Curse

Fearful Bab3 · Aug 11, 2006, 08:22 AM // 08:22

Ok.. i will see what i can do

Fearful Bab3 · Aug 11, 2006, 08:32 AM // 08:32

I might just put msn and all my games on to disk and then re-boot and then put them back on..

RTSFirebat · Aug 11, 2006, 12:17 PM // 12:17

On the other note I strongly recommend updating windows XP to SP2 once you have reinstalled windows and making use of the Windows Firewall.

Next you should download a virus scanner. AVG or Avast are both good, and both are free.

You have at least two confirmed viruses on your machine in anycase.

yeah_hi · Aug 11, 2006, 12:30 PM // 12:30

You might find it useful to run msconfig.exe, by going to Start>Run, typing 'msconfig.exe' and hitting enter.

Then switch to the startup tab to see what's being run at startup, and untick the ones you know to be dodgy or not needed.

Tarun · Aug 11, 2006, 03:02 PM // 15:02

Hi Fearful Bab3, you are still infected with a few viruses. It appears Norton cannot get rid of them (Big surprise!)

Also, be sure to include every bit of your HijackThis log. The top section of your log was missing. It usually looks something like this:

Code:

Logfile of HijackThis v1.99.1
Scan saved at 1:01:33 PM, on 7/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Here's your log fully analyzed. I do recommended checking everything listed here and clicking Fix Selected in HijackThis.

Generated by Tarun's HijackThis Converter v0.50 Beta.

Default-color items are optional, bold are known to be malicious.

Created registry value
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

Changed registry value
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/Default.asp

Created registry value
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

Changed registry value
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

Created registry value
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.dell.com/support/topi...hs&appindex=ds

Enumeration of existing IE's BHO's
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

Enumeration of suspicious auto-loading registry entries
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141461737\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [bikini] bikini.exe
O4 - HKLM\..\Run: [7ba3ef62.exe] C:\WINDOWS\system32\7ba3ef62.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [7ba3ef62.exe] C:\Documents and Settings\Shaun\Local Settings\Application Data\7ba3ef62.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?

Extra "Tools" menu items and buttons
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

Downloaded Program Files item
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {36E45CDC-AB21-0CAA-A4B6-52A92462694E} - http://85.255.115.229/1/gdnUS1440.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.1.87.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4C6226D3-5119-3749-6C38-03B938CBF2C2} - http://85.255.115.229/1/gdnUS1440.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5CDE672F-2829-57B9-CE5A-5BC745559BD4} - http://85.255.115.229/1/gdnUS1440.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab

Recommendation:
- Uninstall Norton Anti-Virus. This software is unfortunately bloated and misses half of the viruses that it should find. Should you need help fully uninstalling it, let me know.
- Install Avast Anti-Virus. A completely free AV that finds viruses far better than Norton.
- Uninstall Real Player. If you have a need for it; download either the K-Lite Mega Codec Pack or you can also get Real Alternative. I personally would go with the K-Lite Mega Codec Pack.
- Switch over to Firefox, it's an excellent browser and with a few extensions you'll never see advertisements that can infect you with spyware.
- Get IE-SpyAd to help you block a number of malicious websites.

cannonfodder · Aug 11, 2006, 09:23 PM // 21:23

That's one riddled machine, do as has been said above, reformat is your best option. One thing, is it just me or does IEXPLORE.EXE look iffy, 27.5meg is alot for it to be using.

Tarun · Aug 12, 2006, 12:49 AM // 00:49

A reformat is always the final option. This machine can very easily be cleaned and repaired.

majoho · Aug 12, 2006, 02:10 AM // 02:10

Quote:

Originally Posted by Tarun

A reformat is always the final option. This machine can very easily be cleaned and repaired.

No it can't easily be cleaned.

Silver_Fang · Aug 12, 2006, 02:15 AM // 02:15

Quote:

Originally Posted by majoho

No it can't easily be cleaned.

QFT, cleaning all the mess is a tedious job, you have to goto the registry and search for the malware register and delete it manualy.

Tarun · Aug 12, 2006, 03:10 AM // 03:10

Quote:

Originally Posted by majoho

No it can't easily be cleaned.

Obviously you've never tried.

Quote:

Originally Posted by Silver_Fang

QFT, cleaning all the mess is a tedious job, you have to goto the registry and search for the malware register and delete it manualy.

No truth there. I clean computers on a daily basis. It always takes under an hour.

Why do these noobs always want to format? Because they lack the common knowledge to clean a computer properly and are too lazy.

Silver_Fang · Aug 12, 2006, 03:17 AM // 03:17

Quote:

Originally Posted by Tarun

Obviously you've never tried.

No truth there. I clean computers on a daily basis. It always takes under an hour.

Why do these noobs always want to format? Because they lack the common knowledge to clean a computer properly and are too lazy.

You said you clean them everyday, good for you. Its like a builder said building a house is easy, etc.

Maybe because its easier to format than explaining what need to be done. You can make a meal in under 1 hour but the work is still tedious.

Tarun · Aug 12, 2006, 04:41 AM // 04:41

A little help and guidance goes a long way and is more beneficial than formatting. :P

cannonfodder · Aug 12, 2006, 08:35 AM // 08:35

I do agree with Tarun, it is more beneficial at least to try to remove them before a reformat, however if someone hasn't got the experience of technical knowhow then it may be a fruitless task.

It may be an idea to take your base unit to a local pc engineer(if there is one available), or ask a more tech savvy friend to be with you when you attempt this.

Post back here I will gladly help you try to fix this, as will a few others.

majoho · Aug 12, 2006, 08:43 AM // 08:43

Quote:

Originally Posted by Tarun

Obviously you've never tried.

No truth there. I clean computers on a daily basis. It always takes under an hour.

Why do these noobs always want to format? Because they lack the common knowledge to clean a computer properly and are too lazy.

Don't just randomly call people noobs you dork

I have cleaned computers before (if you read the thread I already stated that, but I assume you couldn't be bothered).

I underlined EASILY because it cannot just EASILY be done, the one virus he has will be extremely hard even for a knowleadgeable pc user to get rid off.

Fearful Bab3 · Aug 12, 2006, 08:47 AM // 08:47

Dont argue

Skids · Aug 13, 2006, 07:16 AM // 07:16

Ok your PC has issues m8. Fine following the suggestions with the virus/malware posts, but all of the others were covered in my first reply on page 1 to you.

Im assuming you didnt follow my suggestions as the listing on the link I made also identifies if a resource is a virus or malware.

helpermonkeyradio · Nov 08, 2006, 02:51 AM // 02:51

i get the out of memoy array.ccp(88)

i can't figure it out. it used to work perfectly. then i started to get the problem. i upped my virtual memory i have a gig of ram a 2600 althalon and a ATI 9550 w 256mb

i even formated the hardrive and reinstalled windows. i am at a loss.

jimmyboveto · Nov 08, 2006, 04:40 AM // 04:40

I fell for u, same thing happening here

Just started tonight, i haven't really done anything since last night when i played guild wars a bunch, other then go on yutube for a bit.

Seventh · Nov 08, 2006, 11:59 AM // 11:59

Just check that your graphics card meets the requirments.