Major Major Comp Problem Help! - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 29 (permalink) Old 09-22-2006, 07:15 PM Thread Starter
Lifer
 
Trip McNeely's Avatar
 
Join Date: Mar 2004
Posts: 29,396
Major Major Comp Problem Help!

My McAfee keeps popping up about finding a Potentially unwanted program. it says, "PUP Found. The file C:\System Volume Information\restore{12901FA-B0AC-49B3-96B...is a Potentially unwanted program and has been blocked." Then I go to check REMOVE THIS PUP, and it says "THE PUP FILE 'A0011116.exe' HAS BEEN REMOVED. Then I check No, to not scan the files, because its already scanned them and it pops up again, and I repeat the process. But everytime the .exe file is different. WHAT THE HELL DO I DO?? They just keep popping up and popping up. HELP PLEASE!

CANADIANS = DOUCHERS

Trip McNeely is offline  
Sponsored Links
Advertisement
 
post #2 of 29 (permalink) Old 09-22-2006, 07:26 PM Thread Starter
Lifer
 
Trip McNeely's Avatar
 
Join Date: Mar 2004
Posts: 29,396
Heres my Hijack This! Logfile..

Logfile of HijackThis v1.99.1
Scan saved at 817 PM, on 9/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\CHRISE~1\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dfwstangs.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ba1a4f3-21c7-4c7d-b986-4f4a30546dd4} - (no file)
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: hticava - hticava.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C:\WINDOWS\SYSTEM32\Rpcnet.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net Service (Rpcnetp) - Unknown owner - C:\WINDOWS\system32\Rpcnetp.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

CANADIANS = DOUCHERS

Trip McNeely is offline  
post #3 of 29 (permalink) Old 09-22-2006, 07:37 PM
Lifer
 
ThreeFingerPete's Avatar
 
Join Date: Sep 2002
Posts: 14,894
You're screwed, it's 1BADVIRUS.

ThreeFingerPete is offline  
 
post #4 of 29 (permalink) Old 09-22-2006, 07:38 PM
que?
 
grove rat's Avatar
 
Join Date: Jun 2003
Posts: 21,662
lmao
grove rat is offline  
post #5 of 29 (permalink) Old 09-22-2006, 07:39 PM
Time Served
 
Join Date: Jun 2004
Posts: 788
reinstall.
buzntxn is offline  
post #6 of 29 (permalink) Old 09-22-2006, 07:40 PM Thread Starter
Lifer
 
Trip McNeely's Avatar
 
Join Date: Mar 2004
Posts: 29,396
Quote:
Originally Posted by ThreeFingerPete
You're screwed, it's 1BADVIRUS.
fuck you

CANADIANS = DOUCHERS

Trip McNeely is offline  
post #7 of 29 (permalink) Old 09-22-2006, 08:11 PM
600 plus a few
 
BottleRocket's Avatar
 
Join Date: Oct 2002
Location: Westchester, the best Chester
Posts: 7,278
nothing abnormal on hijackthis. doesnt do the same thing in safe mode, right?

Buy my car! https://www.dfwstangs.net/classifieds...product=124819



some people are like slinkies; they're completely useless, but still bring a smile to your face when you push them down a flight of stairs.
BottleRocket is offline  
post #8 of 29 (permalink) Old 09-23-2006, 12:00 PM Thread Starter
Lifer
 
Trip McNeely's Avatar
 
Join Date: Mar 2004
Posts: 29,396
Quote:
Originally Posted by BottleRocket
nothing abnormal on hijackthis. doesnt do the same thing in safe mode, right?
I dunno. I havent booted it up in Safe Mode yet. Should I restart and go into Safe Mode?

CANADIANS = DOUCHERS

Trip McNeely is offline  
post #9 of 29 (permalink) Old 09-23-2006, 12:08 PM
Goblin King of Fort Worth
 
Fordblue625's Avatar
 
Join Date: Jan 2003
Location: Fort Worth
Posts: 3,235
Quote:
Originally Posted by ThreeFingerPete
You're screwed, it's 1BADVIRUS.
Oh shit, I'm rolling over here.

