| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 62819 | 2005-10-20 16:08:00 | wowexe.exe question | SurferJoe46 (51) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 397951 | 2005-10-21 03:21:00 | Hmm doesnt sound too good, if it takes 5 mins. Post a HJT log here. Remember to UNZIP the hjt file, and put it in its own folder, before u run it. OK..got a HJT for you: Logfile of HijackThis v1.99.1 Scan saved at 8:18:12 PM, on 10/20/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Mixer.exe D:\SECURITY AREA\gcasServ.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe D:\SECURITY AREA\gcasDtServ.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe D:\SECURITY AREA\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\WINDOWS\system32\wscntfy.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Sony Handheld\Hotsync.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\MSN\MSNCoreFiles\msn.exe C:\Program Files\MSN Messenger\msnmsgr.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\SECURITY AREA\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = On Internet Explorer! Careful! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost; O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SECURI~1\SPYBOT~1\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\ Yahoo! \Common\YIeTagBm.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - D:\SECURITY AREA\SpoofStick\SpoofStickBHO.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - D:\SECURITY AREA\SpoofStick\SpoofStick.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [gcasServ] "D:\SECURITY AREA\gcasServ.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [DELUXECC] C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\SECURITY AREA\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - Startup: HotSync Manager.LNK = C:\Program Files\Sony Handheld\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\ Yahoo! \Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Chat - us.chat1.yimg.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - download.mcafee.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - groups.msn.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - sc.groups.msn.com O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Dwf Viewer Control) - www.autodesk.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - download.mcafee.com O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - www2.verizon.net O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - chat.msn.com O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe |
SurferJoe46 (51) | ||
| 397952 | 2005-10-21 05:55:00 | OK boot into safe mode. Tick these. Tick fix checked. Reboot. O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - www2.verizon.net See if its any better then. |
Speedy Gonzales (78) | ||
| 397953 | 2005-10-21 15:26:00 | OK boot into safe mode . Tick these . Tick fix checked . Reboot . O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp . dll" (file missing) O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - . verizon . net/update/msnw . . . es/vzWebIns . CAB" target="_blank">www2 . verizon . net See if its any better then . I tried clicking off the Verizon updater, {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} and it got mad and would not let me back online . . . . . hadda use another puter on my LAN to get the updater dnloaded and shared the file and got back on again . . I think it's kinda necessary . Verizon is my ISP . The other one: According to CastleCops Security site, 018 - Protocol:msmin is a mistaken "missing" evaluation . msgrapp . dll (often incorrectly listed by HijackThis as missing) and is legitimate as: MSN Messenger 7 . 5, which I use . . it is a Beta version . :D BTW: this AM everything is running just fine, although AVG is still dead :mad: . . . but I don't think I should use AVG as a benchmark until they fix their problem anyway . Still had a double boot this time . . . I might have to go after my online e-mail scanner and see if it's screwing up my systems . . . because MSN Mail always has these neat little pop-ups that till me that I have mail even though I haven't gotten to the actual MSN sign-on yet . Just wondering here if AVG/Grisoft was trying to access auto-updates while I was experiencing the big delays in my system . . . what do you think? Now, there is no traffic (not much anyway) on my DSL Moden nor is there much activity on my Router . . . the duty lights are pretty steady, not blinking madly like yesterday . |
SurferJoe46 (51) | ||
| 397954 | 2005-10-21 18:54:00 | Oops, sorry bout telling u to delete the 1st one then :D Umm, dunno anything about AVG. I dont use it myself. Maybe someone in the forum, who does, maybe able to help you out, with that one. |
Speedy Gonzales (78) | ||
| 397955 | 2005-10-22 03:59:00 | No prob, Speed . . I had a lot of fun getting it back and had a little lifeboat drill using the file-sharing from puter #2 to puter #1 . . . lol . . . . Even though things look better and AVG is up and running again, I still find that F1 is very slow accepting my posts, and it takes forever to refresh the page too . :groan: Can anyone there in NZ-land get a fresh squirrel for the F1 generator? Seems as though the old one is running too slow . I'd be more than happy to bring a US Prairie dog . . they run forever and for less than a squirrel with all the nuts and twigs they need . :rolleyes: BTW and 'WAY off topic: I got some nice NZ grazed mutton today at a speciality meat dealer . . . . I love mutton, the older and stronger the better! The regular butchers here try to sell the US corn-fed crap . . NO FLAVOR AT ALL! Most Americans can't stand the smell and flavor of lamb . That means there's more for me! I want my lamb and mutton to smell up the whole neighborhood when I cook it . :eek: Can't get enough of the real thing! |
SurferJoe46 (51) | ||
| 1 2 | |||||