37 replies to this topic

[steve1368]

I did a scan several times with spybot S&D & even tried couple of times on reboot.

There are items unable to be removed:-

My Soft
Redirect host
desktop.kazaa.com=127.0.0.1

another one

Log
Activity.SchedLgu.Txt
C:\Windows|SchedLgu.Txt

Please guide me how to remove the above.

Thanks

Steve

[wllm55]

If I was you I would download and run Ad-Aware also. Ad aware covers the other problems that SpyBot doesn't. Also while you are at it, download and run SpywareBlaster. It runs in the background and stops items BEFORE they get to your computer.

steve1368, on Apr 12 2005, 12:18 AM, said:

I did a scan several times with spybot S&D & even tried couple of times on reboot.

There are items unable to be removed:-

My Soft
Redirect host
desktop.kazaa.com=127.0.0.1

another one

Log
Activity.SchedLgu.Txt
C:\Windows|SchedLgu.Txt

Please guide me how to remove the above.

Thanks

Steve

<{POST_SNAPBACK}>

[Tarun]

steve1368, on Apr 12 2005, 12:18 AM, said:

I did a scan several times with spybot S&D & even tried couple of times on reboot.

There are items unable to be removed:-

My Soft
Redirect host
desktop.kazaa.com=127.0.0.1

another one

Log
Activity.SchedLgu.Txt
C:\Windows|SchedLgu.Txt

Please guide me how to remove the above.

Thanks

Steve

<{POST_SNAPBACK}>

The log you don't need to worry about. As for the redirect host, where did Spybot say it's located?

wllm55, on Apr 12 2005, 07:03 AM, said:

If I was you I would download and run Ad-Aware also. Ad aware covers the other problems that SpyBot doesn't. Also while you are at it, download and run SpywareBlaster. It runs in the background and stops items BEFORE they get to your computer.

<{POST_SNAPBACK}>

I do believe he has all of those applications already. Ad-Aware can get pieces Spybot misses, and Spybot can get pieces Ad-Aware misses. Just one Anti-Malware utility is never enough.

[steve1368]

Tarun, on Apr 12 2005, 09:54 PM, said:

The log you don't need to worry about.  As for the redirect host, where did Spybot say it's located?

I checked the result, it only shows this :
--- Search result list ---
MySoft: Redirected host (Redirected host, fixing failed)

Tarun, on Apr 12 2005, 09:54 PM, said:

I do believe he has all of those applications already.  Ad-Aware can get pieces Spyboy misses, and Spybot can get pieces Ad-Aware misses.  Just one Anti-Malware utility is never enough.

<{POST_SNAPBACK}>

Yes I do have it.

[Tarun]

Check with Hijack This and see if anything Hosts related appears.

[Lee16]

Did you download a host file latley?, i have been getting Spybot/Hijackthis moaning about my latest update to my host file.

--lee

[steve1368]

Tarun, on Apr 13 2005, 10:05 PM, said:

Check with Hijack This and see if anything Hosts related appears.

<{POST_SNAPBACK}>

Lee16, on Apr 14 2005, 12:21 AM, said:

Did you download a host file latley?, i have been getting Spybot/Hijackthis moaning about my latest update to my host file.

--lee

<{POST_SNAPBACK}>

I didn't see anything to do with "Host". I must admit I've installed quite a few softwares lately & also deleted some old softwares. Kazaa was actually deleted from my pc.

Anyway I copy my HijackThis report, in case my newbie eye didn't find what you were asking for.

Logfile of HijackThis v1.99.1
Scan saved at 22:32:13, on 14/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\unzipped\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...463/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2A6F5F-8BAF-4972-ABC6-DA099E47B685}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Steve

[Tarun]

Enumeration of existing IE's BHO's. Safe to remove:
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

Enumeration of suspicious auto-loading registry entries. Safe to remove:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Extra 'Tools' menu items and buttons. Safe to remove:
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)

Download Program Files item. Safe to remove:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...463/mcfscan.cab

Domain hijack, safe to remove. Safe to remove:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2A6F5F-8BAF-4972-ABC6-DA099E47B685}: NameServer = 202.188.0.133 202.188.1.5

Look into Real Alternative if you haven't already.

