Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - M!TH°§

Pages: [1]
1
Tech Clinic / Runtime error '5' HELP!
« on: February 28, 2006, 10:43:07 PM »
Well, this all started like a day ago.. when i try to run some programs a window pops up saying: Runtime Error '5' Invalid procedure call or argument.  This first happened on Prince of Persia 2 and it does it on a like one or two other programs.  Thats all the info i have on it, and after that message i cant run the program.  So, if anyone knows how to fix this, it would be appreciated to bring it to my attention. Thanks.

2
Tech Clinic / Help with disabling onboard sound
« on: July 18, 2005, 05:00:07 AM »
My computer was custom-built (its not a brand like dell, compaq, etc).  

How do I get to my BIOS?

3
Tech Clinic / Help with disabling onboard sound
« on: July 17, 2005, 06:56:06 PM »
Nevermind, it didn't work it just started acting up again.

4
Tech Clinic / Help with disabling onboard sound
« on: July 17, 2005, 04:26:42 PM »
*UPDATE: I've disabled my sound in system, manage hardware.  It seems like games are running perfectly fine now.  Why in the world would this happen?  Any answers would help.

5
Tech Clinic / Help with disabling onboard sound
« on: July 17, 2005, 03:44:12 PM »
You might have saw my post on how my games randomly exception on me.  I might have found a way to kindof fix it.  I saw a bunch of people that had the same nvidia GeForce FX 5500 had the same problem.  First, I was thinkin about getting a new graphics card, but someone found a way to fix the problem.  First I need to disable my onboard sound card.  Can anyone tell me how to do this? You're help would be appreciated.

6
Tech Clinic / System has recovered from a serious error.
« on: July 13, 2005, 04:16:49 PM »
Didn't work.  (the game)

7
Tech Clinic / System has recovered from a serious error.
« on: July 11, 2005, 08:03:26 PM »
I have a Nvidia GeForce FX 5500.  I got the computer close to a year ago.  A few days ago I installed a new driver because certain games keep on exceptioning on me.  Microsoft said it was a driver problem and that I should get the newest drivers.  I followed all the instructions on installing new drivers from the Nvidia website and got the new drivers installed.  Anyways, maybe that caused the serious error, but I had those serious errors every-so-often before I changed drivers(maybe once a month or every two months, nothing big, just annoying).  I don't know if you saw my other post about my games exceptioning, but that might help you.  Here's my other post if you feel like reading it:

Quote
This has happened for a loooong time and I am just now tryin to figure out what's goin wrong. The problem originally started off with Halo. I'd be playin the game and after a while of playing the game would exit and a gathering exception data box would appear and after a while it'd have a box that said that an exception has occured and they were sorry for the inconvenience. It'd ask if I wanted to send the error report. It also asked if i wanted to see more data on it. This exception would happen more often and often until i could barely play the game. Well, I figured out that the exception didn't happen on multi for some reason, so I played that for a while. Evevtually, after a loooong time of playin multiplyaer(like weeks) it started to exception. Now, it's to the point where you can play for about 2mins then it exceptions. This didn't happen on Morrowind, until I played a loooooooooooooooooooooooonger time and even then it barely exceptioned. Right now I'm playin America's Army and it's startin to exception on me, but it comes up with a different text box. Here's what it says:

Build AmericasArmy_Build_[2004-06-01_02.01.01]OS: Windows XP 5.1 (Build: 2600)
CPU: AuthenticAMD PentiumPro-class processor @ 2107 MHz with 1022MB RAM
Video: NVIDIA GeForce FX 5500 (5656)

General protection fault!

History: UObject::ProcessEvent <- (HumanController Pipeline.HumanController, Function AGP.HumanController.PlayerTick) <- APlayerController::Tick <- TickAllActors <- ULevel::Tick <- (NetMode=3) <- TickLevel <- UGameEngine::Tick <- Level Pipeline <- UpdateWorld <- MainLoop <- FMallocWindows::Free <- FMallocWindows::Realloc <- 796D7241 0 FArray <- FArray::Realloc <- 0*2 <- FMallocWindows::Free


If you'd like I could probably get the exception data from the Halo exception also(if that'd help any). Also, I tried all the things on microsoft.com to try to fix the problem, they didn't help.