________________________
Fordblue625 is offline  
post #10 of 29 (permalink) Old 09-23-2006, 12:39 PM
Lifer
 
JimD's Avatar
 
Join Date: Dec 2000
Location: Haughton,La,USA
Posts: 14,152
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing Winsock Hijacker
Every time I've seen this its been a bad thing



<-----Pasted Your logfile in hijack anylizer. That was highlited as BAD
JimD is offline  
post #11 of 29 (permalink) Old 09-23-2006, 12:44 PM Thread Starter
Lifer
 
Trip McNeely's Avatar
 
Join Date: Mar 2004
Posts: 29,396
Quote:
Originally Posted by JimD
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing Winsock Hijacker
Every time I've seen this its been a bad thing



<-----Pasted Your logfile in hijack anylizer. That was highlited as BAD
So should i delete that on my hijack this?

CANADIANS = DOUCHERS

Trip McNeely is offline  
post #12 of 29 (permalink) Old 09-23-2006, 02:10 PM
600 plus a few
 
BottleRocket's Avatar
 
Join Date: Oct 2002
Location: Westchester, the best Chester
Posts: 7,278
Quote:
Originally Posted by JimD
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing Winsock Hijacker
Every time I've seen this its been a bad thing



<-----Pasted Your logfile in hijack anylizer. That was highlited as BAD
wierd, maybe i didnt copy the whole thing. sorry about that. I did the analyzer and nothing was found nasty

Buy my car! https://www.dfwstangs.net/classifieds...product=124819



some people are like slinkies; they're completely useless, but still bring a smile to your face when you push them down a flight of stairs.
BottleRocket is offline  
post #13 of 29 (permalink) Old 09-23-2006, 04:09 PM
Lifer
 
JimD's Avatar
 
Join Date: Dec 2000
Location: Haughton,La,USA
Posts: 14,152
Quote:
Originally Posted by 1BAD06
So should i delete that on my hijack this?
I would but you decide for yourself. here is the link to the anylizer http://hjt.networktechs.com/
JimD is offline  
post #14 of 29 (permalink) Old 09-23-2006, 04:19 PM
mannish boy
 
Cooter's Avatar
 
Join Date: Jun 2000
Location: drunk on diesel
Posts: 31,758
I know half of nothing when it comes to computers, but whenever that shit happens to me, I just do a system restore, and it clears up
Cooter is offline  
post #15 of 29 (permalink) Old 09-23-2006, 07:22 PM
3rd shift sloucher
 
RiSk's Avatar
 
Join Date: Jun 2003
Location: some where between texas and mexico
Posts: 1,612
You need to go to Start > Control Panel > System >System Restore Tab > Turn off system restore

This will clear all system restore data including that restore file with a virus in it.
RiSk is offline  
post #16 of 29 (permalink) Old 09-24-2006, 08:47 AM
Lifer
 
deso's Avatar
 
Join Date: Mar 2006
Location: Arlington
Posts: 1,124
Er, I would just go into safe mode and then do a system restore to like 2-3 days before the problem started
deso is offline  
post #17 of 29 (permalink) Old 09-24-2006, 09:25 AM
dead
 
Join Date: Sep 2002
Posts: 14,611
id try what risk said.
momo stallion is offline  
post #18 of 29 (permalink) Old 09-24-2006, 02:32 PM Thread Starter
Lifer
 
Trip McNeely's Avatar
 
Join Date: Mar 2004
Posts: 29,396
Quote:
Originally Posted by RiSk
You need to go to Start > Control Panel > System >System Restore Tab > Turn off system restore

This will clear all system restore data including that restore file with a virus in it.
Ok I did that, do I leave it that way, or uncheck it again?

Thanks for the help everyone btw. Im still working on it.

