| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 68211 | 2006-04-21 05:17:00 | TASKBAR | wyndra (1185) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 448185 | 2006-04-21 05:17:00 | Hi i have a xp computer and seem to have developed a extra task bar from somewhere. Reading across it has Make money Music Casino Dating Travel Careers Investing Travel Mortgage search go. It seems to be creating all these popups (apart from a popup stopper)that I cannot stop. How do I remove it. Thankyou. |
wyndra (1185) | ||
| 448186 | 2006-04-21 05:20:00 | Get the file in my sig below. You may have spyware or something. | Speedy Gonzales (78) | ||
| 448187 | 2006-04-25 05:28:00 | Logfile of HijackThis v1.99.1 Scan saved at 4:25:39 p.m., on 25/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Ricoh\Scheduler.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\RMClient\PMCTray.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\DONNAL~1\LOCALS~1\Temp\Rar$EX02.266\Hi jackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {B26251D2-A680-83A7-02F1-F3E6CBC22709} - C:\DOCUME~1\DONNAL~1\APPLIC~1\BENDTH~1\draw less.exe O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1 O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [BlehRoamOneFind] C:\Documents and Settings\All Users\Application Data\coalboneblehroam\lies option.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [HTMBASE] C:\DOCUME~1\DONNAL~1\APPLIC~1\GPLLON~1\BarbTwo.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: e-Reader Scheduler.lnk = C:\Program Files\Ricoh\Scheduler.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: SmartDeviceMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - download.mcafee.com O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - messenger.zone.msn.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - download.mcafee.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - spaces.msn.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - download.mcafee.com O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: MsgPlusLoader.dll O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe |
wyndra (1185) | ||
| 448188 | 2006-04-25 05:35:00 | Speedy will be along shortly to sort you out but in the meantime follow the suggestions in this thread: www.pressf1.co.nz 16 |
FoxyMX (5) | ||
| 448189 | 2006-04-25 06:11:00 | Boot into safe mode, run hijackthis again, tick these entries and tick fix checked. Do you know what the first 3 entries are for? I don't. The 3rd entry I think shouldnt be running from documents and settings. O2 - BHO: (no name) - {B26251D2-A680-83A7-02F1-F3E6CBC22709} - C:\DOCUME~1\DONNAL~1\APPLIC~1\BENDTH~1\draw less.exe O4 - HKLM\..\Run: C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1 O4 - HKLM\..\Run: [BlehRoamOneFind] C:\Documents and Settings\All Users\Application Data\coalboneblehroam\lies option.exe [B]I dont know what this belongs to O4 - HKCU\..\Run: [HTMBASE] C:\DOCUME~1\DONNAL~1\APPLIC~1\GPLLON~1\BarbTwo.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe See if there's a Gator entry in add/remove programs. If there is, uninstall it. O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background |
Speedy Gonzales (78) | ||
| 448190 | 2006-04-25 15:14:00 | O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe is a process belonging to the Claria advertising program by Claria Corporation. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This program is a registered security risk and should be removed immediately. |
SurferJoe46 (51) | ||
| 448191 | 2006-04-25 15:30:00 | . . . . . . . . . . and more . . . O4 - HKLM\ . . \Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1 . EXE /partner BO1 It belongs to the Butterfly Oasis screensaver, brought to us by GAIN (need I say more?) . From the same series: O4 - HKLM\ . . \Run: [MW1HelperStartUp] :\PROGRA~1\MAGICW~1\MW1HEL~1 . EXE /partner MW1 These are screensavers that you can get for free, but this site ScreenScenes Butterfly_Oasis screensaver comes with GAIN branded ads (pop-ups and others) . ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $ 30 . . . . . . . all the while spying on your habits and places you visit and sending you pop-ups . . . . . . . . . . and some more on this stuff: O4 - HKLM\ . . \Run: [BI1HelperStartUp] C:\PROGRA~1\BEACHI~1\BI1HEL~1 . EXE /partner BI1 (notice the "helper" or the "B0, B1 or B2" in the file name . . . it's usually a tip-off to bad stuff), then again anything that calls itself a "helper" is suspect anyway . These are catagorized right down there with BonziBuddy and WebShots . Be careful of getting these "free" and pretty screen savers and desktops . Another is "The Weatherbug" . . . and there are scores of other freebees . If it's a free thing,,,be ye very suspicious . |
SurferJoe46 (51) | ||
| 1 | |||||