Jump to content


Photo

Wont Let Me Open Nightmist

Started by fester919, Aug 08 2004 11:44 AM

  • Please log in to reply
28 replies to this topic

#1 fester919

fester919
  • Members
  • 173 posts

Posted 08 August 2004 - 11:44 AM

wont let me open Nightmist among other thing such as Internet Explorer. when i try to open then it comes up with a error box and it read inside it.....
Windows cannot find 'C:\Program Files\nightmist\nightmist.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.


What the hell is this all about. it does this with all of my other programs. only the programs the run on start up of the computer work. And the way i get on Internet explorer is load up Incredi Mail then go and try to add more immotions and that loads up my Internet Explorer.

Can any one help me PLZ!!! :P
Crits Helius
I am the old felicity, if i were on your friend add helius plz.

#2 jurian

jurian

    YAY! Less Lag!

  • Members
  • 1505 posts

Posted 08 August 2004 - 12:01 PM

looks like your directory is wrong :P

just run explorer and check if that file is in that directory :P

(start>>>run>>>explorer)
Even in death my hate will go on

#3 fester919

fester919
  • Members
  • 173 posts

Posted 08 August 2004 - 12:09 PM

i have allready checked that and the files are there but it wont let me run them :P
Crits Helius
I am the old felicity, if i were on your friend add helius plz.

#4 Mec

Mec
  • Members
  • 602 posts

Posted 08 August 2004 - 06:58 PM

Reinstall nightmist.

#5 fester919

fester919
  • Members
  • 173 posts

Posted 08 August 2004 - 07:02 PM

i have tryed that didnt work
Crits Helius
I am the old felicity, if i were on your friend add helius plz.

#6 jurian

jurian

    YAY! Less Lag!

  • Members
  • 1505 posts

Posted 08 August 2004 - 08:11 PM

ask jlh :P
Even in death my hate will go on

#7 JLH

JLH

    Administrator

  • Admin
  • 1771 posts

Posted 08 August 2004 - 08:15 PM

sounds like it's been virused
http://cdrom.digital...04/NAV10ESD.exe
or maybe spywared
ftp://ftp.download.com/pub/win95/utilities/aaw6181.exe
Anything i post on here is subject to change at any time without notification to the board.

#8 fester919

fester919
  • Members
  • 173 posts

Posted 09 August 2004 - 04:49 PM

i got adaware and its found stuff i deleted them but that didnt help and i got Norton anti-virus and that hasnt found ne thing
Crits Helius
I am the old felicity, if i were on your friend add helius plz.

#9 JLH

JLH

    Administrator

  • Admin
  • 1771 posts

Posted 09 August 2004 - 04:53 PM

take it to a PC service center and get it reinstalled?
Anything i post on here is subject to change at any time without notification to the board.

#10 Cosworth

Cosworth
  • Members
  • 189 posts

Posted 09 August 2004 - 05:25 PM

Windows cannot find 'C:\Program Files\nightmist\nightmist.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

C:\Program Files\Nightmist\nightmst.exe

should be path

is it cause yours is

C:\Program Files\Nightmist\nightmist.exe

where its spelt nightmist.exe

instead of nightmst.exe

? just a sugestion

Edited by Cosworth, 09 August 2004 - 05:26 PM.

Iguanas ate my signature because it had an image in it.

#11 fester919

fester919
  • Members
  • 173 posts

Posted 09 August 2004 - 08:12 PM

thats just my typo just checked with the file it is nightmist.exe just typed wrong lol
Crits Helius
I am the old felicity, if i were on your friend add helius plz.

#12 fester919

fester919
  • Members
  • 173 posts

Posted 09 August 2004 - 08:13 PM

take it to a PC service center and get it reinstalled?

i will take it to a pc service centre but will it cost me ne thing?
Crits Helius
I am the old felicity, if i were on your friend add helius plz.

