zinblog

4butts · 10-23-2007, 09:04 AM

Hi, i have a problem with my computer.my home page is set to
zinblog.com (which is greyed out and cannot be edited), my task
manager is disabled, the RUN link under the Search icon is missing.
i did install hijack this suggested to me:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\lvhidsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\lsass.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://zinblog.com/
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system\lsass.exe
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS
\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS
\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /
STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware
\SUPERAntiSpyware.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT
\AUTOBACK.EXE
O4 - Global Startup: MSconfig.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System,
DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C334BF5-72A1-4E7E-AE86-
CEA018E853A9}: NameServer = 203.167.0.17 203.167.0.18
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware
\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o.
- C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:
\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver
\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files
\iPod\bin\iPodService.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS
\System32\lvhidsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate
Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

pcbutts1 · 10-23-2007, 06:52 PM

Your log is incomplete. Use my script it is much better then HJT. After you
run it it will place a log file in the same folder, cut and paste that log
file here so I can see it.

http://www.pcbutts1.com/downloads/runningnow.zip

VBS - Warning

If your anti-virus software warns you of a "malicious" script, this is
normal if you have "Script Safe" or similar technology enabled. This script
is not malicious, and it does not make any changes to your System.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

"4butts" <proputts@googlemail.com> wrote in message
news:1193148266.046250.293690@v29g2000prd.googlegr oups.com...
> Hi, i have a problem with my computer.my home page is set to
> zinblog.com (which is greyed out and cannot be edited), my task
> manager is disabled, the RUN link under the Search icon is missing.
> i did install hijack this suggested to me:
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Sygate\SPF\smc.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
> C:\WINDOWS\System32\lvhidsvc.exe
> C:\WINDOWS\System32\nvsvc32.exe
> C:\WINDOWS\explorer.exe
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
> C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
> C:\WINDOWS\lsass.exe
> C:\WINDOWS\System32\wuauclt.exe
> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
> C:\Program Files\Internet Explorer\IEXPLORE.EXE
> C:\Program Files\Hijackthis\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://zinblog.com/
> F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system\lsass.exe
> F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS
> \System32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS
> \System32\NvMcTray.dll,NvTaskbarInit
> O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /
> STARTUP
> O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
> O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
> ActiveSync\WCESCOMM.EXE"
> O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware
> \SUPERAntiSpyware.exe
> O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT
> \AUTOBACK.EXE
> O4 - Global Startup: MSconfig.exe
> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
> present
> O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System,
> DisableRegedit=1
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
> O17 - HKLM\System\CCS\Services\Tcpip\..\{7C334BF5-72A1-4E7E-AE86-
> CEA018E853A9}: NameServer = 203.167.0.17 203.167.0.18
> O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware
> \SASWINLO.dll
> O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o.
> - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
> O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:
> \PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> Corporation - C:\Program Files\Common Files\InstallShield\Driver
> \11\Intel 32\IDriverT.exe
> O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files
> \iPod\bin\iPodService.exe
> O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS
> \System32\lvhidsvc.exe
> O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
> Corporation - C:\WINDOWS\System32\nvsvc32.exe
> O23 - Service: Sygate Personal Firewall (SmcService) - Sygate
> Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
>

Beauregard T. Shagnasty · 10-23-2007, 08:23 PM

pcbutts1 wrote:

> Your log is incomplete. Use my script it is much better then HJT.
> After you run it it will place a log file in the same folder, cut and
> paste that log file here so I can see it.
>
> http://www.pcbutts1.com/downloads/runningnow.zip

Where'd you steal that one, bubba? Here:

http://www.silentrunners.org/Silent%20Runners.vbs

Word for word, except for a few important items:

'Copyright Andrew ARONOFF 10 August 2007, http://www.silentrunners.org/
is now:
'Copyright Pcbutts1 June 27 2007, http://www.pcbutts1.com/downloads/

This:
If intMB = 1 Then Wshso.Run "mailto:Andrew%20Aronoff%20" &_
is now:
If intMB = 1 Then Wshso.Run "mailto

c%20butts1%20" &_

This:
Wshso.Run "http://www.silentrunners.org/sr_thescript.html#supp"
is now:
Wshso.Run "http://www.pcbutts1.com/downloads/sr_thescript.html#supp"
(which doesn't exist on your butts site, but DOES on the silentrunners
site.)

...and all the occurrences of the string "Silent Runners" have been
replaced with "running now" ...

I've never seen you post this fix of "yours" before. You might be
interested in this link:

http://web.archive.org/web/*/http://...ntrunners.org/

<ROF,L>

--
-bts
-another bust for butts

pcbutts1 · 10-23-2007, 08:52 PM

There's a lot of things you have not seen me post before. That script is
over 3 years old and has been updated numerous times. It is open source, do
you know what that means or do you just blabber out the first link you find.
From the looks of it you just blabbered out the first link you found without
doing any research. You missed about 20 or so websites that use that Open
Source file modified to their liking. Your dumbass happened to pick the only
one who charges for help with it. It is also used when teaching VB at many
Universities and trade techs but since you only have a third grade education
you wouldn't know that. It is also embedded in well over 20 main stream COTS
programs available to anybody at your local computer store. Do your homework
next time dip****, I baited your ass right into this post. Now **** off.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

"Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in message
news:b8xTi.264501$ax1.8298@bgtnsc05-news.ops.worldnet.att.net...
> pcbutts1 wrote:
>
>> Your log is incomplete. Use my script it is much better then HJT.
>> After you run it it will place a log file in the same folder, cut and
>> paste that log file here so I can see it.
>>
>> http://www.pcbutts1.com/downloads/runningnow.zip
>
> Where'd you steal that one, bubba? Here:
>
> http://www.silentrunners.org/Silent%20Runners.vbs
>
> Word for word, except for a few important items:
>
> 'Copyright Andrew ARONOFF 10 August 2007, http://www.silentrunners.org/
> is now:
> 'Copyright Pcbutts1 June 27 2007, http://www.pcbutts1.com/downloads/
>
> This:
> If intMB = 1 Then Wshso.Run "mailto:Andrew%20Aronoff%20" &_
> is now:
> If intMB = 1 Then Wshso.Run "mailto

c%20butts1%20" &_
>
> This:
> Wshso.Run "http://www.silentrunners.org/sr_thescript.html#supp"
> is now:
> Wshso.Run "http://www.pcbutts1.com/downloads/sr_thescript.html#supp"
> (which doesn't exist on your butts site, but DOES on the silentrunners
> site.)
>
> ..and all the occurrences of the string "Silent Runners" have been
> replaced with "running now" ...
>
> I've never seen you post this fix of "yours" before. You might be
> interested in this link:
>
> http://web.archive.org/web/*/http://...ntrunners.org/
>
> <ROF,L>
>
> --
> -bts
> -another bust for butts

Beauregard T. Shagnasty · 10-23-2007, 09:24 PM

pcbutts1 wrote:

> There's a lot of things you have not seen me post before. That script is
> over 3 years old and has been updated numerous times.

...52 times, according to the script itself.

> It is open source, do you know what that means

Open source? Doesn't say that anywhere in the script. Show me a real
open source script with a copyright notice like this one has.

> or do you just blabber out the first link you find. From the looks of
> it you just blabbered out the first link you found without doing any
> research.

Google has only a half-dozen pages with this script, all as:
Silent Runners.vbs

> You missed about 20 or so websites that use that Open
> Source file modified to their liking.

Post a few links, then.

> Your dumbass happened to pick the only one who charges for help with
> it. It is also used when teaching VB at many Universities and trade
> techs but since you only have a third grade education you wouldn't
> know that.

Don't get into matching degrees...

> It is also embedded in well over 20 main stream COTS

Commercial Off The Shelf, I presume.

> programs available to anybody at your local computer store. Do your homework
> next time dip****, I baited your ass right into this post. Now **** off.

C'mon, let's see some proof.

Oh yeah, you did change strRevNo = "52" to strRevNo = "70"
for some reason, even though there are only 52 revisions noted in the
comments.

--
-bts
-Motorcycles defy gravity; cars just suck

pcbutts1 · 10-23-2007, 09:54 PM

I'm not going to prove anything to you. I don't have to. But you might want
to checkout your thief buddy S!R! he stole part of it and uses it in his
SmitfraudFix tool. You know NOTHING! except how to be a troll.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

"Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in message
news:k1yTi.16999$kj1.7894@bgtnsc04-news.ops.worldnet.att.net...
> pcbutts1 wrote:
>
>> There's a lot of things you have not seen me post before. That script is
>> over 3 years old and has been updated numerous times.
>
> ..52 times, according to the script itself.
>
>> It is open source, do you know what that means
>
> Open source? Doesn't say that anywhere in the script. Show me a real
> open source script with a copyright notice like this one has.
>
>> or do you just blabber out the first link you find. From the looks of
>> it you just blabbered out the first link you found without doing any
>> research.
>
> Google has only a half-dozen pages with this script, all as:
> Silent Runners.vbs
>
>> You missed about 20 or so websites that use that Open
>> Source file modified to their liking.
>
> Post a few links, then.
>
>> Your dumbass happened to pick the only one who charges for help with
>> it. It is also used when teaching VB at many Universities and trade
>> techs but since you only have a third grade education you wouldn't
>> know that.
>
> Don't get into matching degrees...
>
>> It is also embedded in well over 20 main stream COTS
>
> Commercial Off The Shelf, I presume.
>
>> programs available to anybody at your local computer store. Do your
>> homework
>> next time dip****, I baited your ass right into this post. Now **** off.
>
> C'mon, let's see some proof.
>
> Oh yeah, you did change strRevNo = "52" to strRevNo = "70"
> for some reason, even though there are only 52 revisions noted in the
> comments.
>
> --
> -bts
> -Motorcycles defy gravity; cars just suck

Heather · 10-23-2007, 10:07 PM

Good catch, Shaggy......and now the lying little ******* is going into
his "I don't have to prove a thing" routine, which means you got him
dead to rights!! Bloody thievin' foul-mouthed code ripper!! Bwa ha
ha!!

