jayzzz's thread

Discussion in 'ten-forward' started by Pieter_Arntz, Mar 26, 2003.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi jayzzz,

    I've dedicated this thread to you. :D

    Could you please, after all the cleaning up we did so far, make a new HijackThis log and post that please. That way we can put some more brains to work.
    Also report any errors you get and the problems you're still experiencing.

    Regards,

    Pieter
     
  2. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Thanks. I've been working on/in Spybot since I last posted here, as it took a few passes to get rid of all the items listed. Finally achieved 100%. Then I read all the different options, and put settings in place.

    One problem I know is still alive and well involves my 'puter's inability to see colored fonts/backgrounds applied by me or by others (outgoing or incoming messages) when in Outlook Express or any web-based email, or message group.......I tried to make this group of words orange; I insert the codes and they are typed over my words, but no color appears. Colors work fine on web site pages: are visible and printable. I can't figure out how I'm being blocked from seeing even the color choices I can't use when I look in, for example, Hotmail or the private MSN group I belong to. All I see is an empty box where color options should be. The only colors visible for me in any email messages are those applied to the hyperlinks. Colors behave normally & are printable from an OLD version of Word and from 2 versions of The Print Shop, in addition to the website pages. If anyone could figure this one out, would be great....I think it's the longest-standing of the problems I've got. Includes loss of stationery, too, but I've lost interest in stationery so it doesn't matter.

    I'm going to check and see if I still get the huge and unreadable display at www.microsoft.com's support pages. I'm happy to say that whatever was done with Pieter's help overnight has restored my access to www.mail.com. I've been unable to access the log in page there for about 2 months now....just figured out a couple of days ago that it was not the site's problem when I accessed it from another computer.

    I'm grateful Pieter's friendly help and the warm welcome he's offered me at this forum. Without it, I'd still be trying to get someplace in the forum he found me at. SO my first priority is to re-do the scan he asked me to post. Thanks again. mj
     
  3. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    o_OOne very strange problem that came up a couple of months back is that my Outlook Express spell-check function disappeared. The tab is gone from the group it used to be part of as if it never existed, though the rest of the group is intact. If I try to select spell check while composing a message, it is not an available option. I just looked, and that remains missing. Any ideas on how to find, or even just a theory on how such a thing could happen, would be much-appreciated. Now, on to that log......mj
     
  4. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    :doubt: Here's the latest log...mj

    Logfile of HijackThis v1.92.1
    Scan saved at 7:04:30 AM, on 3/26/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.attbi.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://us4.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://srch-us4.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer=gopher=localhost:1
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    O4 - HKCU\..\Run: [Pop-Up_Scanner] "C:\PROGRA~1\PANICW~1\POP-UP~2\Popupscn.exe"
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~3\PSFree.exe"
    O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
    O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,55/mcinsctl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003031901/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37593.9469097222
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi jayzzz,

    Something strange happened since your last log:
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    These popped up out of nowhere, unless you set the restrictions.
    And I'm surprised that this one:
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe survived both HijackThis and Spybot

    But these are all not very urgent. Let's concentrate on your OE problems first.

    I would like to know if anyone has ever seen this before: O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
    It looks related to the Backweb entry, but I haven't the foggiest about what it does. The name indicates some kind of HP toolbar that could very well be messing up the one of OE.

    Jayzzz,
    Please follow these: Click Start, point to Programs, point to Accessories, point to System Tools, and then click System Restore. The first time you use System Restore, there are two options on the Welcome page:
    - Restore my computer to an earlier time
    - Create a restore point

    Choose to Create and follow the instructions from Windows.
    This way we will have something to go back to in case we get too drastic. :D

    After doing so have HijackThis Fix these:

    O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    and reboot.

    Regards,

    Pieter
     
  6. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Pieter,

    I just typed a brief response to you, and decided to "select all" and choose to make it orange as an experiment. All my text disappeared, leaving behind the words saying orange was encoded. The text is not retrievable thru going backwards. I think that Messenger and Yahoo Messenger are new additions under Tools at the top of the browser page.

    I was wondering if my own tinkering with the security, privacy and advanced options under tools and internet options could have caused the changes you mentioned at the start of your most recent note.

    As I look above, I see that the text that disappeared is there and I'm working in a series of previews. Will see if I can copy and paste it below a horizontal line here, just to see if can, and to avoid re-typing info.

    Then am going to put the computer to sleep to clean cat fur out of the mouse's rolling ball area to see if that's the reason I'm suddenly having trouble aiming at and clicking on the various choices at the top of the page.

    mj
    [hr]
    Pieter-

    Will do as you suggest. Is there any way the changes you mentioned at the start of your most recent message might be related to my tinkering this morning with the Internet Options under Tools related to security and privacy, & advanced settings?