#13 Cule

Cule
  • Members
  • 762 posts

Posted 10 August 2004 - 12:31 PM

umm why do you want to take it to a pc service if the problem is solved?

#14 Angelus

Angelus
  • Members
  • 1202 posts

Posted 10 August 2004 - 12:44 PM

Use Housecall to check for worms, then find a cure against it.

Also you could get and run Hijackthis and post the log without fixing anything yet (unless you wanne screw up your comp).

Create and Unzip to a folder not your Desktop or the Temp folder, doubleclick HijackThis.exe, and hit "Scan".


That will show if you fcked up yourself, messing with stuff or that you have something redirecting everything. Well that is if you can read the logs. So i need you to post it if you will.
Angelus ingame.
Back into the shadows once again...

#15 jurian

jurian

    YAY! Less Lag!

  • Members
  • 1505 posts

Posted 10 August 2004 - 12:56 PM

reinstall windows lol
Even in death my hate will go on

#16 fester919

fester919
  • Members
  • 173 posts

Posted 21 August 2004 - 08:23 PM

That will show if you fcked up yourself, messing with stuff or that you have something redirecting everything. Well that is if you can read the logs. So i need you to post it if you will.

Logfile of HijackThis v1.98.0
Scan saved at 21:21:13, on 21/08/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\vtbq.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Shentons\Desktop\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchwww.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nightmist...site/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nightmist...site/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.copitmudf...RO_p301f/h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialof....asp?keyword=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4C8F332C-EA64-2898-D357-17557FD17D6F} - C:\WINDOWS\System32\wgy.dll
O2 - BHO: SetupHtml Class - {51641EF3-8A7A-4D84-8659-B0911E947CC8} - C:\WINDOWS\DOWNLO~1\DOWNLO~1.DLL
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)
O2 - BHO: (no name) - {DB1FFEDF-8E75-557C-2555-E97BE0021446} - C:\PROGRA~1\SECTWA~1\real peak.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vzpnrkyn] C:\WINDOWS\System32\zuxigv.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [slowitch] C:\PROGRA~1\SIXTHM~1\BoltForkWave.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [SECTBIASLICENSEFRAG] C:\Documents and Settings\All Users.WINDOWS\Application Data\Part Meal Sect Bias\bat junk.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Shentons"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Shentons"
O4 - Global Startup: A920 Connection Manager.lnk = ?
O4 - Global Startup: A920 Task Scheduler.lnk = ?
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Search.vbs
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downlo..._1021_EN_XP.cab
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymen...ild/vbiewer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...5be907d85a1c422
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {51641EF3-8A7A-4D84-8659-B0911E947CC8} (SetupHtml Class) - http://www.contenido.../instalador.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {C4CA6559-2CF1-48B6-96B2-8340A06FD129} - http://www.adbars.com/adbars.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn283.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn285.exe
Crits Helius
I am the old felicity, if i were on your friend add helius plz.

#17 Angelus

Angelus
  • Members
  • 1202 posts

Posted 22 August 2004 - 09:09 AM

Heh, you have Nightmist as your homepage...addict :P

Anyways saw some wrongs, just run these first to see whatever they can fix (make sure to search for updates before running them):
Spybot
Ad-Aware

Then post a new scan of hijackthis..

Edited by Angelus, 22 August 2004 - 09:09 AM.

Angelus ingame.
Back into the shadows once again...

