I was going to Post this as Help!

[Guest Drovers Dog]

:P

Hey, let's get something straight!!! This is not a FLAME TO ANYBODY!!!

I am really concerned, as most should be!

I have a Dual Boot System, Win98SE and XP Home!

I found out tonight, that XP Home detects Gator in all WIN98 Instsall Programs, yet WIN98SE does not!

To Discuss this, and to give some Back up, I PMed an Administrater, just to check out if I was doing it right, under XP Home at the time, and found PMs that don't show up under WIN98SE, even though BOTH are under MSN Messenger!

Those PMs were VITAL!!!

Thank God we are so Understanding here!!

I publicly appologise to any misunderstanding to all concerned, then ask for their help to sort this out!!

Can anyone explain why??? XP only sends Messages to XP? Why does it find Gator in old Windows Programs? Or have I just been HiJacked??

Please help sort this out first, it Scott me!!

:censored: :D

[Guest northamuk]

Sorry I don't understand the problem, you might have to wait until Nellie, ellas or Mr Mouse get here.

[Guest Drovers Dog]

:P

On the Old Problem,

First Link is for Win98SE, Good Score, No CPU Usage!!

http://www.pcpitstop.com/TechExpress.asp?id=QLTLAWMMAFUSM9FX

Second one for XP Home on the exact same Machine!!!

http://www.pcpitstop.com/TechExpress.asp?id=NUY0AWKK7TUS7HFX

Notice tthe 3% cpu usage? WHY???

Have I been HiJacked?

Why does XP Home find these Gator Files? That is internal, not shown!!!

:censored: :D

[Guest northamuk]

I don't use dual Boot and I don't have XP, sorry. Somebody will have the answer but it might be a while, time difference etc.

[Guest Drovers Dog]

:P

I am really covered, I think, as regards to most AV, Adware, Sptbot, etc, It just freaks me out that two identitical Systems, on Set up, as far as possible would be so different???

:censored: :D

[Guest Drovers Dog]

:P

Thanks, Northy!

BTW two of your messages were just read tonight, Sorry, Mate!!

:censored: :D

[nellie2]

I haven't checked your scores because I'm at work at the minute... but you have two different o/s there, two different sets of system files and in effect two different systems. So you could have something on one and not the other!! Run adaware or spybot on the XP system to get rid of the Gator.

In XP where you have mulitple user accounts it is quite common for one user account to be clean and the other to be loaded down with all sorts of rubbish!!! :)

[Guest Drovers Dog]

I haven't checked your scores because I'm at work at the minute... but you have two different o/s there, two different sets of system files and in effect two different systems.  So you could have something on one and not the other!!  Run adaware or spybot on the XP system to get rid of the Gator. 

In XP where you have mulitple user accounts it is quite common for one user account to be clean and the other to be loaded down with all sorts of rubbish!!! :)

:P

Nellie, they are set up the same, with only 1 user, I really think that my XP Home has been HiJacked, which would explain the first part of my Post????

I am NOT familiar with XP!!!

Going crazy where that 3% usage of CPU is going!!!

:censored: :D

[Guest Drovers Dog]

:P

Just in case, here is the HiJackThis from XPHome!

Logfile of HijackThis v1.97.7

Scan saved at 4:14:03 PM, on 27/04/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\PROGRA~1\Grisoft\AVG6\avgserv.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

D:\WINDOWS\System32\wpabaln.exe

D:\Documents and Settings\Ray Stewart\Local Settings\Temp\Temporary Directory 2 for hijackthis1977.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iprimus.com.au/

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://H:\content\include\XPPatchInstaller.CAB

O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://H:\Content\include\msSecUcd.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{138CA585-5D4C-49D4-B0A9-E861E99410C8}: NameServer = 203.134.12.90 203.134.102.90

O17 - HKLM\System\CS1\Services\Tcpip\..\{138CA585-5D4C-49D4-B0A9-E861E99410C8}: NameServer = 203.134.12.90 203.134.102.90

I will go do one on WIN98SE

:censored: :D

[nellie2]

DD can you re-tick everything that you have unticked using msconfig... just for the hijack post... otherwise I can't see what is REALLY on your system. Nothing nasty is jumping out at me at the minute though!

[Guest Drovers Dog]

:P

Thank you, the most Loveliest English Rose I KNOW!!!

Here is WIN98SE, from Win98SE!!!

Logfile of HijackThis v1.97.7

Scan saved at 9:55:10 PM, on 4/27/04

Platform: Windows 98 SE (Win9x 4.10.2222B)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\CARPSERV.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\PROGRAM FILES\WINZIP\WINZIP32.EXE

C:\UNZIPPED\HIJACKTHIS1977\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iprimus.com.au/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE System\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8084.9963773148

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

:censored: :D

[mark2]

DD do you have disk indexing enabled on your XP drive ?

