (no name) - {09F0F280-FB9A-481B-B69A-
> CB00DC44D027} - C:\PROGRA~1\ADVANC~1\POPUPJ~1.DLL
> O2 - BHO: (no name) - {DD18418C-4F21-9BC3-EA26-
> E48292561CC3} - C:\PROGRAM FILES\INTERNET SETTINGS
> FIRST\LESS ONCE.DLL
> O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-
> 905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
> O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-
> 170DE4475CCA} - C:\PROGRAM
> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
> 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
> O3 - Toolbar: PlatformTrayLove - {0638B657-540D-0055-66B2-
> 4848702F3D66} - C:\PROGRAM FILES\INTERNET SETTINGS
> FIRST\LESS ONCE.DLL
> O4 - HKLM\..\Run: [ScanRegistry]
> C:\WINDOWS\scanregw.exe /autorun
> O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
> O4 - HKLM\..\Run: [PCHealth]
> C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
> O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
> O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
> O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
> powrprof.dll,LoadCurrentPwrScheme
> O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1
> \MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
> O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1
> \MCAFEE.COM\VSO\mcvsshld.exe"
> O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1
> \MCAFEE.COM\AGENT\mcagent.exe
> O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
> \MCAFEE.COM\AGENT\MCUPDATE.EXE
> O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
> O4 - HKLM\..\Run: [LoadQM] loadqm.exe
> O4 - HKLM\..\Run: [CPQEASYACC] C:\Program
> Files\Compaq\Easy Access Button Support\cpqeadm.exe
> O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy
> Access Button Support\eaclean.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program
> Files\HighCriteria\TotalRecorder\TotRecSched.exe"
> O4 - HKLM\..\Run: [SHPC32] shpc32.exe
> O4 - HKLM\..\Run: [GW Port Controller] C:\PROGRA~1
> \SAMSUNG\SMARTHRU\PORTCT95.EXE
> O4 - HKLM\..\Run: [Real Program] C:\PROGRA~1\STOREK~1
> \HideMixChin.exe
> O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
> powrprof.dll,LoadCurrentPwrScheme
> O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
> O4 - HKLM\..\RunServices: [*StateMgr]
> C:\WINDOWS\System\Restore\StateMgr.exe
> O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1
> \MCAFEE.COM\VSO\mcvsrte.exe /embedding
> O4 - HKLM\..\RunServices: [SSDPSRV]
> C:\WINDOWS\SYSTEM\ssdpsrv.exe
> O4 - HKLM\..\RunServices: [StillImageMonitor]
> C:\WINDOWS\SYSTEM\STIMON.EXE
> O4 - HKCU\..\Run: [PopupJammer] C:\PROGRAM FILES\ADVANCED
> SEARCHBAR\JAMMER.EXE
> O4 - Startup: Microsoft Works Calendar Reminders.lnk =
> C:\Program Files\Common Files\Microsoft Shared\Works
> Shared\wkcalrem.exe
> O4 - Startup: PowerReg Scheduler.exe
> O8 - Extra context menu item: Add to White List -
> C:\PROGRAM FILES\ADVANCED SEARCHBAR\addtolist.js
> O8 - Extra context menu item: Delete from White List -
> C:\PROGRAM FILES\ADVANCED SEARCHBAR\delfromlist.js
> O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
> Class) -
> http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
> B?1060485860920
> O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
> (McAfee.com Operating System Class) -
> http://bin.mcafee.com/molbin/shared/mcinsctl/en-
> us/4,0,0,72/mcinsctl.cab
> O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
> (DwnldGroupMgr Class) -
> http://download.mcafee.com/molbin/shared/mcgdmgr/en-
> us/1,0,0,19/mcgdmgr.cab
> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
> (Shockwave Flash Object) -
> http://download.macromedia.com/pub/shockwave/cabs/flash/swf
> lash.cab
> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
> (MessengerStatsClient Class) -
> http://messenger.zone.msn.com/binary/MessengerStatsClient.c
> ab
> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
> (Checkers Class) -
> http://messenger.zone.msn.com/binary/msgrchkr.cab
> O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}
> (Solitaire Showdown Class) -
> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}
> (Minesweeper Flags Class) -
> http://messenger.zone.msn.com/binary/MineSweeper.cab
> O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web
> Products Installer Start) -
> http://imgfarm.com/images/nocache/funwebproducts/SmileyCent
> ralInitialSetup1.0.0.5.cab
> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
> Class) -
> http://207.188.7.150/09ecf7c2adf6c9194d15/netzip/RdxIE601.c
> ab
>
> Thanks for all your time!!! :-)
>
>> -----Original Message-----
>> If you have mysearchnow.com as your startup page you probably still have
>> either Lop or CoolWebSearch and need to get them off your PC.
>>
>> If you feel that you have done all you can to remove unwanted parasites
>> and other malware from your system and are still experiencing problems
>> download a copy of HijackThis from
>> (http://www.spywareinfo.com/~merijn/downloads.html). Create a folder
>> called hijackthis on C: and copy the file you downloaded to that folder.
