Author |
Topic: DAMN IT!!!!! (not CH) (Read 2585 times) |
|
Redd
CH.com Alumnus New Board Hall of Famer
Gender:
Posts: 6661
|
|
Re: DAMN IT!!!!! (not CH)
« Reply #25 on: Dec 29th, 2005, 12:24am » |
Quote Modify
|
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http:/ /www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http:/ /www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http:/ /www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http:/ /www.yahoo.com/search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http:/ /www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http:/ /www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O1 - Hosts: ds.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\YAHOO!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
|
|
IP Logged |
I saw an act of faith today. A man was on his knees, not in a pew in a Church, but in a garden planting seeds. ~~Unknown
|
|
|
Sean_C
Guest
|
|
Re: DAMN IT!!!!! (not CH)
« Reply #28 on: Dec 29th, 2005, 12:29am » |
Quote Modify
Remove
|
Peg you need to bring it to a computer guy for real. Sometimes you can do more damage than good. Its probably a very inexpensive problem to fix too. Just my own experiences Sean...........................
|
|
IP Logged |
|
|
|
Racer1_NC
CH.com Alumnus New Board Hall of Famer
"Beeeyul the Cat"
Gender:
Posts: 1887
|
|
Re: DAMN IT!!!!! (not CH)
« Reply #29 on: Dec 29th, 2005, 9:30am » |
Quote Modify
|
on Dec 29th, 2005, 12:26am, Redd715 wrote: After a quick read of the logs, this one jumps out. I believe it to be a exploit of a Windows flaw, long since patched. Remove it with Hijack This. Delete your IE cache. Delete this one as well.... Quote: And this one.... Quote: Redd, does your system have all the MS updates installed? Bill
|
« Last Edit: Dec 29th, 2005, 9:40am by Racer1_NC » |
IP Logged |
"Everybody's Gotta Learn Sometime."
Eventus stultorum magister.
|
|
|
Azrael
New Board Hall of Famer
Sometimes... Being good just ain't worth it.
Gender:
Posts: 1786
|
|
Re: DAMN IT!!!!! (not CH)
« Reply #30 on: Dec 29th, 2005, 9:41am » |
Quote Modify
|
I recommend that you also delete Windows... It's not neccesary, and just causes problems... PFDAN............................ Drk^Angel P.S. Don't send your broken 'puter to Opus... Ya don't wanna know what he uses 'em for... Send it to me... DA
|
|
IP Logged |
"Hello police? I would like to report a robbery. Someone stole all my beer while I was drunk."
|
|
|
catlind
CH.com Alumnus New Board Hall of Famer
Taz taught me the cluster dance
Gender:
Posts: 3433
|
|
Re: DAMN IT!!!!! (not CH)
« Reply #31 on: Dec 29th, 2005, 10:17am » |
Quote Modify
|
F0, F1, F2, F3 - Autoloading programs from INI files What it looks like: F0 - system.ini: Shell=Explorer.exe Openme.exe F1 - win.ini: run=hpfsched What to do: The F0 items are always bad, so fix them. The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad. Pacman's Startup List can help with identifying an item. You can find the rest of the codes at: http://netsecurity.about.com/od/popupsandspyware/a/aahijackthis_2.htm Go through each one and determine if it's something you recognize or if it's something that should be removed. Cat
|
|
IP Logged |
A true friend is someone who reaches for your hand and touches your heart
If yer gonna be stupid, ya gotta be tough
|
|
|
TomM
New Board Hall of Famer
Gender:
Posts: 2006
|
|
Re: DAMN IT!!!!! (not CH)
« Reply #32 on: Dec 29th, 2005, 11:00am » |
Quote Modify
|
Hit a restore point from before you got infected. TomM
|
|
IP Logged |
"Everyone should believe in something. I believe I'll go fishing." --Thoreau--
|
|
|
Opus
New Board Hall of Famer
(Insert witty comment here)
Gender:
Posts: 2509
|
|
Re: DAMN IT!!!!! (not CH)
« Reply #33 on: Dec 29th, 2005, 5:40pm » |
Quote Modify
|
on Dec 29th, 2005, 9:41am, Drk^Angel wrote:P.S. Don't send your broken 'puter to Opus... Ya don't wanna know what he uses 'em for... |
| DRK, Whats so wrong with building a cluster? Anyway I have 5 boxs that will work just fine. Did you hear about the new exploit? All you have to do is visit a web page and render a certain image file to get your microsoft windows box 0wn3d. Opus/Paul
|
|
IP Logged |
Zed-Zed-nine plural-Zed alpha,
There is no place like home.
