-
Content Count
875 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by baker7
-
-
Danny:
I appreciate the response to my posting....I will keep this in mind the next time something happens with Emmanuel.
However, I needed to begin the backup processs to save important documents, and I have already reformatted the machine in question, and have been getting SP2 updates for her. Once this is done, I'll reenable the networking on Emmanuel, and make connections to my 2000 machine once I get Panda Installed (Need my firewall and antivirus active before doing much more)
Where did:
O2 - BHO: (no name) - {116A7486-4EB4-2DA2-14A2-62D3A6375766} - C:\DOCUME~1\buddy\APPLIC~1\TRANSN~1\Dumbball.exe
and
O4 - HKLM\..\Run: [extra hide anti ante] C:\Documents and Settings\All Users\Application Data\wipemanagerextrahide\PlanDvd.exe
come from: Think I downloaded a nasty and when I noticed what it was I deleted it, but firewall was asking forpermission to run plandvd.exe? what is this? Spyware?
I hope you don't mind me coming back here from time to time to ask assistance with checking out my logs - Since G4 changed things round, most HJT log readers are here, and I feel better knowing someonw CAN tell me what is up......
Thank you for your efforts
Baker7
(Brian)
-
I am beginning the backup process, just in case I want to reformat Emmanuel - I will do so later this afternoon if I do not get any replies, as I must do some important work today or tomorrow
Baker7
-
BUMP
I am able to connect to the Internet ONLY in safe mode on Emmanuel - Hopefulluy someone will be able to help me figure this one out, as I don't want to be running in safe mode forever -
Baker7
-
Hello There:
I need some HJT log assistance. I think I inadvertantly downloaded a hijacker called newdotnet, and I also have a file called PlanDvd.exe giving me a problem.....Emmanuel cannot seem to find any internet sites, and I think these things may have something to do with it......
SPECS: HP Pavilion 8860 60 GIG hdd 128 Meg RAM Running WinXP SP2- preformed scans with adaware and spybot, and spybot found some things that I deleted, except it found a reg entry for the Windows Security Center Antivurus disable notify....I used Spybot 1.4 and think that some of these hijacks are slowing my machine down........could someone take a look at this log and let me know what is up?
Thanks,
Baker7
LOG Below]/b]
Logfile of HijackThis v1.99.1
Scan saved at 3:57:44 PM, on 10/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\iNtfySvc\intfysvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HIJACK THIS 1.99.1\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {116A7486-4EB4-2DA2-14A2-62D3A6375766} - C:\DOCUME~1\buddy\APPLIC~1\TRANSN~1\Dumbball.exe
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_90.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Lamp] C:\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [extra hide anti ante] C:\Documents and Settings\All Users\Application Data\wipemanagerextrahide\PlanDvd.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sign jugs] C:\DOCUME~1\buddy\APPLIC~1\MIXLIE~1\Axis Start.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [bLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://www.tfn.net
O15 - Trusted Zone: http://*.tfn.net
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122481145936
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} -
O16 - DPF: {88B507F9-C6B2-45CC-AAB6-720A652DE11C} (TenOfTen Class) - http://download.verizon.net/sfp/Cabs/hst/w...tWebInstall.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/whatsnext/checkmypc...tivePreQual.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.verizon.net/sfp/Cabs/hst/w...tWebInstall.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3720315E-4868-4ACB-B9D5-8A477ED28305}: NameServer = 4.2.2.2,4.2.2.3
O23 - Service: Ipswitch Notification Server (inotifysvr) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iNtfySvc\intfysvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
-
I'll put some extra recliners and peanut butter cookies in the Cafe.
*hugs to all*
Liz
<{POST_SNAPBACK}>
Im still waiting for my Donuts and Coffee.
<{POST_SNAPBACK}>
Thanks Liz: You are a sweetie - Thanks for the wonderful welcome
Baker7 aka Brian
-
I was banned from G4TV for telling the truth....go figure eh.
Missfae banned me after I reopened a locked post to respond to her allegations that I jumped the gun on the closures.
I didn't and posted the post from our Mod board to prove it, I guess she didn't like to be shown up.
Well, it doesn't matter much, I won't be over there any more after this anyway.
<{POST_SNAPBACK}>
What? That is weird, man!
We are lucky that you're here, Chappy!
<{POST_SNAPBACK}>
Chappy:
Listen man,
from what I see of the postings in the last few hours, there are alot of people that want to know why this was done. Closing Tech Support over there to me reeks of the smell of the fact that the people that have been trying to tell G4 to do some things with thier boards, and can't or won't do it, and in order to shut us up, they remove the only half way decent board there: You gave as good as you got man, and thats the truth - I can't wait to see what the hell they do to "explain" thier actions, since G4 does not do that well: God this stinks, but look at all the buddies you have here man!
I say we use a firehose and we drown and route the admins outta the G4 offices and soak them down till they admit the truth heheheheh nm.......just an evil thought ;-)
Lets DO THIS heheheheh
Baker7
-
Its nice to have somewhere to go,even if the mods over at g4 are locking threads about this board and calling them spam.What a bunch of bozos.
<{POST_SNAPBACK}>
What is SPAM over there should be any thread that announces the closure of the Techsupport Board, and I say that because there are no admin responses at ALL to explain this, but Mods are locking up all those question threads........Go Figure ;(
Baker7
-
I think Pete is a Gentlemen: I think that based on what he has heard in the last few hours that he has the RIGHT to be upset at any G4ions that would want to kill off a board where it helps users like myself - I respect Pete because he has the gumption to stand up for what he believes........same with Dave
Thanks Pete.....You are amazing
Baker7
-
Dont know if its gone but I found my way here!
<{POST_SNAPBACK}>
They let me know this morning that it was scheduled to be closed today.
May be lucky and have it open for one more day, but it is going.
That was my big reason for sticking it out there, and I doubt I will be there much after that.
Being a moderator was tough and I am almost glad to put that behind me.
<{POST_SNAPBACK}>
Baker7 is on board: Lets get to work gentlemen
Is there a way to move those Sticky threads from there to here, so we can have the information within them.............They are all good....and I think it would be a good Idea to have them over here
Baker7
Welcome Back Everyone!
in BestTechie News
Posted
Jeff:
I must agree with LIZ on this one man - you fought for what was RIGHT, and you stuck to your guns, and now, Besttechie is here, and we are BACK - I am glad to be a user here, the people here are awesome, and I must say that I am proud of you man - you will go far, and you have your supporters standing ready to assist you
Go B - Command is yours man - you did it!!
Baker7