>> Close as many applications as you can including all instances of
>> Internet Explorer and then run hijackthis.exe and post back the log,
>> provided that it isn't too long, to this thread, otherwise to the
>> HijackThis Forum at http://www.spywareinfo.com/forums/ and hopefully that
> will enable someone to
>> identify the cause of your problem.
>> --?
>> Mike Maltby MS-MVP
>>
>>
>>
>> Jo'Anne > wrote:
>>
>>> Thanks for the info! I've done this parasite search and
>>> found things that I deleted, they helped my IE navigator
>>> but not my Netscape> Any other Ideas??????????????
>>> Thanks for your time
>>
>>
>> .

Jo'Anne
May 18th 04, 10:15 PM
Hi Mike, THANK-YOU SOOOOOOOOO MUCH for ALL your help!!! I=20
deleted the two lines you told me to and the error still=20
come up so I deleted these 2 lines:

N3 - Netscape 7: user_pref
("browser.startup.homepage", "mysearchnow.com");\nuser_pref
("browser.startup.page", 1); (C:\WINDOWS\Application=20
Data\Mozilla\Profiles\default\iy633fw0.slt\prefs.j s)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-
170DE4475CCA} - C:\PROGRAM=20
FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL


and my mail and everything are back!!! Thanks again!!! I=20
know you don't know me from a hole in the ground but I'd=20
kiss you if you were here!
Thanks again, Jo'Anne

>-----Original Message-----
>> O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-
>> 170DE4475CCA} - C:\PROGRAM
>> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
>
>This is the MyWebSearch Toolbar. This could well be the=20
cause of your
>problems. If unwanted either uninstall or use HijackThis=20
to remove this
>toolbar.
>
>> O3 - Toolbar: PlatformTrayLove - {0638B657-540D-0055-
66B2-
>> 4848702F3D66} - C:\PROGRAM FILES\INTERNET SETTINGS
>> FIRST\LESS ONCE.DLL
>
>I am unfamiliar with this. If unwanted either uninstall=20
or use HijackThis to
>remove this toolbar.
>--=20
>Mike Maltby MS-MVP

>
>
>Jo'Anne > wrote:
>
>> Here is the log from Hijackthis:
>>
>>
>> Logfile of HijackThis v1.97.7
>> Scan saved at 1:27:55 PM, on 18/05/2004
>> Platform: Windows ME (Win9x 4.90.3000)
>> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>>
>> Running processes:
>> C:\WINDOWS\SYSTEM\KERNEL32.DLL
>> C:\WINDOWS\SYSTEM\MSGSRV32.EXE
>> C:\WINDOWS\SYSTEM\mmtask.tsk
>> C:\WINDOWS\SYSTEM\MPREXE.EXE
>> C:\WINDOWS\SYSTEM\MSTASK.EXE
>> C:\WINDOWS\SYSTEM\SSDPSRV.EXE
>> C:\WINDOWS\SYSTEM\STIMON.EXE
>> C:\WINDOWS\EXPLORER.EXE
>> C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
>> C:\WINDOWS\TASKMON.EXE
>> C:\WINDOWS\SYSTEM\SYSTRAY.EXE
>> C:\WINDOWS\SYSTEM\WMIEXE.EXE
>> C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
>> C:\PROGRAM FILES\COMMON=20
FILES\REAL\UPDATE_OB\REALSCHED.EXE
>> C:\WINDOWS\SYSTEM\LEXBCES.EXE
>> C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
>> SUPPORT\BTTNSERV.EXE
>> C:\WINDOWS\SYSTEM\RPCSS.EXE
>> C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
>> SUPPORT\EAUSBKBD.EXE
>> C:\WINDOWS\SYSTEM\DDHELP.EXE
>> C:\WINDOWS\SYSTEM\SPOOL32.EXE
>> C:\HIJACKTHIS\HIJACKTHIS.EXE
>>
>> R0 - HKCU\Software\Microsoft\Internet=20
Explorer\Main,Start
>> Page =3D http://mysearchnow.com/passthrough/index.html?