[Lee16]

Hi steve,

In addition to what Tarun analyzer has said (i'm impressed with that analyzer Tarun ), its safe to remove these as they slow down boot up,


This just creates logs of errors, and can only help you if you can read the logs it creates:

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

This just starts up MSN Messenger every boot up, it can still be started via the icon though:

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background


BTW, the latest MSN Messenger is MSN 7, you can get it from here: http://imagine-msn.c...essenger/en-us/ (click "Get it now")

--lee

[Tarun]

Lee16, on Apr 14 2005, 05:45 PM, said:

Hi steve,

In addition to what Tarun analyzer has said (i'm impressed with that analyzer Tarun  ), its safe to remove these as they slow down boot up,
This just creates logs of errors, and can only help you if you can read the logs it creates:

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

This just starts up MSN Messenger every boot up, it can still be started via the icon though:

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
BTW, the latest MSN Messenger is MSN 7, you can get it from here: http://imagine-msn.c...essenger/en-us/  (click "Get it now")

--lee

<{POST_SNAPBACK}>

It's better to disable those via GUI, thus why I left them alone until his next reply.

[Lee16]

Quote

It's better to disable those via GUI, thus why I left them alone until his next reply.

May i ask why Tarun, iv never heard of removing the reg entries causing problems (but they say you learn something everyday )

--lee

[Tarun]

Lee16, on Apr 15 2005, 08:55 AM, said:

May i ask why Tarun, iv never heard of removing the reg entries causing problems    (but they say you learn something everyday    )

--lee

<{POST_SNAPBACK}>

That's something I'm going to have to ask DjLizard.

Snippet from DjLizard's Site said:

do not ever use msconfig to disable services, only use services.msc (start, run, services.msc). and for some services, it is better to use standard UI to disable them instead of using services.msc, such as with System Restore (only disable it through My Computer-> Properties)

Though that was for services, it's still a good question.

[steve1368]

Lee16, on Apr 15 2005, 05:45 AM, said:

Hi steve,

In addition to what Tarun analyzer has said (i'm impressed with that analyzer Tarun  ), its safe to remove these as they slow down boot up,
This just creates logs of errors, and can only help you if you can read the logs it creates:

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

This just starts up MSN Messenger every boot up, it can still be started via the icon though:

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
BTW, the latest MSN Messenger is MSN 7, you can get it from here: http://imagine-msn.c...essenger/en-us/  (click "Get it now")

--lee

<{POST_SNAPBACK}>

Tarun, on Apr 15 2005, 06:09 AM, said:

It's better to disable those via GUI, thus why I left them alone until his next reply. 

<{POST_SNAPBACK}>

Hi everyone, I've removed the items Tarun suggested, but did not what Lee told me, since I see there might be a better way to remove it , so I wait for further guidance.

After removing, scanning with spybot...the result...the same 2 items still there!!!
Anyway I'm copying the hijackthis list again.

Tarun, have removed Real Player & Quicktime, substituted with "alternatives"

Here is the list:-

Logfile of HijackThis v1.99.1
Scan saved at 22:49:38, on 15/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\unzipped\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


Steve

P/S I sure wish I can get rid of those pesky items.

[Lee16]

Im suprised LSPfix and Hijackthis are not picking up these host file redirects.

OK for the kazza thing try running this program: http://www.spywarein...kazaabegone.zip


For the SchedLgu.Txt file, see here: http://www.safer-net...g/en/faq/6.html

--lee

[DjLizard]

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
^^ This item is safe to remove using HJT, and usually won't come back, unless you get another 'serious error' from Windows to report.

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
^^ This one usually comes back, unless you do what Tarun said, which is "using the GUI", which actually means to use the appropriate interface for disabling MSNM startup, which is:
With MSNM running, go to Tools, Options, Preferences (or in MSN 7, "General"), and uncheck "Automatically run messenger when I log on to Windows"

You should simply delete your hosts file and start it over.

1) Start, Run... CMD
2) CD %systemroot%\drivers\etc
2) ATTRIB -R -H -S -A HOSTS
3) DEL HOSTS

Then run spybot s&d, go to advanced mode, then Tools, then checkmark Hosts file, then click the button to "add spybot s&d's hosts file"

[Tarun]

DjLizard, on Apr 15 2005, 12:37 PM, said:

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
^^ This item is safe to remove using HJT, and usually won't come back, unless you get another 'serious error' from Windows to report.

<{POST_SNAPBACK}>

Right click My Computer, Properties, Advanced , Startup and Recovery Settings, Uncheck "Write an event to the system log".

I'd like Dj to verify that though.

[DjLizard]

Nope, and I DON'T recommend turning the thing you just mentioned off (it's not related - the system log = event viewer\system).