Any help would be greatly appreciated, and if you want the exceptiion data from halo, say so.

No one's replied to that thread, and no one's ever replied to it on other forums.  I've had the problem for probably 8 months.  I'm not sure if this problem has anything to do with the serious error, but I have a feeling it does. Oh, and a sidenote that might help or throw you completely off-track, after the alcan worm was fixed when we did all those scans, America's Army didn't exception for a long time (until today, so it's been about a week).  Usually it'll exception at least twice a day. Well, I'm getting off-track from the serious error problem, but only because I think it's related.  So, have I confused you yet?  I hope not.  Once again, I appreciate any help.

8
Tech Clinic / System has recovered from a serious error.
« on: July 11, 2005, 04:43:57 PM »
My computer restarted on me and I automatically asumed it was that stupid Alcan worm again, luckily(or unluckily, I'm not sure) it wasn't.  I scanned with ad aware and didn't find a thing.  Anyways, I ran some other programs then cleanup.  After running cleanup, I restarted my computer.  Once rebooted an error message appeared saying: Your Computer Has Recovered From A Serious Error.  This is as much as I could get out of it:

Error signature

   BCCode : 1000008e     BCP1 : C0000005     BCP2 : BF837815     BCP3 : B75FDC3C
BCP4 : 00000000     OSVer : 5_1_2600     SP : 2_0     Product : 256_1    

The Following files will be included in this error report:  C:\DOCUME~1\Daniel's\LOCALS~1\Temp\WER2ebd.dir00\Mini071105-01.dmp
C:\DOCUME~1\Daniel's\LOCALS~1\Temp\WER2ebd.dir00\sysdata.xml

Once I sent the error report, it took me to a Microsoft website that said it could of been caused by a driver.  Anyways, I don't know what I should do, if anything.  I found those two files, should I delete them?  Any help would be appreciated.

9
Tech Clinic / Problems with game exceptions
« on: July 07, 2005, 08:58:31 PM »
This has happened for a loooong time and I am just now tryin to figure out what's goin wrong.  The problem originally started off with Halo.  I'd be playin the game and after a while of playing the game would exit and a gathering exception data box would appear and after a while it'd have a box that said that an exception has occured and they were sorry for the inconvenience.  It'd ask if I wanted to send the error report.  It also asked if i wanted to see more data on it.  This exception would happen more often and often until i could barely play the game.  Well, I figured out that the exception didn't happen on multi for some reason, so I played that for a while.  Evevtually, after a loooong time of playin multiplyaer(like weeks) it started to exception.  Now, it's to the point where you can play for about 2mins then it exceptions.  This didn't happen on Morrowind, until I played a loooooooooooooooooooooooonger time and even then it barely exceptioned.  Right now I'm playin America's Army and it's startin to exception on me, but it comes up with a different text box.  Here's what it says:

 Build AmericasArmy_Build_[2004-06-01_02.01.01]

OS: Windows XP 5.1 (Build: 2600)
CPU: AuthenticAMD PentiumPro-class processor @ 2107 MHz with 1022MB RAM
Video: NVIDIA GeForce FX 5500 (5656)

General protection fault!

History: UObject::ProcessEvent <- (HumanController Pipeline.HumanController, Function AGP.HumanController.PlayerTick) <- APlayerController::Tick <- TickAllActors <- ULevel::Tick <- (NetMode=3) <- TickLevel <- UGameEngine::Tick <- Level Pipeline <- UpdateWorld <- MainLoop <- FMallocWindows::Free <- FMallocWindows::Realloc <- 796D7241 0 FArray <- FArray::Realloc <- 0*2 <- FMallocWindows::Free


If you'd like I could probably get the exception data from the Halo exception also(if that'd help any).  Also, I tried all the things on microsoft.com to try to fix the problem, they didn't help.

