Hijacking, or what?

  bamfiesler 23:21 11 Sep 04
Locked

I have had a few problems on the pc these last few days, and I thank you all - Partic. VoG - for helping me out.

Just tried to play my new, Kosher copy of Kings of Convenience CD on the pc, after playing a few mp3s. CD loads, the I get a message saying 'Certain files need to be updated before this cd will play', so I does, and it plays; but WinMP does nothing. I close it, and find this wee skin-form player playing the cd. Its says it is by Macrovision, and uses Microsoft products; also, in My Compter, the DVD/player drive shows a grren cross beside a blue-ish musical note.

Have I been stiffed again, or what?

  end 23:25 11 Sep 04

am sorry I cannot help but I just LOVE the way you put it:::)))

am sure someone will help:)

  bamfiesler 23:31 11 Sep 04

End,

Glad I gave ya a laff. ;-)

  VoG II 23:32 11 Sep 04

I think that we need to get to the bottom of this, bamfiesler.

Please post a HJT log click here

You may need to do this in 3 or 4 xchunks because of the site's 800 word limit. Also please double space it by adding a blank line after each line of data.

  bamfiesler 23:40 11 Sep 04

VoG,

Ok. Incidentally WinMP has tried to contact an update site twice in the last ten minutes; this, to me, is odd.

  bamfiesler 23:47 11 Sep 04

VoG,

Ok, first chunk:-

Logfile of HijackThis v1.97.7
Scan saved at 23:41:54, on 11/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe

C:\Program Files\MRU-Blaster\scheduler.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Donald\My Documents\my downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

  bamfiesler 23:49 11 Sep 04

And second chunk:-

C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe

O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - click here

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
click here

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - click here

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - click here

O17 - HKLM\System\CCS\Services\Tcpip\..\{AB2757EE-A0D2-466D-828D-2D124ECAA46D}: NameServer = 158.152.1.43 158.152.1.58

  bamfiesler 23:51 11 Sep 04

That's all folks! ( I always wanted to say that!!!)

  Nellie2 12:07 12 Sep 04

Hi bamfiesler

Your version of hijackthis is out of date, could you delete the copy you have and download version 1.98.2 from click here run it again and if there are any differences in the log then post it again. I can't see anything out of place there at the minute though.

Could you post a start up list? Open hijackthis, go to config > misc tools > generate startup list.

  GANDALF <|:-)> 12:22 12 Sep 04

I think that you will find that Macrovision supplies software to games producers etc. that prevents their kit being copied........click here


G

  bamfiesler 18:36 12 Sep 04

Thanx, guys.

I deleted this: O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup , and all seems ok now.

Gandalf, can you expand on the Macrovision thing, please? I've never seen it before, and it only popped up when I put in the KoC cd.

This thread is now locked and can not be replied to.

What is Google Allo? What is Google Duo? Google Allo UK release date and features: Google Allo is…

1995-2015: How technology has changed the world in 20 years

iOS 10 troubleshooting tips: Simple fixes for the most common iOS 10 problems, from network…