Yet Another Bulletin Board

Welcome, Guest. Please Login or Register.
Mar 29th, 2024, 6:15am

Home Home Help Help Search Search Members Members Member Map Member Map Login Login Register Register
Clusterheadaches.com Message Board « DAMN IT!!!!! (not CH) »


   Clusterheadaches.com Message Board
   New Message Board Archives
   2006 General Board Posts
(Moderator: DJ)
   DAMN IT!!!!! (not CH)
« Previous topic | Next topic »
Pages: 1 2  Reply Reply Notify of replies Notify of replies Send Topic Send Topic Print Print
   Author  Topic: DAMN IT!!!!! (not CH)  (Read 2585 times)
Redd
CH.com Alumnus
New Board Hall of Famer
USA 
*****






   
Email

Gender: female
Posts: 6661
Re: DAMN IT!!!!! (not CH)
« Reply #25 on: Dec 29th, 2005, 12:24am »
Quote Quote Modify Modify

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http:/ /www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http:/ /www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http:/ /www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http:/ /www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http:/ /www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http:/ /www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: ds.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
IP Logged

I saw an act of faith today. A man was on his knees, not in a pew in a Church, but in a garden planting seeds. ~~Unknown
Redd
CH.com Alumnus
New Board Hall of Famer
USA 
*****






   
Email

Gender: female
Posts: 6661
Re: DAMN IT!!!!! (not CH)
« Reply #26 on: Dec 29th, 2005, 12:26am »
Quote Quote Modify Modify

O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - C:\Documents and Settings\HP Authorized Custom\Local Settings\Temporary Internet Files\Content.IE5\AYND1VXZ\access[1].exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - C:\Documents and Settings\HP Authorized Custom\Local Settings\Temporary Internet Files\Content.IE5\AYND1VXZ\access[1].exe (file missing) (HKCU)
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\bla.MHT!http://www.turkcode.com//chm.chm::/windllserv.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/9955/20031218/akamai.info.apple.com/iTu nes4/WW/win/019-0123.20031218.zes4d/iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
IP Logged

I saw an act of faith today. A man was on his knees, not in a pew in a Church, but in a garden planting seeds. ~~Unknown
Redd
CH.com Alumnus
New Board Hall of Famer
USA 
*****






   
Email

Gender: female
Posts: 6661
Re: DAMN IT!!!!! (not CH)
« Reply #27 on: Dec 29th, 2005, 12:26am »
Quote Quote Modify Modify

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x 86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/h ousecall/xscan53.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {8C478082-E5D8-4D17-A1A0-3EE4746EE22C} (????.lnk) - http://partnership.yagames.net/m_pc/partnerregister.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,11/mcgdmgr.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4_0_2_10a. cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\system32\catsrvut.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
IP Logged

I saw an act of faith today. A man was on his knees, not in a pew in a Church, but in a garden planting seeds. ~~Unknown
Sean_C
Guest

Email

Re: DAMN IT!!!!! (not CH)
« Reply #28 on: Dec 29th, 2005, 12:29am »
Quote Quote Modify Modify Remove Remove

Peg you need to bring it to a computer guy for real. Sometimes you can do more damage than good. Its probably a very inexpensive problem to fix too.
 
Just my own experiences Undecided
 
Sean...........................
IP Logged
Racer1_NC
CH.com Alumnus
New Board Hall of Famer
USA 
*****




"Beeeyul the Cat"

   
Email

Gender: male
Posts: 1887
Re: DAMN IT!!!!! (not CH)
« Reply #29 on: Dec 29th, 2005, 9:30am »
Quote Quote Modify Modify

on Dec 29th, 2005, 12:26am, Redd715 wrote:
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\bla.MHT!http://www.turkcode.com//chm.chm::/windllserv.exe

 
After a quick read of the logs, this one jumps out. I believe it to be a exploit of a Windows flaw, long since patched. Remove it with Hijack This. Delete your IE cache.
Delete this one as well....
Quote:
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab

And this one....
Quote:
O1 - Hosts: ds.com

Redd, does your system have all the MS updates installed?
 
Bill
« Last Edit: Dec 29th, 2005, 9:40am by Racer1_NC » IP Logged

"Everybody's Gotta Learn Sometime."


Eventus stultorum magister.
Azrael
New Board Hall of Famer
USA 
*****




Sometimes... Being good just ain't worth it.

27810130 27810130   kennkurr  
WWW Email

Gender: male
Posts: 1786
Re: DAMN IT!!!!! (not CH)
« Reply #30 on: Dec 29th, 2005, 9:41am »
Quote Quote Modify Modify

I recommend that you also delete Windows... It's not neccesary, and just causes problems...  Tongue
 
PFDAN............................ Drk^Angel
 
P.S.  Don't send your broken 'puter to Opus... Ya don't wanna know what he uses 'em for... Send it to me... Tongue
 
DA
IP Logged

"Hello police? I would like to report a robbery. Someone stole all my beer while I was drunk."
catlind
CH.com Alumnus
New Board Hall of Famer
USA 
*****




Taz taught me the cluster dance

  kadiya68   kadiya68
WWW Email

Gender: female
Posts: 3433
Re: DAMN IT!!!!! (not CH)
« Reply #31 on: Dec 29th, 2005, 10:17am »
Quote Quote Modify Modify

F0, F1, F2, F3 - Autoloading programs from INI files  
 
What it looks like:
F0 - system.ini: Shell=Explorer.exe Openme.exe
F1 - win.ini: run=hpfsched
 
What to do:
The F0 items are always bad, so fix them. The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad. Pacman's Startup List can help with identifying an item.  
 
