baker7

Contributor
 View Profile  See their activity

  • Content Count

    875

  • Joined

  • Last visited

 Content Type 

Posts posted by baker7

  1. Welcome Back Everyone!

    in BestTechie News

    Posted

    *big wave* Hi everyone....gosh, this looks different. Need to get used to the ol' place again.

    Thanks, Jeff, for all your hard work and frustrations.

    Thanks, fellow members for spreading the progress about BT's at the forums where folks scattered to.

    Thanks, Drew, for giving us an outlet and such a gracious invite during our respite. We all need to continue to support his site, as this site was once in its baby stages, too--I see a great partnership in the future. I intend to keep running amuck there. It's here

    And Thanks, Macmarauder, for opening "the vacation home" What a kind thing to do, and I appreciate all that hard work. (he should be an admin, hint, hint...)

    Which reminds me, there are some unresolved hijack logs over there. I know the two sites can't be merged, but can those somehow be transferred, or could the Temp Site stay open till they are resolved? I wouldn't want the OP's to get "stuck" if Macmarauder vacuums up the place.

    Liz

    Jeff:

    I must agree with LIZ on this one man - you fought for what was RIGHT, and you stuck to your guns, and now, Besttechie is here, and we are BACK - I am glad to be a user here, the people here are awesome, and I must say that I am proud of you man - you will go far, and you have your supporters standing ready to assist you ;)

    Go B - Command is yours man - you did it!! ;)

    Baker7

  2. Hjt Log - Possible Newdotnet And Plandvdproblem

    in Malware Removal

    Posted

    Danny:

    I appreciate the response to my posting....I will keep this in mind the next time something happens with Emmanuel.

    However, I needed to begin the backup processs to save important documents, and I have already reformatted the machine in question, and have been getting SP2 updates for her. Once this is done, I'll reenable the networking on Emmanuel, and make connections to my 2000 machine once I get Panda Installed (Need my firewall and antivirus active before doing much more)

    Where did:

    O2 - BHO: (no name) - {116A7486-4EB4-2DA2-14A2-62D3A6375766} - C:\DOCUME~1\buddy\APPLIC~1\TRANSN~1\Dumbball.exe

    and

    O4 - HKLM\..\Run: [extra hide anti ante] C:\Documents and Settings\All Users\Application Data\wipemanagerextrahide\PlanDvd.exe

    come from: Think I downloaded a nasty and when I noticed what it was I deleted it, but firewall was asking forpermission to run plandvd.exe? what is this? Spyware?

    I hope you don't mind me coming back here from time to time to ask assistance with checking out my logs - Since G4 changed things round, most HJT log readers are here, and I feel better knowing someonw CAN tell me what is up......

    Thank you for your efforts :)

    Baker7

    (Brian)

  5. Hjt Log - Possible Newdotnet And Plandvdproblem

    in Malware Removal

    Posted · Edited by baker7

    Hello There:

    I need some HJT log assistance. I think I inadvertantly downloaded a hijacker called newdotnet, and I also have a file called PlanDvd.exe giving me a problem.....Emmanuel cannot seem to find any internet sites, and I think these things may have something to do with it......

    SPECS: HP Pavilion 8860 60 GIG hdd 128 Meg RAM Running WinXP SP2- preformed scans with adaware and spybot, and spybot found some things that I deleted, except it found a reg entry for the Windows Security Center Antivurus disable notify....I used Spybot 1.4 and think that some of these hijacks are slowing my machine down........could someone take a look at this log and let me know what is up?

    Thanks,

    Baker7

    LOG Below]/b]

    Logfile of HijackThis v1.99.1

    Scan saved at 3:57:44 PM, on 10/16/2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\iNtfySvc\intfysvc.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\RealVNC\WinVNC\WinVNC.exe

    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

    C:\WINDOWS\system32\wwSecure.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

    C:\SCANJET\PrecisionScanPro\HPLamp.exe

    C:\Program Files\Logitech\MouseWare\system\em_exec.exe

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

    C:\WINDOWS\system32\hphmon03.exe

    C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

    C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

    C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

    C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe

    C:\Program Files\Real\RealPlayer\RealPlay.exe

    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe

    C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Webroot\Washer\wwDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\HPHipm09.exe

    C:\Program Files\Messenger\msmsgs.exe

    c:\progra~1\intern~1\iexplore.exe

    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\HIJACK THIS 1.99.1\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online

    O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {116A7486-4EB4-2DA2-14A2-62D3A6375766} - C:\DOCUME~1\buddy\APPLIC~1\TRANSN~1\Dumbball.exe

    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_90.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - (no file)