>> http://www.msn.com/
>> N3 - Netscape 7: user_pref
>>=20
("browser.startup.homepage", "mysearchnow.com");\nuser_pref
>> ("browser.startup.page", 1); (C:\WINDOWS\Application
>> Data\Mozilla\Profiles\default\iy633fw0.slt\prefs.j s)
>> O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-
>> 170DE4475CCA} - C:\PROGRAM
>> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
>> O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-
>> 072E-44cf-8957-5838F569A31D} - C:\PROGRAM
>> FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
>> O2 - BHO: (no name) - {77712A64-F30B-47C8-A363-
>> CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
>> O2 - BHO: (no name) - {09F0F280-FB9A-481B-B69A-
>> CB00DC44D027} - C:\PROGRA~1\ADVANC~1\POPUPJ~1.DLL
>> O2 - BHO: (no name) - {DD18418C-4F21-9BC3-EA26-
>> E48292561CC3} - C:\PROGRAM FILES\INTERNET SETTINGS
>> FIRST\LESS ONCE.DLL
>> O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-
B683-
>> 905236F6F655} - C:\PROGRAM=20
FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
>> O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-
>> 170DE4475CCA} - C:\PROGRAM
>> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
>> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
>> 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
>> O3 - Toolbar: PlatformTrayLove - {0638B657-540D-0055-
66B2-
>> 4848702F3D66} - C:\PROGRAM FILES\INTERNET SETTINGS
>> FIRST\LESS ONCE.DLL
>> O4 - HKLM\..\Run: [ScanRegistry]
>> C:\WINDOWS\scanregw.exe /autorun
>> O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
>> O4 - HKLM\..\Run: [PCHealth]
>> C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
>> O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
>> O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
>> O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
>> powrprof.dll,LoadCurrentPwrScheme
>> O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1
>> \MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
>> O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1
>> \MCAFEE.COM\VSO\mcvsshld.exe"
>> O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1
>> \MCAFEE.COM\AGENT\mcagent.exe
>> O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
>> \MCAFEE.COM\AGENT\MCUPDATE.EXE
>> O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
>> O4 - HKLM\..\Run: [LoadQM] loadqm.exe
>> O4 - HKLM\..\Run: [CPQEASYACC] C:\Program
>> Files\Compaq\Easy Access Button Support\cpqeadm.exe
>> O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy
>> Access Button Support\eaclean.exe
>> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
>> Files\Real\Update_OB\realsched.exe" -osboot
>> O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program
>> Files\HighCriteria\TotalRecorder\TotRecSched.exe"
>> O4 - HKLM\..\Run: [SHPC32] shpc32.exe
>> O4 - HKLM\..\Run: [GW Port Controller] C:\PROGRA~1
>> \SAMSUNG\SMARTHRU\PORTCT95.EXE
>> O4 - HKLM\..\Run: [Real Program] C:\PROGRA~1\STOREK~1
>> \HideMixChin.exe
>> O4 - HKLM\..\RunServices: [LoadPowerProfile]=20
Rundll32.exe
>> powrprof.dll,LoadCurrentPwrScheme
>> O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
>> O4 - HKLM\..\RunServices: [*StateMgr]
>> C:\WINDOWS\System\Restore\StateMgr.exe
>> O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1
>> \MCAFEE.COM\VSO\mcvsrte.exe /embedding
>> O4 - HKLM\..\RunServices: [SSDPSRV]
>> C:\WINDOWS\SYSTEM\ssdpsrv.exe
>> O4 - HKLM\..\RunServices: [StillImageMonitor]
>> C:\WINDOWS\SYSTEM\STIMON.EXE
>> O4 - HKCU\..\Run: [PopupJammer] C:\PROGRAM=20
FILES\ADVANCED
>> SEARCHBAR\JAMMER.EXE
>> O4 - Startup: Microsoft Works Calendar Reminders.lnk =3D
>> C:\Program Files\Common Files\Microsoft Shared\Works
>> Shared\wkcalrem.exe
>> O4 - Startup: PowerReg Scheduler.exe
>> O8 - Extra context menu item: Add to White List -
>> C:\PROGRAM FILES\ADVANCED SEARCHBAR\addtolist.js
>> O8 - Extra context menu item: Delete from White List -
>> C:\PROGRAM FILES\ADVANCED SEARCHBAR\delfromlist.js
>> O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F}=20
(Update
>> Class) -
>>=20
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
>> B?1060485860920
>> O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
>> (McAfee.com Operating System Class) -
>> http://bin.mcafee.com/molbin/shared/mcinsctl/en-
>> us/4,0,0,72/mcinsctl.cab
>> O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
>> (DwnldGroupMgr Class) -
>> http://download.mcafee.com/molbin/shared/mcgdmgr/en-
>> us/1,0,0,19/mcgdmgr.cab
>> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
>> (Shockwave Flash Object) -
>>=20
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
>> lash.cab
>> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
>> (MessengerStatsClient Class) -
>>=20
http://messenger.zone.msn.com/binary/MessengerStatsClient.c
>> ab
>> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
>> (Checkers Class) -
>> http://messenger.zone.msn.com/binary/msgrchkr.cab
>> O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}
>> (Solitaire Showdown Class) -
>>=20
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
>> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}
>> (Minesweeper Flags Class) -
>> http://messenger.zone.msn.com/binary/MineSweeper.cab
>> O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun=20
Web
>> Products Installer Start) -
>>=20
http://imgfarm.com/images/nocache/funwebproducts/SmileyCent
>> ralInitialSetup1.0.0.5.cab
>> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
>> Class) -
>>=20
http://207.188.7.150/09ecf7c2adf6c9194d15/netzip/RdxIE601.c
>> ab
>>
>> Thanks for all your time!!! :-)
>>
>>> -----Original Message-----
>>> If you have mysearchnow.com as your startup page you=20
probably still have
>>> either Lop or CoolWebSearch and need to get them off=20
your PC.