    There WAS a change in the positiion of my links across the top of browser pages that occurred on its own sometime in the processes, and seemed to add some Yahoo links and an AOL one, but I deleted them and got the area looking as it did before. Perhaps they were there and hidden, as I don't use the links across the top of the page, so I keep them hidden off to the right.

    Will get back to you shortly, and again, thanks. mj
     
  7. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Pieter,

    Did as you suggested...and am re-booted. Am going to step away from the computer for about 15 mins. to stuff something in my face, use the restroom, and reassure a neglected-feeling cat. I expect you'll want one or both scans re-run to see if things are really gone or have bounced back. Might also try searching for them by file name?

    mj :)
     
  8. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Hi, Pieter,

    I'm back, but you appear to be off-line. Will check for messages upon returning if I go out of earshot of my PC's speakers, and perhaps do a little searching and scanning while you're gone in anticipation of what you may wish to see then. mj ;)
     
  9. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Pieter,
    Please let me know (by private message?) when you're available, again. Some odd stuff is going on.....snapshot too big to attach and won't paste...mj o_O
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi jayzzz,

    I had to take care of some neglected parts of my family as well. ;)
    The Yahoo buttons were probably replaced by spyware components we removed. They can be removed just as easily if you like.
    About attaching pictures on Wilders, read this thread:
    http://www.wilderssecurity.com/showthread.php?t=2505
    Or mail them to me, like you did the others and I will post them for you.
    I´m going to check up on some links Jooske provided, but I´ll keep an eye on this thread and my mail.
    We don´t have to do it all in one day you know. ;)
    You´re computer is in no danger.

    Regards,

    Pieter
     
  11. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Pieter,

    That's cool...and you're right, of course. It's been a LONG night for me and some relaxation sounds good.
    I may run the Spybot scan again, just to see whassup there.

    F.Y.I., it appears that HijackThis saved the deleted files the 2nd time in with its execute file, which I don't think happened on the first scan. I ran another after doing as you instructed. The machine has also lost some of the speed gained earlier, but even in case of a complete crash, I could contact you/the site and find email from you through the web-based feature of the POP account we've communicated through, using the other computer.

    Hopefully, as the hours pass, someone will see the thread who's run into a situation similar to one or more of my remaining issues in their past experience. I may as well take full advantage of this thread so kindly made available to me.

    BTW, for the readers of this thread who may have feedback: does anyone know if it's usual for pop-up ads to try to open frequently (and be audibly blocked from opening by Pop-Up Stopper which is set to be silent) when there are no open windows on the desktop and only the screensaver is running? That stuff used to only happen when going from site to site, stopped entirely after got pop-up stopper, then started doing this after being suddenly bombarded one night while using MSN Messenger by a different kind of pop-up ad labeled as Messenger Service and blocked by Pop-Up Scanner. I don't see what the ads are that are being blocked because I only see the notification from Pop-Up Stopper as it closes each down.

    Additionally, I can't read most of your home page at this site because I'm seeing a yellow font on a white background. Must highlight to make it legible. And at Microsoft.com, when go to support area, the letters that many of the words are made up of are so huge I can't even see one letter completely on my maximized desktop. This makes their site impossible for me to use from this unit. For months, I thought they were at fault, but know better now. No similar problems at any other site I've visited....

    (sigh) mj
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi jayzzz,

    About the funny pop-ups.
    Try this:
    For Windows 2000 and XP
    * Go to start and click Run
    * Type services.msc
    * Double-click on Messenger.
    * In the Messenger Properties window, select Stop, then choose Disable as the Startup Type.
    * Click OK.

    That is not the MSN Messenger you will be disabling, but the Windows messenger service, which you will never need unless you´re in a network and like to send each other popup-messages.

    Regards,

    Pieter
     
  13. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Perfect timing on your message, Pieter...I just realized that to open ANYthing on my desktop, I now need to use the control key to stop the Pop Up Stopper from blocking, as if all things are ads. Hopefully your idea will change this new development. Thank you very much for mentioning it! ;) mj
     
  14. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Pieter and Jayzzz.

    One observation about Back Web and H/P.
    I found BW in a H/P folder prior to removing it.
    If you browse thru the H/P folders(Program files via my computer>C drive) I bet you will find BW.
    The "Shadow" stuff is still on my pc.I don't have BW any longer though.I suspected a relationship between Shadow and Back Web but never could prove one way or the other whether that is true.
     