#18 fester919

fester919
  • Members
  • 173 posts

Posted 22 August 2004 - 09:40 AM

Logfile of HijackThis v1.98.0
Scan saved at 10:38:03, on 22/08/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\AdsGone\adsgone.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\vtbq.exe
C:\Program Files\Nightmist\nightmst.exe
C:\Documents and Settings\Shentons\Desktop\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vmffuaszo...b2Ut_Mh8w0.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nightmist...site/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sapysuhfk...jRO_p301f/h.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialof....asp?keyword=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4C8F332C-EA64-2898-D357-17557FD17D6F} - C:\WINDOWS\System32\wgy.dll
O2 - BHO: SetupHtml Class - {51641EF3-8A7A-4D84-8659-B0911E947CC8} - C:\WINDOWS\DOWNLO~1\DOWNLO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)
O2 - BHO: (no name) - {DB1FFEDF-8E75-557C-2555-E97BE0021446} - C:\PROGRA~1\SECTWA~1\real peak.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [slowitch] C:\PROGRA~1\SIXTHM~1\BoltForkWave.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [SECTBIASLICENSEFRAG] C:\Documents and Settings\All Users.WINDOWS\Application Data\Part Meal Sect Bias\bat junk.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: A920 Connection Manager.lnk = ?
O4 - Global Startup: A920 Task Scheduler.lnk = ?
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Search.vbs
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downlo..._1021_EN_XP.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...5be907d85a1c422
O16 - DPF: {51641EF3-8A7A-4D84-8659-B0911E947CC8} (SetupHtml Class) - http://www.contenido.../instalador.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {C4CA6559-2CF1-48B6-96B2-8340A06FD129} - http://www.adbars.com/adbars.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn283.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn285.exe
Crits Helius
I am the old felicity, if i were on your friend add helius plz.

#19 fester919

fester919
  • Members
  • 173 posts

Posted 22 August 2004 - 10:12 AM

well what do u think u think it is all down hill from here :P :P
Crits Helius
I am the old felicity, if i were on your friend add helius plz.

#20 Angelus

Angelus
  • Members
  • 1202 posts

Posted 22 August 2004 - 10:17 AM

Okey, that looks pretty much the same,

Close your browsers and Windows Explorer windows, then run Hijackthis and check and fix the following:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vmffuaszo...b2Ut_Mh8w0.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sapysuhfk...jRO_p301f/h.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.zpecialof....asp?keyword=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: (no name) - {4C8F332C-EA64-2898-D357-17557FD17D6F} - C:\WINDOWS\System32\wgy.dll
O2 - BHO: SetupHtml Class - {51641EF3-8A7A-4D84-8659-B0911E947CC8} - C:\WINDOWS\DOWNLO~1\DOWNLO~1.DLL
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)

O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - Global Startup: Search.vbs

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...5be907d85a1c422
O16 - DPF: {51641EF3-8A7A-4D84-8659-B0911E947CC8} (SetupHtml Class) - http://www.contenido.../instalador.cab

After you have these fixed, make sure hidden and system files will be shown. Then reboot, boot in safe mode (tap f8 when the computer is booting up). Then find and delete the following (delete whats in bold):

C:\WINDOWS\System32\wgy.dll
C:\WINDOWS\DOWNLO~1\DOWNLO~1.DLL
C:\Program Files\WindUpdates\WinUpdt.exe


I saw 3 other entries im not sure about but just post a new log after you did this.
Angelus ingame.
Back into the shadows once again...

#21 fester919

fester919
  • Members
  • 173 posts

Posted 22 August 2004 - 11:22 AM

Logfile of HijackThis v1.98.0
Scan saved at 12:21:03, on 22/08/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Nightmist\nightmst.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Shentons\Desktop\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nightmist...site/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nightmist...site/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://puuqulqmrvdlr...RO_p301f/h.html
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {DB1FFEDF-8E75-557C-2555-E97BE0021446} - C:\PROGRA~1\SECTWA~1\real peak.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [slowitch] C:\PROGRA~1\SIXTHM~1\BoltForkWave.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SECTBIASLICENSEFRAG] C:\Documents and Settings\All Users.WINDOWS\Application Data\Part Meal Sect Bias\bat junk.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: A920 Connection Manager.lnk = ?
O4 - Global Startup: A920 Task Scheduler.lnk = ?
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Search.vbs
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downlo..._1021_EN_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {C4CA6559-2CF1-48B6-96B2-8340A06FD129} - http://www.adbars.com/adbars.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn283.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn285.exe
Crits Helius
I am the old felicity, if i were on your friend add helius plz.