>>>
>>> If you feel that you have done all you can to remove=20
unwanted parasites
>>> and other malware from your system and are still=20
experiencing problems
>>> download a copy of HijackThis from
>>> (http://www.spywareinfo.com/~merijn/downloads.html).=20
Create a folder
>>> called hijackthis on C: and copy the file you=20
downloaded to that folder.
>>> Close as many applications as you can including all=20
instances of
>>> Internet Explorer and then run hijackthis.exe and post=20
back the log,
>>> provided that it isn't too long, to this thread,=20
otherwise to the
>>> HijackThis Forum at http://www.spywareinfo.com/forums/=20
and hopefully that
>> will enable someone to
>>> identify the cause of your problem.
>>> --=81
>>> Mike Maltby MS-MVP
>>>
>>>
>>>
>>> Jo'Anne > wrote:
>>>
>>>> Thanks for the info! I've done this parasite search=20
and
>>>> found things that I deleted, they helped my IE=20
navigator
>>>> but not my Netscape> Any other Ideas??????????????
>>>> Thanks for your time
>>>
>>>
>>> .
>
>
>.
>

Mike M
May 18th 04, 10:28 PM
Sorry about that Jo-Anne.

I didn't have my glasses on when I replied to your earlier post which is why I
somehow omitted to mention the N3 and O2 entries which you have rightly now
removed. Sorry about that. That'll teach me to try and do two things at
once.

Mike M


Jo'Anne > wrote:

> Hi Mike, THANK-YOU SOOOOOOOOO MUCH for ALL your help!!! I
> deleted the two lines you told me to and the error still
> come up so I deleted these 2 lines:
>
> N3 - Netscape 7: user_pref
> ("browser.startup.homepage", "mysearchnow.com");\nuser_pref
> ("browser.startup.page", 1); (C:\WINDOWS\Application
> Data\Mozilla\Profiles\default\iy633fw0.slt\prefs.j s)
> O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-
> 170DE4475CCA} - C:\PROGRAM
> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
>
>
> and my mail and everything are back!!! Thanks again!!! I
> know you don't know me from a hole in the ground but I'd
> kiss you if you were here!
> Thanks again, Jo'Anne
>
>> -----Original Message-----
>>> O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-
>>> 170DE4475CCA} - C:\PROGRAM
>>> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
>>
>> This is the MyWebSearch Toolbar. This could well be the cause of your
>> problems. If unwanted either uninstall or use HijackThis to remove this
>> toolbar.
>>
>>> O3 - Toolbar: PlatformTrayLove - {0638B657-540D-0055- 66B2-
>>> 4848702F3D66} - C:\PROGRAM FILES\INTERNET SETTINGS
>>> FIRST\LESS ONCE.DLL
>>
>> I am unfamiliar with this. If unwanted either uninstall or use
>> HijackThis to remove this toolbar.
>> --
>> Mike Maltby MS-MVP
>>
>>
>>
>> Jo'Anne > wrote:
>>
>>> Here is the log from Hijackthis:
>>>
>>>
>>> Logfile of HijackThis v1.97.7
>>> Scan saved at 1:27:55 PM, on 18/05/2004
>>> Platform: Windows ME (Win9x 4.90.3000)
>>> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>>>
>>> Running processes:
>>> C:\WINDOWS\SYSTEM\KERNEL32.DLL
>>> C:\WINDOWS\SYSTEM\MSGSRV32.EXE
>>> C:\WINDOWS\SYSTEM\mmtask.tsk
>>> C:\WINDOWS\SYSTEM\MPREXE.EXE
>>> C:\WINDOWS\SYSTEM\MSTASK.EXE
>>> C:\WINDOWS\SYSTEM\SSDPSRV.EXE
>>> C:\WINDOWS\SYSTEM\STIMON.EXE
>>> C:\WINDOWS\EXPLORER.EXE
>>> C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
>>> C:\WINDOWS\TASKMON.EXE
>>> C:\WINDOWS\SYSTEM\SYSTRAY.EXE
>>> C:\WINDOWS\SYSTEM\WMIEXE.EXE
>>> C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
>>> C:\PROGRAM FILES\COMMON
> FILES\REAL\UPDATE_OB\REALSCHED.EXE
>>> C:\WINDOWS\SYSTEM\LEXBCES.EXE
>>> C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
>>> SUPPORT\BTTNSERV.EXE
>>> C:\WINDOWS\SYSTEM\RPCSS.EXE
>>> C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
>>> SUPPORT\EAUSBKBD.EXE
>>> C:\WINDOWS\SYSTEM\DDHELP.EXE
>>> C:\WINDOWS\SYSTEM\SPOOL32.EXE
>>> C:\HIJACKTHIS\HIJACKTHIS.EXE
>>>
>>> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
>>> Page = http://mysearchnow.com/passthrough/index.html?
