msne.exe Virus or worm ?

eTrust gets my vote.

Glad to hear all is well.

 

Being a Pain..LOL

I have one more problum now.. I lost the address bar in internet explorer..Can some one help me get it back.. I have been trying to get in touch with HP and the have me on a wating list..

 

Right click a blank area of the toolbar and make sure address bar is checked. Move your cursor to the bottom edge till it changes to double (up/down) arrows. Left click/hold and drag down. The toolbar must not be locked.

 

Got it..
One other quick question.. I notice a file on here that runs only once in a while tried to do some research on it and cant find it.. conten~1.exe can some one tell me what it is.. right now its not running..


I was just in touch with HP Suport and they said it was not a virus but could not tell me what it is.. I looked all over the internet for it and could not find any thing about it.. does any one have any Idea ?

 

This should be the path to it.
C:\PROGRA~1\HPINST~1\plugin\bin\CONTEN~1.EXE
Looks like it might be an HP folder. Confirm?

 

Thats the one.. Sorry to be a pest..

 

Quite alright.

 

I just want to thank you all for you help.. You all are life savers and have saved me a lot of money.. Thanks to every one.. JimBo

 

Hey, you're welcome! We're all here to help, and learn from others too.

Check out the pinned Spyware/slyware thread and load some of the suggested protections. SpywareBlaster, IESpyads, Spybot's immunize feature. With the firewall installed now and those things too, you'll be well protected. Happy surfing!

 

I Know you all are going to get tired of me.. New problum.. I am getting invaled user name and pass word and remote computer did not respond in a timly manner.. I have been in touch with our isp and they say every thing is fine.. Uggggg.. I am about readay to through the PC out the window.. I am posting a hijack file..

Logfile of HijackThis v1.97.7
Scan saved at 7:48:36 PM, on 6/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>;*windowsupdate.com;download.microsoft.com;*windowsupdate.microsoft.com;codecs.microsoft.com;activex.microsoft.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVComS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: SlipStream.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\slipaccel.exe/227
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DC16C3C-7DCF-44C1-A2BD-7916EE770E71}: NameServer = 66.90.133.117 66.90.130.10

 

Right click the desktop and choose new>folder. Name it HJT. Cut and paste HijackThis.exe from C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 5 for hijackthis.zip to that folder.

You will need to show hidden files and folders.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;<local>;*windowsupdate.com;download.microsoft.com;*windowsupdate.microsoft.com;codecs.microsoft.com;activex.microsoft.com
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe


Open internet options in the control panel and delete temporary internet files. Check the box for offline content.
Open the Java Plug-in in control panel. Click cache tab then clear. Click update tab and check for updates.
Open C:\Documents and settings\username\Local Settings\temp, select all and delete.
Empty the recycle bin.

Reboot and see how things are. Post another log if still having problems.