If you really don't want dumprep, disable error reporting (on the same page as Startup and Recovery Settings) - I DO NOT RECOMMEND DISABLING ERROR REPORTING. Error reporting has given me perfect solutions to problems I've had in the past (both on my own machines and my customer machines). It also helps Microsoft collect aggregate crash data, to see how many people are affected by a given problem (the more error reporting everyone does for a given crash, the more priority it will get, and it will get fixed faster - so report those errors!)

-u means usermode and -k means kernel mode
a driver blows up, you get a -k
Iexplore blows up, you get a -u
if error reporting failed, sometimes it gets stuck as a startup entry (it's supposed to say Windows has recovered from a serious error, etc)

[Tarun]

DjLizard, on Apr 15 2005, 01:45 PM, said:

Nope, and I DON'T recommend turning the thing you just mentioned off (it's not related - the system log = event viewer\system).

If you really don't want dumprep, disable error reporting (on the same page as Startup and Recovery Settings) - I DO NOT RECOMMEND DISABLING ERROR REPORTING.  Error reporting has given me perfect solutions to problems I've had in the past (both on my own machines and my customer machines).  It also helps Microsoft collect aggregate crash data, to see how many people are affected by a given problem (the more error reporting everyone does for a given crash, the more priority it will get, and it will get fixed faster - so report those errors!)

-u means usermode and -k means kernel mode
a driver blows up, you get a -k
Iexplore blows up, you get a -u
if error reporting failed, sometimes it gets stuck as a startup entry (it's supposed to say Windows has recovered from a serious error, etc)

<{POST_SNAPBACK}>

Really? I go to Advanced > Error Reporting and disable it but to still alert me on errors. Should I change that?

[steve1368]

Tarun, on Apr 14 2005, 10:57 PM, said:

Domain hijack, safe to remove. Safe to remove:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2A6F5F-8BAF-4972-ABC6-DA099E47B685}: NameServer = 202.188.0.133 202.188.1.5

<{POST_SNAPBACK}>

Tarun, something interesting for you to know. I removed the above item. Guess what I cannot open any webpage after that. I restarted & it worked fine, but the item is back on the HJT list after restart.

Lee16, on Apr 15 2005, 11:12 PM, said:

Im suprised LSPfix and Hijackthis are not picking up these host file redirects.

OK for the kazza thing try running this program: http://www.spywarein...kazaabegone.zip
For the SchedLgu.Txt file, see here: http://www.safer-net...g/en/faq/6.html

--lee

<{POST_SNAPBACK}>

Ran the Kazzabegone, came out with 21 ITEMS, now thats way too many items, don't you think ??

I read the link about the SchedLgu, but this brains didn't understand what it read .... just add to the ignore list, is that the message??

DjLizard, on Apr 16 2005, 12:37 AM, said:

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
^^ This item is safe to remove using HJT, and usually won't come back, unless you get another 'serious error' from Windows to report.

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
^^ This one usually comes back, unless you do what Tarun said, which is "using the GUI", which actually means to use the appropriate interface for disabling MSNM startup, which is:
With MSNM running, go to Tools, Options, Preferences (or in MSN 7, "General"), and uncheck "Automatically run messenger when I log on to Windows"

Understood this, will do it tonite.

DjLizard, on Apr 16 2005, 12:37 AM, said:

You should simply delete your hosts file and start it over.

1) Start, Run... CMD
2) CD %systemroot%\drivers\etc
2) ATTRIB -R -H -S -A HOSTS
3) DEL HOSTS

Then run spybot s&d, go to advanced mode, then Tools, then checkmark Hosts file, then click the button to "add spybot s&d's hosts file"

<{POST_SNAPBACK}>

Now this is alien to me ...mind telling me in simple non techy terms. Thanks

Steve

[Tarun]

steve1368, on Apr 15 2005, 10:10 PM, said:

Tarun, something interesting for you to know. I removed the above item. Guess what I cannot open any webpage after that. I restarted & it worked fine, but the item is back on the HJT list after restart.

Ran the Kazzabegone, came out with 21 ITEMS, now thats way too many items, don't you think ??

<{POST_SNAPBACK}>

KazaaBegone: A Kazaa uninstaller which scans and removes all elements of all Kazaa versions, as well as all of the bundled software that comes with it.
Warning: This version has a bug that can cause your Internet connection to be broken when removing New.Net, WebHancer or CommonName. An update is being worked on. If you still want to use KazaaBegone, download LSPFix to fix your Internet connection (download it before you run KazaaBegone, of course).

That might be why you can't open any website thereafter.