>>> http://www.msn.com/
>>> N3 - Netscape 7: user_pref
>>>
> ("browser.startup.homepage", "mysearchnow.com");\nuser_pref
>>> ("browser.startup.page", 1); (C:\WINDOWS\Application
>>> Data\Mozilla\Profiles\default\iy633fw0.slt\prefs.j s)
>>> O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-
>>> 170DE4475CCA} - C:\PROGRAM
>>> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
>>> O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-
>>> 072E-44cf-8957-5838F569A31D} - C:\PROGRAM
>>> FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
>>> O2 - BHO: (no name) - {77712A64-F30B-47C8-A363-
>>> CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
>>> O2 - BHO: (no name) - {09F0F280-FB9A-481B-B69A-
>>> CB00DC44D027} - C:\PROGRA~1\ADVANC~1\POPUPJ~1.DLL
>>> O2 - BHO: (no name) - {DD18418C-4F21-9BC3-EA26-
>>> E48292561CC3} - C:\PROGRAM FILES\INTERNET SETTINGS
>>> FIRST\LESS ONCE.DLL
>>> O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4- B683-
>>> 905236F6F655} - C:\PROGRAM
> FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
>>> O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-
>>> 170DE4475CCA} - C:\PROGRAM
>>> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
>>> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
>>> 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
>>> O3 - Toolbar: PlatformTrayLove - {0638B657-540D-0055- 66B2-
>>> 4848702F3D66} - C:\PROGRAM FILES\INTERNET SETTINGS
>>> FIRST\LESS ONCE.DLL
>>> O4 - HKLM\..\Run: [ScanRegistry]
>>> C:\WINDOWS\scanregw.exe /autorun
>>> O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
>>> O4 - HKLM\..\Run: [PCHealth]
>>> C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
>>> O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
>>> O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
>>> O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
>>> powrprof.dll,LoadCurrentPwrScheme
>>> O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1
>>> \MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
>>> O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1
>>> \MCAFEE.COM\VSO\mcvsshld.exe"
>>> O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1
>>> \MCAFEE.COM\AGENT\mcagent.exe
>>> O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
>>> \MCAFEE.COM\AGENT\MCUPDATE.EXE
>>> O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
>>> O4 - HKLM\..\Run: [LoadQM] loadqm.exe
>>> O4 - HKLM\..\Run: [CPQEASYACC] C:\Program
>>> Files\Compaq\Easy Access Button Support\cpqeadm.exe
>>> O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy
>>> Access Button Support\eaclean.exe
>>> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
>>> Files\Real\Update_OB\realsched.exe" -osboot
>>> O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program
>>> Files\HighCriteria\TotalRecorder\TotRecSched.exe"
>>> O4 - HKLM\..\Run: [SHPC32] shpc32.exe
>>> O4 - HKLM\..\Run: [GW Port Controller] C:\PROGRA~1
>>> \SAMSUNG\SMARTHRU\PORTCT95.EXE
>>> O4 - HKLM\..\Run: [Real Program] C:\PROGRA~1\STOREK~1
>>> \HideMixChin.exe
>>> O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
>>> powrprof.dll,LoadCurrentPwrScheme
>>> O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
>>> O4 - HKLM\..\RunServices: [*StateMgr]
>>> C:\WINDOWS\System\Restore\StateMgr.exe
>>> O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1
>>> \MCAFEE.COM\VSO\mcvsrte.exe /embedding
>>> O4 - HKLM\..\RunServices: [SSDPSRV]
>>> C:\WINDOWS\SYSTEM\ssdpsrv.exe
>>> O4 - HKLM\..\RunServices: [StillImageMonitor]
>>> C:\WINDOWS\SYSTEM\STIMON.EXE
>>> O4 - HKCU\..\Run: [PopupJammer] C:\PROGRAM FILES\ADVANCED
>>> SEARCHBAR\JAMMER.EXE
>>> O4 - Startup: Microsoft Works Calendar Reminders.lnk =
>>> C:\Program Files\Common Files\Microsoft Shared\Works
>>> Shared\wkcalrem.exe
>>> O4 - Startup: PowerReg Scheduler.exe
>>> O8 - Extra context menu item: Add to White List -
>>> C:\PROGRAM FILES\ADVANCED SEARCHBAR\addtolist.js
>>> O8 - Extra context menu item: Delete from White List -
>>> C:\PROGRAM FILES\ADVANCED SEARCHBAR\delfromlist.js
>>> O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
>>> Class) -
>>>
> http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
>>> B?1060485860920
>>> O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
>>> (McAfee.com Operating System Class) -
>>> http://bin.mcafee.com/molbin/shared/mcinsctl/en-
>>> us/4,0,0,72/mcinsctl.cab
>>> O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
>>> (DwnldGroupMgr Class) -
>>> http://download.mcafee.com/molbin/shared/mcgdmgr/en-
>>> us/1,0,0,19/mcgdmgr.cab
>>> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
>>> (Shockwave Flash Object) -
>>>
> http://download.macromedia.com/pub/shockwave/cabs/flash/swf
>>> lash.cab
>>> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
>>> (MessengerStatsClient Class) -
>>>
> http://messenger.zone.msn.com/binary/MessengerStatsClient.c
>>> ab
>>> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
>>> (Checkers Class) -
>>> http://messenger.zone.msn.com/binary/msgrchkr.cab
>>> O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}
>>> (Solitaire Showdown Class) -
>>>
> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
>>> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}
>>> (Minesweeper Flags Class) -
>>> http://messenger.zone.msn.com/binary/MineSweeper.cab
>>> O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web
>>> Products Installer Start) -
>>>
> http://imgfarm.com/images/nocache/funwebproducts/SmileyCent
>>> ralInitialSetup1.0.0.5.cab
>>> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE
>>> Class) -
>>>
> http://207.188.7.150/09ecf7c2adf6c9194d15/netzip/RdxIE601.c
>>> ab
>>>
>>> Thanks for all your time!!! :-)
>>>
>>>> -----Original Message-----
>>>> If you have mysearchnow.com as your startup page you probably still
>>>> have either Lop or CoolWebSearch and need to get them off your PC.
>>>>
>>>> If you feel that you have done all you can to remove unwanted parasites
>>>> and other malware from your system and are still experiencing problems
>>>> download a copy of HijackThis from
>>>> (http://www.spywareinfo.com/~merijn/downloads.html). Create a folder
>>>> called hijackthis on C: and copy the file you downloaded to that
>>>> folder. Close as many applications as you can including all instances
>>>> of Internet Explorer and then run hijackthis.exe and post back the log,
>>>> provided that it isn't too long, to this thread, otherwise to the
>>>> HijackThis Forum at http://www.spywareinfo.com/forums/
> and hopefully that
>>> will enable someone to
>>>> identify the cause of your problem.
>>>> --?
>>>> Mike Maltby MS-MVP
>>>>
>>>>
>>>>
>>>> Jo'Anne > wrote:
>>>>
>>>>> Thanks for the info! I've done this parasite search and
>>>>> found things that I deleted, they helped my IE navigator
>>>>> but not my Netscape> Any other Ideas??????????????
>>>>> Thanks for your time
>>>>
>>>>
>>>> .
>>
>>
>> .

Jo'Anne
May 19th 04, 09:04 PM
No problem at all Mike! Without all your help I'd have=20
stripped everything!!!! :-( But you save my pc! :-)
Thanks again, Jo'Anne
>-----Original Message-----
>Sorry about that Jo-Anne.
>
>I didn't have my glasses on when I replied to your=20
earlier post which is why I
>somehow omitted to mention the N3 and O2 entries which=20
you have rightly now
>removed. Sorry about that. That'll teach me to try and=20
do two things at
>once.
>
>Mike M
>
>
>Jo'Anne > wrote:
>
>> Hi Mike, THANK-YOU SOOOOOOOOO MUCH for ALL your help!!!=20
I
>> deleted the two lines you told me to and the error still
>> come up so I deleted these 2 lines:
>>
>> N3 - Netscape 7: user_pref
>>=20
("browser.startup.homepage", "mysearchnow.com");\nuser_pref
>> ("browser.startup.page", 1); (C:\WINDOWS\Application
>> Data\Mozilla\Profiles\default\iy633fw0.slt\prefs.j s)
>> O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-
>> 170DE4475CCA} - C:\PROGRAM
>> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
>>
>>
>> and my mail and everything are back!!! Thanks again!!! I
>> know you don't know me from a hole in the ground but I'd
>> kiss you if you were here!
>> Thanks again, Jo'Anne
>>
>>> -----Original Message-----
>>>> O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-
B6BB-
>>>> 170DE4475CCA} - C:\PROGRAM
>>>> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
>>>
>>> This is the MyWebSearch Toolbar. This could well be=20
the cause of your
>>> problems. If unwanted either uninstall or use=20
HijackThis to remove this
>>> toolbar.
>>>
>>>> O3 - Toolbar: PlatformTrayLove - {0638B657-540D-0055-=20
66B2-
>>>> 4848702F3D66} - C:\PROGRAM FILES\INTERNET SETTINGS
>>>> FIRST\LESS ONCE.DLL
>>>
>>> I am unfamiliar with this. If unwanted either=20
uninstall or use
>>> HijackThis to remove this toolbar.