Any help would be greatly appreciated, and if you want the exceptiion data from halo, say so.

10
Tech Clinic / I REALLY NEED HELP! Win32.P2P-Wrom.Alcan.a
« on: July 04, 2005, 09:29:17 AM »
I disabled then enabled System restore.

I already have spywareblaster, but I didn't have IE Spyad, so I installed it.

Next, the complete folder was created on June 17, 2005 at 7:23 PM, should I delete it?  And no, there isn't another complete folder because there are no other users.

Thanks for the Help.

11
Tech Clinic / I REALLY NEED HELP! Win32.P2P-Wrom.Alcan.a
« on: July 03, 2005, 10:54:20 PM »
Quote
Sorry for the delay Mith

It's alright, I was busy too.

I have the XP theme back now, so that's good.  Also, there's nothing in the complete folder.  My computer is still doin good and another problem that I had with games was fixed from all of this (i think).  So thanks for all the help.

Once again, here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 11:53:43 PM, on 7/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Sprint DSL virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Thanks, thanks, thanks!

12
Tech Clinic / I REALLY NEED HELP! Win32.P2P-Wrom.Alcan.a
« on: July 02, 2005, 10:03:14 PM »
I don't wanna jynx anything, but I think my computer is doin better, nothing but 2 negligable objects were found on Ad Aware.

Here's the contents of those two things you told me to post:
  This is the find.bat:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"ThemeActive"="0"

  This is the Find1.bat:

 Volume in drive C has no label.
 Volume Serial Number is 4C0A-E75E

 Directory of C:\WINDOWS\Resources\Themes

06/06/2005  06:44 PM    <DIR>          .
06/06/2005  06:44 PM    <DIR>          ..
07/02/2005  03:45 PM    <DIR>          Luna
08/29/2002  08:00 AM             1,222 Luna.theme
08/29/2002  08:00 AM             3,025 Windows Classic.theme
               2 File(s)          4,247 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna

07/02/2005  03:45 PM    <DIR>          .
07/02/2005  03:45 PM    <DIR>          ..
06/06/2005  06:35 PM    <DIR>          Shell
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell

06/06/2005  06:35 PM    <DIR>          .
06/06/2005  06:35 PM    <DIR>          ..
06/06/2005  06:43 PM    <DIR>          Homestead
06/06/2005  06:44 PM    <DIR>          Metallic
06/06/2005  06:43 PM    <DIR>          NormalColor
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead

06/06/2005  06:43 PM    <DIR>          .
06/06/2005  06:43 PM    <DIR>          ..
08/29/2002  08:00 AM           362,496 shellstyle.dll
               1 File(s)        362,496 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic

06/06/2005  06:44 PM    <DIR>          .
06/06/2005  06:44 PM    <DIR>          ..
08/29/2002  08:00 AM           362,496 shellstyle.dll
               1 File(s)        362,496 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor

06/06/2005  06:43 PM    <DIR>          .
06/06/2005  06:43 PM    <DIR>          ..
08/29/2002  08:00 AM           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

     Total Files Listed:
               5 File(s)      1,090,711 bytes
              17 Dir(s)  100,834,009,088 bytes free


Thank you, no one else even knew what to do about my problem.

13
Tech Clinic / I REALLY NEED HELP! Win32.P2P-Wrom.Alcan.a
« on: July 02, 2005, 08:27:14 PM »
Okay, long story, I'll try to make it short.  I went into safe mode and used the cleaner, no problem.  Then I went to Ewido.............hmmm.  I scanned and at about 63% it comes up with a text box that said it couldn't repair a zipped file and the options were to delete all(if another one comes up it'll automatically delete it) delete or ignore.  I hit delete all.  Well, I turn my back for a bit and when I look again, the window for ewido is gone, for some reason the program shut.  Well, after numerous scans trying to figure out what was happining, I found out there where a bunch of files that needed deleted, and after about 4 or 5 it'll just quit.  I found out those files were in C:\Documents and Settings\Daniel's\Complete.  I go to the folder and there are about 1100 zipped files in there(all that I looked at I didn't know where they came from).  I took a gamble because I knew it would take a looooooooooong time to deleted these files by the scan, so I deleted everything in the folder(I don't know if that was good or bad).  When I scanned with Ewido, it fixed a few things and deleted a few things then it was done.  I've only experience one wierd thing:  when I rebooted my computer, my taskbar and windows are in the old style(blocky and grey).  I went into the display to try to change it back but the only option was the old style, it's kindof wierd but I can live with it.  If you know how to get it back tell me.  Now, once again, heres my log from HijackThis:



