Computer Hope
Software => Computer viruses and spyware => Topic started by: pandora95 on May 13, 2006, 10:42:34 PM
-
my computer been good for a while its emachine 16212
amd antlon 64 bit
ati asus ax550 extreme 256mb graphics card
512mb
windows xp sp2
adaware spyware protection
avast virus protection
and i started usin advanced system optimizer to speed up my comp which i honestly saw a lil diffference but then i started to defrag more and disc cleanup more and u know but then i started to look for bios updated well my freind i guess installed them i dunno but my comp all the sudden became slower i got a 160gb harddrive and more than half is empty when i click my computer it takes a min to load up when i right click on w/e i have to wait a few mins cuz it freezes on the send to link ,quicktime loads slower everything is just slower my games and everythin but my dial up connection is faster when my comp freezes for some reason cuz i use dap when my comp like freezes the kbs goes up to like 10kbs i think but i would think wit my processor and evrythin i would get some good speed goin threw windows no no its like a 98 packard bell well ty and my aim is urdaddy574 and msn is [email protected] ty
-
That's a LOT of words for no punctuation! :o
Check for running processes in task manager. You probably have malware in there as well, and system optimizer....oh well.....
You can run Hijack This and post a log file here (zipped, please) for analysis as well.
-
well 1 problem is when i press ctr alt del the other tabs dont show up and wat if i do c the processes what do i do then if terminate some which ones ty
-
Logfile of HijackThis v1.99.1
Scan saved at 1:20:01 AM, on 5/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\s
vchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Owner\My Documents\My Videos\HijackThis.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://w
-
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0704BB7-5973-4BCF-89D8-C9EA0B5C2C85}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
there hopefully it worked
-
dl65, Dilbert or Fed will be along shortly, as they are the resident experts. ;)
-
who r they and what can they do alirte well ill be waitin for them ty
-
You might try the things mentioned here as well. Remember Safe Mode and System Restore Off to scan! ;)
http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1134123580
I would certainly recommend removing ALL add on toolbars to start, at least until we get this solved, and hopefully forever.
You keep working on that spelling and punctuation. Complete sentences are helpful in any language.
-
k wat u mean safe mode and system restore off how do u turn retsore off i use fireox for my toolbars ? ty
-
ok how do u turn off system restore
-
Safe Mode is repeatedly tapping the F8 key at boot BEFORE the Windows logo appears.
Google can show you the rest:
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
-
i still downloading stuff.but i figured how to turn off the restore point but you are losing me easily what am i gonna need to google?we wil just take it step by step little by little because i got alot of questions
-
the sygate firewall isnt free check the link so what other hard firewall should i use
-
http://207.33.111.31/spf/
Get Sygate Version 5.5 Build 2710
-
k i got all the downloads avg virus protection ,windows defender,spybot,adaware,zone alarm,sygate firewall, and i still have my avast anti virus running want me to keep that on or uninstall,want me to do the reccommended directions
-
One active antivirus is all that is needed. You can try the free online scan at www.trendmicro, then do all the other scans and let us know.
-
pandora95...... Just looking at your hijackthis log ...... and I see a number of things which need attention ..........
The first thing I would do is ....turn off your system restore ....... to do this click ....START/CONTROL PANEL/SYSTEM/..... when system properties opens click on the system restore tab ....... AND put a tick in front of ...."Turn off system restore on all hard drives" ....then click "APPLY" and then "OK" .... Now , before we go any further , I would like you to Download and install....... Ewido from..... http://www.filehippo.com/download_ewido/ ....once you have it downloaded ..... make sure you have the latest updates ..... ( dont run it yet .)
Next download ..... CCLEANER from ........ http://www.filehippo.com/download_ccleaner/ and install it and set it up as detailed here ...... http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1144186359 ...... when you have it setup ( configured ) run the clearner part ( the brush icon ) ........... delete whatever it finds ........
Then run the "issues" portion ..... it's the icon right below the brush ........ remove anything it finds ( remember to do the backup when prompted ) .......then fix anything found .........
Next I would like you to reboot into "safe mode" ........ to do this shut down and restart the machine...... JUST as the pc is starting to load....repeatedly tap the F8 key ......and you will be offered options re starting windows ...... choose the SAFE mode .......... once safe mode loads up windows , it you will see your desktop, but it will look differant than you are used to seeing .
Now run a full system scan with Ewido .......... delete anything it finds ( it is a trojan hunter and you appear to have a trojan in residence)
Next , while still in Safe mode , run a full system scan with your Anti virus program . Delete anything it finds .......... Now reboot back into normal mode ........ ( leave system restore off ) .