 
You can find the rest of the codes at:
http://netsecurity.about.com/od/popupsandspyware/a/aahijackthis_2.htm
 
Go through each one and determine if it's something you recognize or if it's something that should be removed.
 
Cat
 
IP Logged

A true friend is someone who reaches for your hand and touches your heart

If yer gonna be stupid, ya gotta be tough
TomM
New Board Hall of Famer
USA 
*****






   
WWW Email

Gender: male
Posts: 2006
Re: DAMN IT!!!!! (not CH)
« Reply #32 on: Dec 29th, 2005, 11:00am »
Quote Quote Modify Modify

Hit a restore point from before you got infected.
TomM
IP Logged

"Everyone should believe in something. I believe I'll go fishing."
--Thoreau--
Opus
New Board Hall of Famer
USA 
*****




(Insert witty comment here)

  pjbgravely   pjbgravely
WWW Email

Gender: male
Posts: 2509
Re: DAMN IT!!!!! (not CH)
« Reply #33 on: Dec 29th, 2005, 5:40pm »
Quote Quote Modify Modify

on Dec 29th, 2005, 9:41am, Drk^Angel wrote:
P.S.  Don't send your broken 'puter to Opus... Ya don't wanna know what he uses 'em for...

 
DRK,
  Whats so wrong with building a cluster? Anyway I have 5 boxs that will work just fine.  
 
 
Did you hear about the new exploit? All you have to do is visit a web page and render a certain image file to get your microsoft windows box 0wn3d.
 
Opus/Paul smokin
IP Logged

Zed-Zed-nine plural-Zed alpha,

There is no place like home.
TomM
New Board Hall of Famer
USA 
*****






   
WWW Email

Gender: male
Posts: 2006
Re: DAMN IT!!!!! (not CH)
« Reply #34 on: Dec 30th, 2005, 8:51am »
Quote Quote Modify Modify

Paul--want my 386DX? 8Mb Ram, 1200 baud internal modem, 2- 130 Mb hard drives. That was a kick ass machine when I built it in 1990.
TomM
IP Logged

"Everyone should believe in something. I believe I'll go fishing."
--Thoreau--
Azrael
New Board Hall of Famer
USA 
*****




Sometimes... Being good just ain't worth it.

27810130 27810130   kennkurr  
WWW Email

Gender: male
Posts: 1786
Re: DAMN IT!!!!! (not CH)
« Reply #35 on: Dec 30th, 2005, 9:45am »
Quote Quote Modify Modify

Good news is... Firefox and Opera users have to actually accept the download and install before their systems get fuq'd.  Bad news is... When's the last time a Windoze user ever read a window before pressing yes?  Gotta love the irony of the virus pretending to be a AV/anti-spyware program.  "Your system is infected..."  Really?? LOL
 
PFDAN.................................. Drk^angel
IP Logged

"Hello police? I would like to report a robbery. Someone stole all my beer while I was drunk."
Phil L
New Board Veteran
USA 
***





   
Email

Gender: male
Posts: 176
Re: DAMN IT!!!!! (not CH)
« Reply #36 on: Jan 1st, 2006, 12:44am »
Quote Quote Modify Modify

Well, easy for me to get lost here. Have absolutly no idea what any of you are talking about. When my computor breaks, I call one of my son's and if there not available, then I just shoot it.
IP Logged

When I get up in the morning and have to look down to see the grass
I know it's going to be a great day.
Azrael
New Board Hall of Famer
USA 
*****




Sometimes... Being good just ain't worth it.

27810130 27810130   kennkurr  
WWW Email

Gender: male
Posts: 1786
Re: DAMN IT!!!!! (not CH)
« Reply #37 on: Jan 1st, 2006, 10:20am »
Quote Quote Modify Modify

Isn't shooting your son over a 'puter problem a bit extreme?
 
PFDAN............................... Drk^Angel
IP Logged

"Hello police? I would like to report a robbery. Someone stole all my beer while I was drunk."
Jasmyn
CH.com Alumnus
New Board Hall of Famer
Mozambique 
*****




Each day will be a new trick in life's journey

  JazzdeBeer+de+Beer  
Email

Gender: female
Posts: 2762
Re: DAMN IT!!!!! (not CH)
« Reply #38 on: Jan 1st, 2006, 10:48am »
Quote Quote Modify Modify

Peg, how you're doing?  Got it sorted yet?
IP Logged

Jazz Wink

Madness is proclaimed by society’s inability to accept its own infallibility
Redd
CH.com Alumnus
New Board Hall of Famer
USA 
*****






   
Email

Gender: female
Posts: 6661
Re: DAMN IT!!!!! (not CH)
« Reply #39 on: Jan 1st, 2006, 11:41am »
Quote Quote Modify Modify

No I don't have it sorted out yet.  Some things are cleared up, but others are still hiding somewhere in here.
 
IP Logged

I saw an act of faith today. A man was on his knees, not in a pew in a Church, but in a garden planting seeds. ~~Unknown
Pages: 1 2  Reply Reply Notify of replies Notify of replies Send Topic Send Topic Print Print

« Previous topic | Next topic »


Clusterheadaches.com Message Board » Powered by YaBB 1 Gold - SP 1.3.1!
YaBB © 2000-2003. All Rights Reserved.


©1998-2010 Web Vision Enterprises All rights reserved. All information on this site is protected by international copyright laws. You may not re-distribute any information from this site without written permission from Web Vision Enterprises and the webmaster of this site. Violators will be prosecuted.
You may view our privacy policy and financial disclosure statement here

test rss