  15. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Thank you for the input...hopefully Pieter will understand its details a bit better than I do, and know what to instruct me to do, but I think I've got the general drift. Maybe we can get closer to proof...mj :)
     
  16. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Pieter,
    I did as you suggested, and it looks promising...nothing has popped up in at least 4 minutes, and things were getting pretty thick here. Perhaps the change will also help me regain some of the speed I found earlier but have lost steadily as the afternoon has progressed. A few more clicks of the mouse should tell the tale on that...Any reason NOT to re-run the Spybot and, perhaps, HijackThis again if it does seem to stay slower? No need to reply unless equivalent of screaming, "No, don't do that or all will be lost!" at me....I'm not organized enough to do it right now, anyhow. Also am unsure if it matters what order they are done in or not...that's where my experimental tendencies kick in....(giggle) mj
     
  17. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Pieter and Jayzzz.

    That's the same Back Web that I had.
    According to Jayzzz's log it's in h/p center folder and has the number 137903.
    Shadow Bar has that number also.
    I am curious about that myself.
    But that is the same number and location that I had on my Pavillion.
    I'll Google search and see if I can find something on Shadow Bar.
    Edit*** Google search on "Shadow bar"= a web page on Marketing and creative services.That sounds similar to Back Web.I have been to the Back Web home page and it says Back Web provides the same type of things.Marketing,services etc..
     
  18. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Djayzzz so your the newb i been hearing about

    blaze show up in middile of wilders street

    old western sound effect in the background dah nah nah duh dun dun,

    blaze spit out his bubble gum chew

    :cool:Hey dont i know you from some where young buck?

    :eek:wait a minute arnt you the guy that killed my grand papy stold my dads shoes and ran off with my dog spot.

    :cool:ok budy time to slap leather buck o rue"

    old western sound effect in the background dah nah nah duh dun dun,

    blaze
    :cool:

    jayzzz
    :D

    old western sound effect in the background dah nah nah duh dun dun,

    to be continued lol
     
  19. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    So, Mr. Blaze....what all have you heard about me? I really wanna know. Yup, I'm new to the site...but ain't particularly young, and am definitely not a buck or a guy. That leaves one other option: I'm of the female persuasion; imagine you've heard of 'em. I've got a good disposition IF things in this cowboy town stay friendly. If they don't, I can restore order...or throw a verbal punch if hit first. Your dad's shoes would've been too big for me and your dog, Spot, would upset my cats. Besides, I ain't the thievin' type. Dunno how to slap leather,or exactly what it means, so please go ahead & do it for both of us. I'm not good at faking any kind of accent when posting, so this was likely the first and last effort you'll see from me at that. Pleased to meetcha, however. I don't "lol" much in writing, but do tend to (giggle) here and there. Will be interested in seeing how you follow up on the western theme...or could just be who we are. That's your call, since you've got seniority, but I'm confident you're a gentleman who'll accomodate the wishes of a new lady in your town. ;) mj
     
  20. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
  21. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    :D Blaze is ceryainly back to his old self! :D

    I'm looking forward to part two of the western! ;)
     
  22. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Experiment away jayzzz. Both programs create backups.
    You could try restoring the Shadowbar entry as that seems to be the cause, or at least related, to your slowing down.

    Regards,

    Pieter
     
  23. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :D omg your a female blaze run chaps fall dowen in the full sprint blaze but expose in air

    lol man these cyber names can really throw you off lol
     
  24. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    @ Mr.Blaze,

    I know what you mean. I thought you were an indian too, rather then a cowboy. ;)

    @ jayzzz,

    I'm a bit proud of myself. I found a way to repair IE6 without needing the Windows CD.
    Please follow these steps:

    From the Start menu, select Search, select All Files and Folders.
    Select More Advanced Options and place a checkmark beside Search Hidden Files and Folders option.
    Ensure that Search System Folders and Search Subfolders are also checked.
    In the All or Part of the File Name box, type ie.inf
    In the Look In drop-down menu, select C: or the letter of the hard drive that contains the Windows folder.
    Click the Search button.
    In the search results pane, find the ie.inf file located in Windows\Inf folder.
    Right click the ie.inf file and click Install on the context menu.
    Reboot the computer when the file copy process is complete.

    I've got my fingers crossed.

    Regards,

    Pieter
     
  25. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Pieter-
    Thanks...will print out your instructions and try them. I think the machine is faster this morning than it was last night. Maybe it, too, needed some sleep? (Yes, I know that's far-fetched....) :) mj
     
Thread Status:
Not open for further replies.