Goodonya........Heather

"Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in message
news:b8xTi.264501$ax1.8298@bgtnsc05-news.ops.worldnet.att.net...
> pcbutts1 wrote:
>
>> Your log is incomplete. Use my script it is much better then HJT.
>> After you run it it will place a log file in the same folder, cut and
>> paste that log file here so I can see it.
>>
>> http://www.pcbutts1.com/downloads/runningnow.zip
>
> Where'd you steal that one, bubba? Here:
>
> http://www.silentrunners.org/Silent%20Runners.vbs
>
> Word for word, except for a few important items:
>
> 'Copyright Andrew ARONOFF 10 August 2007,
> http://www.silentrunners.org/
> is now:
> 'Copyright Pcbutts1 June 27 2007, http://www.pcbutts1.com/downloads/
>
> This:
> If intMB = 1 Then Wshso.Run "mailto:Andrew%20Aronoff%20" &_
> is now:
> If intMB = 1 Then Wshso.Run "mailto

c%20butts1%20" &_
>
> This:
> Wshso.Run "http://www.silentrunners.org/sr_thescript.html#supp"
> is now:
> Wshso.Run "http://www.pcbutts1.com/downloads/sr_thescript.html#supp"
> (which doesn't exist on your butts site, but DOES on the silentrunners
> site.)
>
> ..and all the occurrences of the string "Silent Runners" have been
> replaced with "running now" ...
>
> I've never seen you post this fix of "yours" before. You might be
> interested in this link:
>
> http://web.archive.org/web/*/http://...ntrunners.org/
>
> <ROF,L>
>
> --
> -bts
> -another bust for butts

Beauregard T. Shagnasty · 10-23-2007, 10:41 PM

Heather wrote:

> Good catch, Shaggy......and now the lying little ******* is going into
> his "I don't have to prove a thing" routine, which means you got him
> dead to rights!! Bloody thievin' foul-mouthed code ripper!! Bwa ha
> ha!!
>
> Goodonya........Heather

Yeah, it was easy. :-)

--
-bts
-Motorcycles defy gravity; cars just suck

---Fitz--- · 10-23-2007, 10:51 PM

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in message
news:ffmc5c$9h7$1@blackhelicopter.databasix.com...
> I'm not going to prove anything to you. I don't have to. But you might
> want to checkout your thief buddy S!R! he stole part of it and uses it in
> his SmitfraudFix tool. You know NOTHING! except how to be a troll.

For "I don't have to"...substitute "I can't" or "I don't know how".

siljaline · 10-24-2007, 01:22 AM

"4butts" wrote:
> Hi, i have a problem with my computer.my home page is set to
> zinblog.com (which is greyed out and cannot be edited), my task
> manager is disabled, the RUN link under the Search icon is missing.
> i did install hijack this suggested to me:
<snipped>
Please do *not* post //entire// HJT logs to this NG.
Post to a Forum for Expert Analysis.
Once done > run HijackThis > save a scan log and post it to /any/ of the
following (expert) forums for analysis.
*Note, //registration// *is* required prior to posting a log.
- Not listed in any particular order -
(http://aumha.net/viewforum.php?f=30)
(http://forums.spywareinfo.com/index.php?&showforum=18)
(http://www.spywarewarrior.com/viewforum.php?f=5)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://www.dslreports.com/forum/cleanup)
(http://forum.malwareremoval.com/viewforum.php?f=11)
(http://www.cybertechhelp.com/forums/...splay.php?f=25)
(http://www.atribune.org/forums/index.php?showforum=9)
(http://www.geekstogo.com/forum/Malwa..._Here-f37.html)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://www.techmonkeys.co.uk/forums/viewforum.php?f=8)
(http://forum.networktechs.com/forumdisplay.php?f=130)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://forums.spywaretimes.com/index.php?showforum=2)
(http://www.bluetack.co.uk/forums/ind...?showforum=172)
(http://forums.techguy.org/f54-s.html)
(http://forums.tomcoyote.org/index.php?showforum=27)
(http://forums.subratam.org/index.php?showforum=7)
(http://www.5starsupport.com/ipboard/...p?showforum=18)
(http://www.malwarebytes.org/forums/i...hp?showforum=7)
(http://www.wilderssecurity.com/forumdisplay.php?f=26)
(http://makephpbb.com/phpbb/viewforum.php?f=2)
(http://forums.techguy.org/54-security/)
(http://forums.security-central.us/forumdisplay.php?f=13)
(http://castlecops.com/forum67.html)
(http://gladiator-antivirus.com/forum...?showforum=170)

Post back the URL where you posted your log, *not* the entire log.

Silj

--
siljaline

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

Thread: zinblog

Thread Tools

Display

zinblog

Re: zinblog

Re: zinblog

Re: zinblog

Re: zinblog

Re: zinblog

Re: zinblog

Re: zinblog

Re: zinblog

Re: zinblog

Thread Information

Users Browsing this Thread

Posting Permissions