>>> --
>>> Mike Maltby MS-MVP
>>>
>>>
>>>
>>> Jo'Anne > wrote:
>>>
>>>> Here is the log from Hijackthis:
>>>>
>>>>
>>>> Logfile of HijackThis v1.97.7
>>>> Scan saved at 1:27:55 PM, on 18/05/2004
>>>> Platform: Windows ME (Win9x 4.90.3000)
>>>> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>>>>
>>>> Running processes:
>>>> C:\WINDOWS\SYSTEM\KERNEL32.DLL
>>>> C:\WINDOWS\SYSTEM\MSGSRV32.EXE
>>>> C:\WINDOWS\SYSTEM\mmtask.tsk
>>>> C:\WINDOWS\SYSTEM\MPREXE.EXE
>>>> C:\WINDOWS\SYSTEM\MSTASK.EXE
>>>> C:\WINDOWS\SYSTEM\SSDPSRV.EXE
>>>> C:\WINDOWS\SYSTEM\STIMON.EXE
>>>> C:\WINDOWS\EXPLORER.EXE
>>>> C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
>>>> C:\WINDOWS\TASKMON.EXE
>>>> C:\WINDOWS\SYSTEM\SYSTRAY.EXE
>>>> C:\WINDOWS\SYSTEM\WMIEXE.EXE
>>>> C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
>>>> C:\PROGRAM FILES\COMMON
>> FILES\REAL\UPDATE_OB\REALSCHED.EXE
>>>> C:\WINDOWS\SYSTEM\LEXBCES.EXE
>>>> C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
>>>> SUPPORT\BTTNSERV.EXE
>>>> C:\WINDOWS\SYSTEM\RPCSS.EXE
>>>> C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
>>>> SUPPORT\EAUSBKBD.EXE
>>>> C:\WINDOWS\SYSTEM\DDHELP.EXE
>>>> C:\WINDOWS\SYSTEM\SPOOL32.EXE
>>>> C:\HIJACKTHIS\HIJACKTHIS.EXE
>>>>
>>>> R0 - HKCU\Software\Microsoft\Internet=20
Explorer\Main,Start
>>>> Page =3D http://mysearchnow.com/passthrough/index.html?
>>>> http://www.msn.com/
>>>> N3 - Netscape 7: user_pref
>>>>
>>=20
("browser.startup.homepage", "mysearchnow.com");\nuser_pref
>>>> ("browser.startup.page", 1); (C:\WINDOWS\Application
>>>> Data\Mozilla\Profiles\default\iy633fw0.slt\prefs.j s)
>>>> O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-
>>>> 170DE4475CCA} - C:\PROGRAM
>>>> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
>>>> O2 - BHO: MyWebSearch Search Assistant BHO -=20
{00A6FAF1-
>>>> 072E-44cf-8957-5838F569A31D} - C:\PROGRAM
>>>> FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
>>>> O2 - BHO: (no name) - {77712A64-F30B-47C8-A363-
>>>> CDA1CEC7DC1B} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
>>>> O2 - BHO: (no name) - {09F0F280-FB9A-481B-B69A-
>>>> CB00DC44D027} - C:\PROGRA~1\ADVANC~1\POPUPJ~1.DLL
>>>> O2 - BHO: (no name) - {DD18418C-4F21-9BC3-EA26-
>>>> E48292561CC3} - C:\PROGRAM FILES\INTERNET SETTINGS
>>>> FIRST\LESS ONCE.DLL
>>>> O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-=20
B683-
>>>> 905236F6F655} - C:\PROGRAM
>> FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
>>>> O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-
B6BB-
>>>> 170DE4475CCA} - C:\PROGRAM
>>>> FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
>>>> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
>>>> 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
>>>> O3 - Toolbar: PlatformTrayLove - {0638B657-540D-0055-=20
66B2-
>>>> 4848702F3D66} - C:\PROGRAM FILES\INTERNET SETTINGS
>>>> FIRST\LESS ONCE.DLL
>>>> O4 - HKLM\..\Run: [ScanRegistry]
>>>> C:\WINDOWS\scanregw.exe /autorun
>>>> O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
>>>> O4 - HKLM\..\Run: [PCHealth]
>>>> C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
>>>> O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
>>>> O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
>>>> O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
>>>> powrprof.dll,LoadCurrentPwrScheme
>>>> O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1
>>>> \MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
>>>> O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1
>>>> \MCAFEE.COM\VSO\mcvsshld.exe"
>>>> O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1
>>>> \MCAFEE.COM\AGENT\mcagent.exe
>>>> O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1
>>>> \MCAFEE.COM\AGENT\MCUPDATE.EXE
>>>> O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
>>>> O4 - HKLM\..\Run: [LoadQM] loadqm.exe
>>>> O4 - HKLM\..\Run: [CPQEASYACC] C:\Program
>>>> Files\Compaq\Easy Access Button Support\cpqeadm.exe
>>>> O4 - HKLM\..\Run: [EACLEAN] C:\Program=20
Files\Compaq\Easy
>>>> Access Button Support\eaclean.exe
>>>> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
>>>> Files\Real\Update_OB\realsched.exe" -osboot
>>>> O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program
>>>> Files\HighCriteria\TotalRecorder\TotRecSched.exe"
>>>> O4 - HKLM\..\Run: [SHPC32] shpc32.exe
>>>> O4 - HKLM\..\Run: [GW Port Controller] C:\PROGRA~1
>>>> \SAMSUNG\SMARTHRU\PORTCT95.EXE
