| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 69228 | 2006-05-26 05:39:00 | WHATS GOING ON??????? | av4tarnz (5829) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 457888 | 2006-05-27 10:19:00 | And other people have sigs turned off as well which was my point. You may have noticed that I do not have a Sig as some can be annoying. I am not saying your Sig is but some are. I have not seen your Sig and I have sigs turned off on purpose. Hope you were not offended. Not at all :) It just saves me typing it all the time, thats all. |
Speedy Gonzales (78) | ||
| 457889 | 2006-05-27 11:50:00 | Not at all pressf1.co.nz It just saves me typing it all the time, thats all. OK. Enough said. |
Sweep (90) | ||
| 457890 | 2006-05-28 01:57:00 | I've lost track of whats going on....where are we up to now. :( | Pancake (6359) | ||
| 457891 | 2006-06-01 05:25:00 | Hi Speedy My computer has had several checks and scans done with all sorts of nasties being found (suprise, suprise) and removed. This is the report from Hijack after the computer was started in Safe Mode: Logfile of HijackThis v1.99.1 Scan saved at 4:15:23 p.m., on 1/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\..........\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clear.net.nz/ N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Cs earchplugins%5Cgoogle.src"); (C:\Documents and Settings\Gary Mason\Application Data\Mozilla\Profiles\default\bc5akuhw.slt\prefs.j s) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\RunServices: [Microsoft Update] rnurbvi.exe O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe" "+b1" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Search - kl.bar.need2find.com O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - advnt01.com O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - locator1.cdn.imagesrvr.com O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - download.energy-factor.com O17 - HKLM\System\CCS\Services\Tcpip\..\{F27D134F-87EF-4F90-B583-A3DC4DD58743}: NameServer = 192.168.0.1,0.168.0.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - (no CLSID) - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
av4tarnz (5829) | ||
| 457892 | 2006-06-01 05:36:00 | Boot into safe mode, run HJT again tick these entries and tick fix checked. O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll (file missing) O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\RunServices: [Microsoft Update] rnurbvi.exe O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r O8 - Extra context menu item: &Search - kl.bar.need2find.com O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - advnt01.com O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - download.energy-factor.com O18 - Filter: text/html - (no CLSID) - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install Didn't Adaware or Spybot remove these? If you did a scan with Spybot and Adaware, did you update them first?? |
Speedy Gonzales (78) | ||
| 457893 | 2006-06-01 05:53:00 | Hi Speedy In your last posting to my thread last week (WHATS GOING ON???????) you were saying to restart my computer in Safe Mode then run Hijack again, this was the result: Logfile of HijackThis v1.99.1 Scan saved at 4:15:23 p.m., on 1/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\..........\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clear.net.nz/ N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Cs earchplugins%5Cgoogle.src"); (C:\Documents and Settings\Gary Mason\Application Data\Mozilla\Profiles\default\bc5akuhw.slt\prefs.j s) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll (file missing) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\RunServices: [Microsoft Update] rnurbvi.exe O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe" "+b1" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Search - kl.bar.need2find.com O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - advnt01.com O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - locator1.cdn.imagesrvr.com O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - download.energy-factor.com O17 - HKLM\System\CCS\Services\Tcpip\..\{F27D134F-87EF-4F90-B583-A3DC4DD58743}: NameServer = 192.168.0.1,0.168.0.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - (no CLSID) - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Since last week, several scans have completed and all sorts of nasties have been removed from my computer although it is still largely unusable, so if any more help can be given it will be greatly appreciated. Cheers Av4tarnz |
av4tarnz (5829) | ||
| 457894 | 2006-06-01 06:01:00 | DON'T start another thread, you'll confuse people . You should have continued from the original thread, you posted . Look in the other thread ( . pcworld . co . nz/showthread . php?t=69228&page=3" target="_blank">pressf1 . pcworld . co . nz) And tick the entries in the last post I posted . Can a mod merge these 2 posts . Ta . |
Speedy Gonzales (78) | ||
| 457895 | 2006-06-01 06:05:00 | Scans were done with Spybot and Adaware on my computer although I haven't been able to get onto the net to update them since this drama started. I'm using another computer at the moment, am I able to get the updates from this one somehow? | av4tarnz (5829) | ||
| 457896 | 2006-06-01 06:16:00 | Yup, u can download the updates on any computer . Only thing is, if your pc and the one you're on now arent networked . How are you going to copy the files you download?? Have you got a USB key / drive?? Since the detection update for Spybot is 1 . 7 mb, which is bigger than a floppy . I dont know about Adaware, I'm not using this at the mo . |
Speedy Gonzales (78) | ||
| 457897 | 2006-06-01 06:25:00 | DON'T start another thread, you'll confuse people . You should have continued from the original thread, you posted . Can a mod merge these 2 posts . Ta . Merged! :) |
Jen (38) | ||
| 1 2 3 4 | |||||