[Guest Drovers Dog]

:P

Mark 2, I am a total newbie to XP!!!

Here is the latest HiJackThis with ALL the Start up checks taken off!!

Logfile of HijackThis v1.97.7

Scan saved at 10:09:50 PM, on 27/04/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\PROGRA~1\Grisoft\AVG6\avgserv.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

D:\WINDOWS\SOUNDMAN.EXE

D:\Program Files\QuickTime\qttask.exe

D:\WINDOWS\System32\TrayIcon.exe

D:\Program Files\MSN Messenger\msnmsgr.exe

D:\WINDOWS\System32\RUNDLL32.EXE

D:\WINDOWS\System32\ctfmon.exe

D:\Documents and Settings\Ray Stewart\Local Settings\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe

D:\WINDOWS\System32\wpabaln.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iprimus.com.au/

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DisplayTrayIcon] D:\WINDOWS\System32\TrayIcon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://H:\content\include\XPPatchInstaller.CAB

O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://H:\Content\include\msSecUcd.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{138CA585-5D4C-49D4-B0A9-E861E99410C8}: NameServer = 203.134.12.90 203.134.102.90

O17 - HKLM\System\CS1\Services\Tcpip\..\{138CA585-5D4C-49D4-B0A9-E861E99410C8}: NameServer = 203.134.12.90 203.134.102.90

I am honest, I am confused how XP won't send Messages to WIN98SE???? and finds Gator???? in previous Versions??

From my own experience, as from today, WIN98SE sends quite nicely to XP!

Sorry if I sound STUPID? Maybe I AM?

No offense ever meant, nor intended, I am just so------ You all know what!!!

:censored: :D

:censored: :D

[mark2]

To check for disk indexing, r/click the drive > properties check box for disk indexing.

Also

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

is on your XP system but not 98, it can be a bit of pain using CPU cycles

http://www.liutilities.com/products/wintas...library/ctfmon/

and

http://www.answersthatwork.com/Tasklist_pages/tasklist_c.htm

CTFMon comes with Microsoft Office XP and Windows XP – it activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office XP Language Bar. As long as the  Text Services & Speech  are enabled in the Control Panel, this program will force itself back into your list of background program

I'm looking further into your log.

[Guest Drovers Dog]

:P

I am really upset and confused that it seems that M$ has found another way to induce everyone into XP!!!

I sincerely hope I am quite wrong about this, but to all the people hurt from my problems, please accept my apologies!! I would never hurt, knowingly, ANYONE, but it seems some got hurt!! I am Truely Sorry!!!

:censored: :D

[mark2]

I don't see any indication of malware in either log.

How/where is XP finding Gator ?

[Guest Drovers Dog]

:P

Thanks Mark 2,

It found it at first on a copy of WIN98SE installed on an other Drive, E:, then found it on each Disk inserted, regarding WIN98SE, including a Disk for upgrade, that I had, ALL were Legal!!!

:censored: :D

[Guest Drovers Dog]

:P

I have had so much problems getting this Dual System up and running, but have stuck to it!!!

I just want people to know, MAYBE, Bill doesn't want that to happen, maybe we are being Punished to try?

I don't think there are too many WIN98SE\XP Home Systems out there???

That would be the real SHAME?

The real WONDER is my Kids can Play ALL their Games, as long as they are installed in WIN98SE in EITHER System!!

Maybe that is where my Problem is??

:censored: :D

[Guest Drovers Dog]

:P

As always, I try to look at each Problem Laterley, meaning from all sides!!

BTW the Gator found cannot be removed, and is found by using File search for Gator, that is so strange!!!! Particularly if you have an unexplained 3% CPU usage?

Help will HELP ME!!!

:censored: :D

[mark2]

DD,

I'm not understanding how XP is doing the finding/identifying of Gator, or are you using windows explorer and finding them ? :huh:

[Guest Drovers Dog]

:P

As above Find Files under XP Finds, It has a 3% CPU Usage!!!

Under WIN98SE there is nothing there!! 0% CPU Usage???

:censored: :D

[Guest Drovers Dog]

:P

If I haven't been HiJacked, What is happening?

:censored: :D

[Guest Drovers Dog]

:P

Should I start all over again???

:censored: :D

[Guest Drovers Dog]

:P

What really worries me, is the way XP seems to discriminate against WIN98SE, it was particularly embarrassing to me!! I am so SORRY to Everyone!!! I really diddn't know!!!

:censored: :D

[mark2]

DD post a screen shot of your processes tab in task manager we should see what is using that 3% then