|
|
|
TomM
New Board Hall of Famer
Gender:
Posts: 2006
|
|
Re: DAMN IT!!!!! (not CH)
« Reply #34 on: Dec 30th, 2005, 8:51am » |
Quote Modify
|
Paul--want my 386DX? 8Mb Ram, 1200 baud internal modem, 2- 130 Mb hard drives. That was a kick ass machine when I built it in 1990. TomM
|
|
IP Logged |
"Everyone should believe in something. I believe I'll go fishing." --Thoreau--
|
|
|
Azrael
New Board Hall of Famer
Sometimes... Being good just ain't worth it.
Gender:
Posts: 1786
|
|
Re: DAMN IT!!!!! (not CH)
« Reply #35 on: Dec 30th, 2005, 9:45am » |
Quote Modify
|
Good news is... Firefox and Opera users have to actually accept the download and install before their systems get fuq'd. Bad news is... When's the last time a Windoze user ever read a window before pressing yes? Gotta love the irony of the virus pretending to be a AV/anti-spyware program. "Your system is infected..." Really?? LOL PFDAN.................................. Drk^angel
|
|
IP Logged |
"Hello police? I would like to report a robbery. Someone stole all my beer while I was drunk."
|
|
|
Phil L
New Board Veteran
Gender:
Posts: 176
|
|
Re: DAMN IT!!!!! (not CH)
« Reply #36 on: Jan 1st, 2006, 12:44am » |
Quote Modify
|
Well, easy for me to get lost here. Have absolutly no idea what any of you are talking about. When my computor breaks, I call one of my son's and if there not available, then I just shoot it.
|
|
IP Logged |
When I get up in the morning and have to look down to see the grass I know it's going to be a great day.
|
|
|
Azrael
New Board Hall of Famer
Sometimes... Being good just ain't worth it.
Gender:
Posts: 1786
|
|
Re: DAMN IT!!!!! (not CH)
« Reply #37 on: Jan 1st, 2006, 10:20am » |
Quote Modify
|
Isn't shooting your son over a 'puter problem a bit extreme? PFDAN............................... Drk^Angel
|
|
IP Logged |
"Hello police? I would like to report a robbery. Someone stole all my beer while I was drunk."
|
|
|
Jasmyn
CH.com Alumnus New Board Hall of Famer
Each day will be a new trick in life's journey
Gender:
Posts: 2762
|
|
Re: DAMN IT!!!!! (not CH)
« Reply #38 on: Jan 1st, 2006, 10:48am » |
Quote Modify
|
Peg, how you're doing? Got it sorted yet?
|
|
IP Logged |
Jazz
Madness is proclaimed by society’s inability to accept its own infallibility
|
|
|
Redd
CH.com Alumnus New Board Hall of Famer
Gender:
Posts: 6661
|
|
Re: DAMN IT!!!!! (not CH)
« Reply #39 on: Jan 1st, 2006, 11:41am » |
Quote Modify
|
No I don't have it sorted out yet. Some things are cleared up, but others are still hiding somewhere in here.
|
|
IP Logged |
I saw an act of faith today. A man was on his knees, not in a pew in a Church, but in a garden planting seeds. ~~Unknown
|
|
|
|
|
|