#22 Angelus

Angelus
  • Members
  • 1202 posts

Posted 22 August 2004 - 11:34 AM

Fix this:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://puuqulqmrvdlr...RO_p301f/h.html

If you do not recognize the names below (like real peak.exe etc). Then you should fix them too, if you're not the only user on that computer you might ask the people who use it as well if they recognize it.

O2 - BHO: (no name) - {DB1FFEDF-8E75-557C-2555-E97BE0021446} - C:\PROGRA~1\SECTWA~1\real peak.exe
O4 - HKLM\..\Run: [slowitch] C:\PROGRA~1\SIXTHM~1\BoltForkWave.exe
O4 - HKLM\..\Run: [SECTBIASLICENSEFRAG] C:\Documents and Settings\All Users.WINDOWS\Application Data\Part Meal Sect Bias\bat junk.exe

Then boot in safe mode again and delete the following, make sure it's not something you use, it looks all custom made so it might be something one of the other computer users made themselves... (might check the date that it was made etc)

C:\Documents and Settings\All Users.WINDOWS\Application Data\Part Meal Sect Bias\bat junk.exe
C:\PROGRA~1\SIXTHM~1\BoltForkWave.exe
C:\PROGRA~1\SECTWA~1\real peak.exe
Angelus ingame.
Back into the shadows once again...

#23 fester919

fester919
  • Members
  • 173 posts

Posted 22 August 2004 - 11:58 AM

Logfile of HijackThis v1.98.0
Scan saved at 12:55:10, on 22/08/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Nightmist\nightmst.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Shentons\Desktop\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nightmist...site/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nightmist...site/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.spuwuoswn...RO_p301f/h.html
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: A920 Connection Manager.lnk = ?
O4 - Global Startup: A920 Task Scheduler.lnk = ?
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Search.vbs
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downlo..._1021_EN_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {C4CA6559-2CF1-48B6-96B2-8340A06FD129} - http://www.adbars.com/adbars.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn283.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn285.exe
Crits Helius
I am the old felicity, if i were on your friend add helius plz.

#24 Angelus

Angelus
  • Members
  • 1202 posts

Posted 22 August 2004 - 12:08 PM

Still having problems? Because it looks pretty clean..only i don't get why this:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.spuwuoswn...RO_p301f/h.html
keeps coming back, doesn't matter much but looks annoying..
Angelus ingame.
Back into the shadows once again...

#25 fester919

fester919
  • Members
  • 173 posts

Posted 29 August 2004 - 02:50 PM

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.spuwuoswn...RO_p301f/h.html

yea thnx alot its working agin now but the search assistant is sooooo annoying b/c keeps coming up on my browserits just really gay thnx alot though
Crits Helius
I am the old felicity, if i were on your friend add helius plz.

#26 Momba

Momba
  • Members
  • 670 posts

Posted 30 August 2004 - 01:39 AM

I am no help here but when you do figure out what the problem is can you send it to Rappy_Ninja?
My inner child is a mean little f*ucker

#27 jurian

jurian

    YAY! Less Lag!

  • Members
  • 1505 posts

Posted 30 August 2004 - 07:27 AM

rofl
Even in death my hate will go on

#28 Rappy_Ninja

Rappy_Ninja
  • Members
  • 2923 posts

Posted 30 August 2004 - 03:28 PM

I am no help here but when you do figure out what the problem is can you send it to Rappy_Ninja?

shhhh


cry
Page/Memo Beatrix

#29 fester919

fester919
  • Members
  • 173 posts

Posted 30 August 2004 - 05:20 PM

lol rappy_ninja try going to google and searching for it u might get a kick out of it and then download it you never no u might like it :P
Crits Helius
I am the old felicity, if i were on your friend add helius plz.
Back to Technical Support


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Nightmist Online Forum
  2. Nightmist
  3. Technical Support
  4. Privacy Policy
  5. Please read the terms of use before posting here ·