CANADIANS = DOUCHERS

Trip McNeely is offline  
post #19 of 29 (permalink) Old 09-26-2006, 01:58 PM
Time Served
 
Join Date: Aug 2004
Posts: 271
Alot of spyware these days has a program called a "mothership" that is harmless itself, but it spawns randomly named malicious programs, typically in batches of 3-5. They are set to monitor one another, and only one is active. The mothership often removes itself, as it is the only file in the batch with a distinctive name, which is easily detected by Spybot and the like. The spawn files monitor one another, and one of them is the active "bot" on the system. When it's deleted (when McAfee gets rid of it), another copy is made and one of them becomes active, hence the filename constantly changing. Alot of times they are distributed.net bots "customized" by others, keyloggers if you cheat (Maphack's, trainers, etc.) on your games and such, attempting to log your password and username to steal your accounts, and from time to time even just data miners. Spybot the fucker and hope. System restore is often useless against things of this nature as they are event-activated and could have been on the system for months, and you just recently unknowingly activated the software. Hopefully you've got Spybot, if so make sure it's up-to-date, and immunize your system, and run TeaTimer, if not download it, THEN repeat those steps. Back up your registry, run the scan, remove the problem, then back up the registry again. If you run Adaware it will find Spybot's backup files and freak, just ignore them and move on, as they're inactive and in quarantine. Be careful though, if you're running ad-supported software, and you remove the ad software, the supported software will probably stop working, and often people will say "Spybot fucked up my computer..." Alot of times these issues come from Shareware and Freeware. Install anything recently? And stay off the porn sites, lol.

1992 SHO MTX
Under Construction...
White/Black/White

1992 SHO MTX
My first SHO, and always my favorite. Totaled at less than 9 MPH. Dynomax Bullets, chip'd, Tokicos, and a few other goodies. Official parts car.
Ferendon is offline  
post #20 of 29 (permalink) Old 09-26-2006, 02:00 PM
KOTS
 
BoostedGT's Avatar
 
Join Date: Sep 2001
Location: Crowley
Posts: 3,547
Quote:
Originally Posted by 1BAD06
My McAfee keeps popping up about finding a Potentially unwanted program. it says, "PUP Found. The file C:\System Volume Information\restore{12901FA-B0AC-49B3-96B...is a Potentially unwanted program and has been blocked." Then I go to check REMOVE THIS PUP, and it says "THE PUP FILE 'A0011116.exe' HAS BEEN REMOVED. Then I check No, to not scan the files, because its already scanned them and it pops up again, and I repeat the process. But everytime the .exe file is different. WHAT THE HELL DO I DO?? They just keep popping up and popping up. HELP PLEASE!

Repost.

95 Turbo GT - Pee yellow
BoostedGT is offline  
post #21 of 29 (permalink) Old 09-26-2006, 02:02 PM
Time Served
 
Join Date: Aug 2004
Posts: 271
And with that many processes running I'm shocked you can do anything. You should 23 processes in a clean XP install, adjust for antivirus and other programs (1-2 each MAYBE 3) and you should still be under 40...

1992 SHO MTX
Under Construction...
White/Black/White

1992 SHO MTX
My first SHO, and always my favorite. Totaled at less than 9 MPH. Dynomax Bullets, chip'd, Tokicos, and a few other goodies. Official parts car.
Ferendon is offline  
post #22 of 29 (permalink) Old 09-26-2006, 06:04 PM Thread Starter
Lifer
 
Trip McNeely's Avatar
 
Join Date: Mar 2004
Posts: 29,396
Thumbs up

Quote:
Originally Posted by Ferendon
And with that many processes running I'm shocked you can do anything. You should 23 processes in a clean XP install, adjust for antivirus and other programs (1-2 each MAYBE 3) and you should still be under 40...
Yeah, I posted it on a good computer tech/help site. They are helping me out a lot. I appreciate the help from you as well.