Now rescan with hijackthis and post a new logfile .......... and we will continue to clean up your machine .
dl65 ::)
-
so far there is 1 virus found on the resident scanner but i can heal it or move it to vault ? what should i do
-
well right now its doin a spyware scan then ill do the stuff u told me
-
pandora95..... Anytime you locate a trojan or a virus ....alway try and remove it or at the very least quarintine it ........ then you should be able to remove it ( delete it ) from there .
dl65 ::)
-
i was in the middle of a spyware scan and it popped up avg found a virus so i tried to move it ,and that didnt work then i tried to delete it and that didnt work either.soi pressed ignore the only option left .Then after i did the ccleaner scan and ewido scan i went to safe mode again and did a virus scan on my comp but avg didnt recognize it again ,did ewido get rid of it or ccleaner?and can u tell me how to set up avg good ty
-
pandora95......I can't be sure if its gone or not ........ when AVG found it initially, what was the virus called ........ were you not given the option of placing it in the virus vault ? To check this , open up AVG ...and click on the TEST CENTER ....... now click on the Virus vault......... is anything in there ?
Which program was scanning when you told it to ignore the virus ........?
dl65 ::)
-
k well iut isnt gone when i did a scan with avg on safe mode it didnt find it then i did it with avast anitvirus on regular mode and it found it i know the exct folder it said that the request couldnt be made or something like that to heal and move to chest so the only thing i could do is ignore,see i was scanning with windows defender first when the popup came on then again with avast but it shows up as avg resident scanner found a virus? so is there anythin i could do to get rid of it my aim is urdaddy574 and msn is [email protected] ty
-
Incoherent babble, organize your thoughts and get an adult to type for you.
-
main point theres a virus and avg antivirus cant heal or remove to chest ? so i pressed ignore .Now what can i download or do to remove this virus ,i have the exact file location if that helps. ty
-
Google for killbox.exe
-
pandora95...... The reason AVG isnt finding the bug ........ is that you told AVG to ignore it ...and thats exactly what it's doing .............
i know the exct folder
...... What file is this bug residing in ?
There is no point running AVG ..... as it will simply ignore that bug now....... unless you remove that entry from the ignore file ........
The other thing is ...that we asked you to provide a hijackthis log file ...... that would be of great help. The original one was riddled with bugs ........ so in an effort to remove some of them...... the other cleaning options were suggested to be run first and then post a fresh hijackthis log....... ( thats the one we wish to see )
dl65 ::)
-
k first of all i told it to ignore because i had no other options and the virus only popped up when runnin avast and microsoft defender the folder is in
c:/ut2004/textures/bweapons.zip.exe or
c:/ut2004/textures/ballisticweapons.zip.exe
k again i pressed ignore because avg couldnt remove it or move to chest what are the other option?now what can i do to get rid of the bug ?
-
Logfile of HijackThis v1.99.1
Scan saved at 9:28:51 PM, on 5/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\DAP\DAP.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.906\HijackThis.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.328\HijackThis.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.671\HijackThis.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.968\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.
-
.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0704BB7-5973-4BCF-89D8-C9EA0B5C2C85}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
whats port scan attack logged in,because i got the message
-
What message?
EDIT: Sorry, the thread title change pulled a houdini. I thought this was a new thread. :-[
-
Delete the virus, ignore the portscan.
-
pandora95....... Did this bug appear after D/L a game ?
Delete....
c:/ut2004/textures/[highlight]bweapons.zip.exe [/highlight]or
c:/ut2004/textures/[highlight]ballisticweapons.zip.exe [/highlight]
if thats it ....go to that location and delete the highlighted entry .
using hijackthis mark for removal.......
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0704BB7-5973-4BCF-89D8-C9EA0B5C2C85}: NameServer = 207.69.188.187 207.69.188.186 [highlight]If this is your server then leave it otherwise remove it. [/highlight]
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
Mark for removal and click on fix marked .
dl65 ::)
-
so delete the folder that the virus is in, i had the game for a long time and bweapons is just a mod for ut2004
-
i fixed the checked ones in hijack this and deleted the folder the virus was in ,how do i know if thats my system server,where is the ignore log in avg because i want to change it right ? is the virus gone.I know this is a coherret babble but we r not in school ty
-
You should have only deleted the file, not the whole folder.
Perhaps you should do a fresh install of UT.
Running Programs, bottom right hand corner of your desktop, 2 little monitor screens, right click, check status, look for your IP address.
-
i deleted the folder the virus was in not the whole ut2004 folder.my computer runs rather slow for the stuff thats in the computer i believe it should run faster how do i know if my computer is running at full performance?finally my system startups and shutdowns r slow?
heres my startup programs
ctfmon.exe i dunno what that is
spybotsdteatimer ,whats tea timer?
avast,should i remove this and stick with avg?
windows defender
avg
zone labs
smcservice
soundman,i dunno what this is
apc ups status
theres my startup programs ty
-
dan my computer is seriuosly slow loading up everythin takes forever, what should i do i have over 100 gb left of my hardrive free y is it runnin slow?
-
i did all scans for sptware ,malware and viruses ,yet there was none on my omputer oddly evrythin is updated and i only used around 50 gb of my hardrive so what could be makin my computer slow
-
pandora95..... When was the last time you did a system defrag ?
dl65 ::)
-
i do defrags often ,how often should i defrag.hey do u got another way of contacting u faster and easier?im services?
-
dl65 has a new buddy! ;D
-
hey i just want to get this fixed so i can play games again my problem is similiar to dilberts sudden slow down,what do u reccommend i do?
-
pandora95...... Did this slowdown start right after you updated your bios ...( or did you update it ? ) Pity you are on dialup or I could with your permission connect to your machine and see it here on my desktop.
When was the last time you formatted that machine ......?
The other thing is , we dont know if you have unnecessary toolbars installed or if when running scans you neglected to remove something ....... EG..... like telling AVG to ignore infected entries .........
If it was mine , I would backup anything I wanted and format it .
dl65 ::)
-
i found out that i didnt update my bios,and i just did a system recovery to beginning state and is workin alrite hopefully the virus is gone?,besides avg or avast what anti virus should i use that is free,and yes we can do a remote acces dont it alot before with dial up.last thing is should i have ewido, windows defender,avast,the 2 firewalls ,all running becuase that probably what was slowing my computer,last thing is im having trouble getting spybot to work correctly because everytime i get a resident change message the popup is all messed up and you cant see where to click yes or no,what is spybot tea timer and the other thing during the installation?ty
-
1 x Firewall (I use Sygate Version 5.5 Build 2710)
1 x Antivirus (I use AVG Free)
1 x Antispyware (I use Spybot S&D)
Note: Spybot has a GUI glitch, it amazes me that they haven't fixed it yet.
I will post the 'fix' for it as soon as I remember it or find it.
-
Spybot fix.
http://forums.spybot.info/showthread.php?t=122
It's very easy to do.
-
well after the pc world diagrams of anti virus u still use avg,but see on the resident scanner (2 now) a virus popped up and i when i clicked move to vault or heal it said the requested couldnt not be performed on this object ,or similiar so thats 2 viruses that got away,hows the anti vir ,or whats wrong avast dont it have a on access scanner,last thing u dont use ewido or adware?wahts tea timer and the other thing spybot has?ty
-
I'm afraid you have a severe problem, you should really get it checked out.
AVG is fine, PC World said it was clunky, what is clunky I wonder?
AVG has never claimed to be anything more than Antivirus software.
You want clunky, save up your money & get the latest & greatest from Norton. (CLUNK)
Try AVG scanning in safe mode.
I haven't tried Avast so I can't comment on it.
If I ever get a Trojan then Ewido would be my 1st choice.
Ive found Adaware has been made redundant by Ccleaner which I use every day.
Tea Timer protects your System Settings.
I hope this helps you.
-
ty it helped me and im gonna try out anti vir ,but how can i get my comp checked out i just reinstalled windows so will the virus still be there? and i should get rid of adware and keep ccleaner .my worst worry is not detecting anythin like before i used avast alot and had no problems but then i got avg and it detected viruses that it couldnt remove what i believ is that the viruses were on a disk? thats y it couldnt remove it,and lastly is that what is ur schedule for scanning spyware,viruses,ccleaner,defrag.cleanup all that, how often do u do it ? ty
-
how can i get my comp checked out
You only need to get your computer checked out if it has a problem.
i just reinstalled windows so will the virus still be there?
A clean install will eliminate all viruses.
and i should get rid of adware and keep ccleaner
Keep Adaware but if you use ccleaner first you will see that Adaware won't find anything to worry about.
Adaware offers no realtime protection anyway.
i got avg and it detected viruses that it couldnt remove
Run AVG in Safe Mode.
what i believ is that the viruses were on a disk? thats y it couldnt remove it,
AVG should have told you where and what the 'virus' was.
what is ur schedule for scanning spyware,viruses,ccleaner,defrag.cleanup all that, how often do u do it ?
Ccleaner daily.
Registry cleanup weekly.
Defrag weekly.
AVG scan if I'm bored.
Spybot scan if I'm bored.
Online scans if I'm bored.
I probably over do a lot of this stuff but it makes me feel good. :)
-
to make it easier im makin alist since im not at my house for the stuff to do to my comp remove adware should i keep windows defender,and get avg again and use 1 firewall the sygate 1,then with this stuff takin effect my comp should be runnin good right? oh which program like limewire would u recomend?p2p file sharing program for downloadin music and such.ty
-
what do u recommend for programs like limewire and bearshare
-
well my computer has been great last few days after i realize what my problems were and u guys helped me alot i ty because now i can speell lol
-
Now all we need to do is work on your punctuation. ;)
What protection did you finish up using?
Firewall? Antivirus? Antispyware? Etc?