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

    O4 - HKLM\..\Run: [HP Lamp] C:\SCANJET\PrecisionScanPro\HPLamp.exe

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe

    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

    O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

    O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"

    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper

    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [extra hide anti ante] C:\Documents and Settings\All Users\Application Data\wipemanagerextrahide\PlanDvd.exe

    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [sign jugs] C:\DOCUME~1\buddy\APPLIC~1\MIXLIE~1\Axis Start.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

    O4 - HKCU\..\Run: [bLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe

    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Hijacked Internet access by New.Net

    O10 - Hijacked Internet access by New.Net

    O10 - Hijacked Internet access by New.Net

    O10 - Hijacked Internet access by New.Net

    O15 - Trusted Zone: http://www.tfn.net

    O15 - Trusted Zone: http://*.tfn.net

    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

    O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab

    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122481145936

    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} -

    O16 - DPF: {88B507F9-C6B2-45CC-AAB6-720A652DE11C} (TenOfTen Class) - http://download.verizon.net/sfp/Cabs/hst/w...tWebInstall.cab

    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/whatsnext/checkmypc...tivePreQual.cab

    O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.verizon.net/sfp/Cabs/hst/w...tWebInstall.cab

    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} -

    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{3720315E-4868-4ACB-B9D5-8A477ED28305}: NameServer = 4.2.2.2,4.2.2.3

    O23 - Service: Ipswitch Notification Server (inotifysvr) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iNtfySvc\intfysvc.exe

    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

    O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)

    O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

  6. G4 Tech Board Gone

    in Open Chat

    Posted

    I'll put some extra recliners and peanut butter cookies in the Cafe. :)

    *hugs to all*

    Liz

    <{POST_SNAPBACK}>

    Im still waiting for my Donuts and Coffee. :lol:

    <{POST_SNAPBACK}>

    Thanks Liz: You are a sweetie - Thanks for the wonderful welcome ;)

    Baker7 aka Brian

  7. I've Been Banned At G4tv

    in Open Chat

    Posted

    I was banned from G4TV for telling the truth....go figure eh.

    Missfae banned me after I reopened a locked post to respond to her allegations that I jumped the gun on the closures.

    I didn't and posted the post from our Mod board to prove it, I guess she didn't like to be shown up.

    Well, it doesn't matter much, I won't be over there any more after this anyway.

    <{POST_SNAPBACK}>

    What? That is weird, man!

    We are lucky that you're here, Chappy! :D:D

    <{POST_SNAPBACK}>

    Chappy:

    Listen man,

    from what I see of the postings in the last few hours, there are alot of people that want to know why this was done. Closing Tech Support over there to me reeks of the smell of the fact that the people that have been trying to tell G4 to do some things with thier boards, and can't or won't do it, and in order to shut us up, they remove the only half way decent board there: You gave as good as you got man, and thats the truth - I can't wait to see what the hell they do to "explain" thier actions, since G4 does not do that well: God this stinks, but look at all the buddies you have here man!

    I say we use a firehose and we drown and route the admins outta the G4 offices and soak them down till they admit the truth heheheheh nm.......just an evil thought ;-)

    Lets DO THIS heheheheh ;)

    Baker7

  8. G4 Tech Board Gone

    in Open Chat

    Posted

    Its nice to have somewhere to go,even if the mods over at g4 are locking threads about this board and calling them spam.What a bunch of bozos.

    <{POST_SNAPBACK}>

    What is SPAM over there should be any thread that announces the closure of the Techsupport Board, and I say that because there are no admin responses at ALL to explain this, but Mods are locking up all those question threads........Go Figure ;(

    Baker7

  9. G4 Is Closing Its Tech Support Board

    in Open Chat

    Posted

    I think Pete is a Gentlemen: I think that based on what he has heard in the last few hours that he has the RIGHT to be upset at any G4ions that would want to kill off a board where it helps users like myself - I respect Pete because he has the gumption to stand up for what he believes........same with Dave :)

    Thanks Pete.....You are amazing ;)

    Baker7

  10. G4 Tech Board Gone

    in Open Chat

    Posted

    Dont know if its gone but I found my way here! B)

    <{POST_SNAPBACK}>

    They let me know this morning that it was scheduled to be closed today.

    May be lucky and have it open for one more day, but it is going.

    That was my big reason for sticking it out there, and I doubt I will be there much after that.

    Being a moderator was tough and I am almost glad to put that behind me.

    <{POST_SNAPBACK}>

    Baker7 is on board: Lets get to work gentlemen :)

    Is there a way to move those Sticky threads from there to here, so we can have the information within them.............They are all good....and I think it would be a good Idea to have them over here :)

    Baker7