CANADIANS = DOUCHERS

Trip McNeely is offline  
post #23 of 29 (permalink) Old 09-29-2006, 07:13 AM
Time Served
 
Join Date: Aug 2004
Posts: 271
LoL I counted them a couple days ago and I think you had like 55 running lol. I'm running Win 2k Pro and I've got 16 running on a fresh boot with my printer software, Windowblinds, firewall, anti-virus, and a couple other things. In your Control Panel, under Administrative Tools, you can open "Services" and there's alot shit running most people don't need. It has a clear description of each service and what it does. If it's running and you don't need it, turn it off. If a service is needed to do something, in most cases it will say "The ____ service is unavailable", so all you have to do it set it back to automatic and you're in busniess. If it's something you only occasionally do, just go in, manually start the service, do what you gotta do and on next boot it won't start again.

1992 SHO MTX
Under Construction...
White/Black/White

1992 SHO MTX
My first SHO, and always my favorite. Totaled at less than 9 MPH. Dynomax Bullets, chip'd, Tokicos, and a few other goodies. Official parts car.
Ferendon is offline  
post #24 of 29 (permalink) Old 09-29-2006, 07:18 AM
Lifer
 
Join Date: May 2006
Posts: 1,303
Also only run 1 anti virus program. I noticed you ahve AVG and McAffe running. Can 1 of them.
Also you can go to www.sarc.com and run the online virus scan this will then tell you exactly what virus you have and there is a fix it will give you a link the fix tool.

Good luck
DFWtechie is offline  
post #25 of 29 (permalink) Old 09-29-2006, 07:24 AM
Time Served
 
Join Date: Aug 2004
Posts: 271
You could safely remove these:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background



O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe - Curious about this one


Dun like the fact that it doesn't identify itself better than that, but I dunno what you've got installed on your system. It appears you have Mcafee and AVG both installed, and if that is the case you're hurting performance horribly as anti-virus software is often a severe resource hog, because it monitors all file handling to verify file integrity, which quite often doubles the resources used to do so much as move a file from dir to dir.

1992 SHO MTX
Under Construction...
White/Black/White

1992 SHO MTX
My first SHO, and always my favorite. Totaled at less than 9 MPH. Dynomax Bullets, chip'd, Tokicos, and a few other goodies. Official parts car.
Ferendon is offline  
post #26 of 29 (permalink) Old 09-29-2006, 07:28 AM
dead
 
Join Date: Sep 2002
Posts: 14,611
Quote:
Originally Posted by Ferendon
You could safely remove these:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background



O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe - Curious about this one


Dun like the fact that it doesn't identify itself better than that, but I dunno what you've got installed on your system. It appears you have Mcafee and AVG both installed, and if that is the case you're hurting performance horribly as anti-virus software is often a severe resource hog, because it monitors all file handling to verify file integrity, which quite often doubles the resources used to do so much as move a file from dir to dir.


yea, you might be right

Description:
ctfmon.exe is a process belonging to Microsoft Office Suite. It activates the Alternative User Input Text Input Processor (TIP) and the
Microsoft Office XP Language Bar. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.

Note: ctfmon.execould also be a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

Determining whether this process is a virus or a legitimate Windows process depends on the directory location it executes or runs from in WinTasks
momo stallion is offline  
post #27 of 29 (permalink) Old 09-29-2006, 07:33 AM
dead
 
Join Date: Sep 2002
Posts: 14,611
why do you run yahoo toolbar, google toolbar, aim + yahoo messenger + msn messenger. real player sucks too.
momo stallion is offline  
post #28 of 29 (permalink) Old 09-29-2006, 07:47 AM
Time Served
 
Join Date: Aug 2004
Posts: 271
That was kinda my thoughts. Just go get trillian it's integrates ALL of those plus ICQ and mIRC into 1 buddy list and a single program to start up. I've never had a problem with it, and it's much better on resources.

www.trillian.cc

1992 SHO MTX
Under Construction...
White/Black/White

1992 SHO MTX
My first SHO, and always my favorite. Totaled at less than 9 MPH. Dynomax Bullets, chip'd, Tokicos, and a few other goodies. Official parts car.
Ferendon is offline  
post #29 of 29 (permalink) Old 09-29-2006, 12:09 PM
dead
 
Join Date: Sep 2002
Posts: 14,611
yea, i use gaim. it's a third of the size of regular ole AIM.
momo stallion is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome