something is amiss

everyone should check their settings in spybot S&D, especially under the
"IGNORE PRODUCTS" heading under expert settings.
it seems some malware has the capability of checking off their products so that spybot S&D ignores it during its scan.
If there are objects checked, uncheck them if you want spybot to find these files, like mywebsearch, which hijacks your homepages....
hope this is of help to somebody out there.
Skitz

 

i checked and there were three boxes checked off. ....LSP.New.Net, NewNet,...and SideStep.
i do not know enough to know if i want to uncheck those boxes so HELP please. aloha

 

I too, had the same three, along with MySearch checked off. I unchecked and ran, but got the congratulatory things are hunky, dory, when they're as about:blank as can be. As I'm sure this is a FINE homepage{especially if my mind was about:blank}, and probably a tad more spiritual than my present choice tracking B*****ds down to help fillinthe:blanks.ani, I still enjoy freedom of choice. At the risk of being_________{fill in your own adverbs-5 adverb limit} here's my HJT log. I know the obvious sp.html-about blank ones, but no matter how I reregister, the darlings come back. I found a hidden one in spybloc but..........Any help in this dilemna or in my new found tracking obsession would be greatly appreciated GOD bless Logfile of HijackThis v1.98.0
Scan saved at 2:33:35 PM, on 6/30/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\ups.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Office51\SOINTGR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amw.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.amw.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {76AF4501-9FFF-44AB-9C88-83473BCA99F0} - C:\WINNT\system32\jelnf.dll
O2 - BHO: Webster Toolbar - {9E1128F1-53FA-11d5-8490-0048548030CA} - C:\WINNT\Downloaded Program Files\m-wtoolbar.dll
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\PROGRA~1\Office51\SOINTGR.EXE
O4 - HKLM\..\Run: [AtomicTime] \\Blackelk\DL2\NTP Clients\W2K\Clients\tmp\AtomicTime.exe s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [Adaware Bootup] C:\Program Files\Lavasoft Ad-Aware\Ad-aware.exe /Auto /Log "C:\Program Files\Lavasoft Ad-Aware\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Collegiate &Dictionary - C:\Program files\Merriam-Webster Toolbar\dictionary.htm
O8 - Extra context menu item: Collegiate &Thesaurus - C:\Program files\Merriam-Webster Toolbar\thesaurus.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - (no file)
O9 - Extra button: Merriam-Webster - {BAC53F31-6090-11d5-8497-0048548030CA} - C:\WINNT\Downloaded Program Files\m-wtoolbar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Support - {046B2807-9A6C-4775-BCDB-C59E25711FBC} - http://www.comcastsupport.com/ (file missing) (HKCU)
O9 - Extra button: Help - {47346C69-7C74-4F40-8FA9-076881C38186} - http://online.comcast.net/help/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {AC97724F-E81D-4839-AD69-AE014B6D16F0} - http://www.comcast.net/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50019/QDow_AS2.cab
O16 - DPF: {F798683C-FE05-436C-B0FF-35B9122E9787} - http://www.m-w.com/tools/toolbar/cabs/m-w.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = workgroup
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = workgroup
O18 - Filter: text/html - {712E3985-EE37-4DFD-9905-4DD6137E1F32} - C:\WINNT\system32\jelnf.dll
O18 - Filter: text/plain - {712E3985-EE37-4DFD-9905-4DD6137E1F32} - C:\WINNT\system32\jelnf.dll

 

i didnt get much past 'i have the same three plus'. sooo, what do i do? (to whoever answers, i need idiot proof step by step instructions). aloha laurie

 

Open SpyBot S&D 1.3. Click on Mode and check Advanced. There will now be a Settings entry in the left column. Clicking it will show you several categories in the right pane. Choose Ignore Products and scroll down to find the four that are checked and uncheck them (if you wish).

 

Never mind. I see that's not what you were asking.

 

As patience, or lack thereof, is one of the elements keeping my virtuosity meter out of the red, along with an abundance of what the heck, I fixed whacked or whatevered the log results. This left me with a much improved blank about:blank page. Rescanning I get two keys that won't go away or be fixed neutered or whatevered. these being F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\SYSTEM32\Userinit.exe, any ideas on extermination anyone? Good or bad. dfish

 

Userinit.exe is legit.

 

?????????

 

Inquiring minds really want to know........

 

Thank you for the help and advice, Chaslang. I shall do just that and start anew.

 

Just got home and checked mine. I had a total of five that were checked. Unticked them and ran scan...clean. Rebooted and checked again to see if any were checked, none were. Wonder what this is all about?