>>>> O4 - HKLM\..\Run: [Real Program] C:\PROGRA~1\STOREK~1
>>>> \HideMixChin.exe
>>>> O4 - HKLM\..\RunServices: [LoadPowerProfile]=20
Rundll32.exe
>>>> powrprof.dll,LoadCurrentPwrScheme
>>>> O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
>>>> O4 - HKLM\..\RunServices: [*StateMgr]
>>>> C:\WINDOWS\System\Restore\StateMgr.exe
>>>> O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1
>>>> \MCAFEE.COM\VSO\mcvsrte.exe /embedding
>>>> O4 - HKLM\..\RunServices: [SSDPSRV]
>>>> C:\WINDOWS\SYSTEM\ssdpsrv.exe
>>>> O4 - HKLM\..\RunServices: [StillImageMonitor]
>>>> C:\WINDOWS\SYSTEM\STIMON.EXE
>>>> O4 - HKCU\..\Run: [PopupJammer] C:\PROGRAM=20
FILES\ADVANCED
>>>> SEARCHBAR\JAMMER.EXE
>>>> O4 - Startup: Microsoft Works Calendar Reminders.lnk =3D
>>>> C:\Program Files\Common Files\Microsoft Shared\Works
>>>> Shared\wkcalrem.exe
>>>> O4 - Startup: PowerReg Scheduler.exe
>>>> O8 - Extra context menu item: Add to White List -
>>>> C:\PROGRAM FILES\ADVANCED SEARCHBAR\addtolist.js
>>>> O8 - Extra context menu item: Delete from White List -
>>>> C:\PROGRAM FILES\ADVANCED SEARCHBAR\delfromlist.js
>>>> O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F}=20
(Update
>>>> Class) -
>>>>
>>=20
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
>>>> B?1060485860920
>>>> O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
>>>> (McAfee.com Operating System Class) -
>>>> http://bin.mcafee.com/molbin/shared/mcinsctl/en-
>>>> us/4,0,0,72/mcinsctl.cab
>>>> O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
>>>> (DwnldGroupMgr Class) -
>>>> http://download.mcafee.com/molbin/shared/mcgdmgr/en-
>>>> us/1,0,0,19/mcgdmgr.cab
>>>> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
>>>> (Shockwave Flash Object) -
>>>>
>>=20
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
>>>> lash.cab
>>>> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
>>>> (MessengerStatsClient Class) -
>>>>
>>=20
http://messenger.zone.msn.com/binary/MessengerStatsClient.c
>>>> ab
>>>> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
>>>> (Checkers Class) -
>>>> http://messenger.zone.msn.com/binary/msgrchkr.cab
>>>> O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}
>>>> (Solitaire Showdown Class) -
>>>>
>>=20
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
>>>> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}
>>>> (Minesweeper Flags Class) -
>>>> http://messenger.zone.msn.com/binary/MineSweeper.cab
>>>> O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}=20
(Fun Web
>>>> Products Installer Start) -
>>>>
>>=20
http://imgfarm.com/images/nocache/funwebproducts/SmileyCent
>>>> ralInitialSetup1.0.0.5.cab
>>>> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71}=20
(RdxIE
>>>> Class) -
>>>>
>>=20
http://207.188.7.150/09ecf7c2adf6c9194d15/netzip/RdxIE601.c
>>>> ab
>>>>
>>>> Thanks for all your time!!! :-)
>>>>
>>>>> -----Original Message-----
>>>>> If you have mysearchnow.com as your startup page you=20
probably still
>>>>> have either Lop or CoolWebSearch and need to get=20
them off your PC.
>>>>>
>>>>> If you feel that you have done all you can to remove=20
unwanted parasites
>>>>> and other malware from your system and are still=20
experiencing problems
>>>>> download a copy of HijackThis from
>>>>> (http://www.spywareinfo.com/~merijn/downloads.html).=20
Create a folder
>>>>> called hijackthis on C: and copy the file you=20
downloaded to that
>>>>> folder. Close as many applications as you can=20
including all instances
>>>>> of Internet Explorer and then run hijackthis.exe and=20
post back the log,
>>>>> provided that it isn't too long, to this thread,=20
otherwise to the
>>>>> HijackThis Forum at=20
http://www.spywareinfo.com/forums/
>> and hopefully that
>>>> will enable someone to
>>>>> identify the cause of your problem.
>>>>> --=81
>>>>> Mike Maltby MS-MVP
>>>>>
>>>>>
>>>>>
>>>>> Jo'Anne > wrote:
>>>>>
>>>>>> Thanks for the info! I've done this parasite search=20
and
>>>>>> found things that I deleted, they helped my IE=20
navigator
>>>>>> but not my Netscape> Any other Ideas??????????????
>>>>>> Thanks for your time
>>>>>
>>>>>
>>>>> .
>>>
>>>
>>> .
>
>
>.
>

Mike M
May 19th 04, 10:05 PM
Thanks for those kind words Jo'Anne. I'm just a bit annoyed at myself for not
including those two in my reply. :-(
--
Mike Maltby MS-MVP



Jo'Anne > wrote:

> No problem at all Mike! Without all your help I'd have
> stripped everything!!!! :-( But you save my pc! :-)