Logfile of HijackThis v1.99.1
Scan saved at 9:15:17 PM, on 7/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Sprint DSL virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



And here is the log from my last scan on Ewido:


---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         9:01:11 PM, 7/2/2005
 + Report-Checksum:      F8EC50E9

 + Date of database:      7/2/2005
 + Version of scan engine:   v3.0

 + Duration:            25 min
 + Scanned Files:         74477
 + Speed:            47.97 Files/Second
 + Infected files:         6
 + Removed files:         6
 + Files put in quarantine:      6
 + Files that could not be opened:   0
 + Files that could not be cleaned:   0

 + Binder:      Yes
 + Crypter:      Yes
 + Archives:      Yes

 + Scanned items:
   C:\

 + Scan result:
   C:\HJT\backups\backup-20050702-135341-468.dll -> Spyware.180Solutions -> Cleaned with backup
   C:\Program Files\180searchassistant\salmhook.dll -> Spyware.180Solutions -> Cleaned with backup
   C:\Program Files\Mozilla Firefox\plugins\npzango.dll -> Spyware.WinAD -> Cleaned with backup
   C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an -> Cleaned with backup
   C:\Program Files\winupdates\winupdates.exe -> Worm.VB.an -> Cleaned with backup
   C:\WINDOWS\system32\bszip.dll -> Worm.Wurmark.c -> Cleaned with backup


::Report End





Thanks for helping.

14
Tech Clinic / I REALLY NEED HELP! Win32.P2P-Wrom.Alcan.a
« on: July 02, 2005, 01:13:33 PM »
Thanks for tryin to help out, I need it.  Okay, here's the low-down.  I did all the stuff in killbox and rebooted.  After the reboot, I was reading the next step and getting ready to perform it, but my computer shut off and rebooted.  So in order to buy myself some time I went into safe mode to scan with ad aware.  I did, it found the worm again, whatever.  After that, I rebooted and got through the rest of the instructions.  (I hope the whole safe mode part didn't ruin the process).  Also, I didn't find the two programs that were supposed to be uninstalled if found.  So, here's my log now:



Logfile of HijackThis v1.99.1
Scan saved at 2:12:41 PM, on 7/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Sprint DSL virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



Thanks for helping.

15
Tech Clinic / I REALLY NEED HELP! Win32.P2P-Wrom.Alcan.a
« on: July 02, 2005, 10:54:59 AM »
I've posted before, but never really got a solution, so I'll try again.  My computer was infected with a Win32.P2P-Worm.Alcan.a, and it won't go away.  When I scan with Ad Aware SE Plus, it finds about 8-9 of them and removes them, but they keep coming back.  The only symptom that I know of is my computer will shut off and then reboot.  After it reboots, I'll run an Ad Aware full system scan and will always find 8-9 infections of the worm.  Any help would be appreciated.  Here's my log on Hijackthis:




Logfile of HijackThis v1.99.1
Scan saved at 11:54:31 AM, on 7/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Sprint DSL virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

16
Tech Clinic / Help! Win32.P2P-Worm.Alcan.a
« on: June 27, 2005, 03:06:31 PM »
Hey, it's me again(Daniel Eyster) now registered.  As I said my, computer has the Win32.P2P-Worm.Alcan.a and I can't get rid of it.  The only symtom that I know of that I think is related to it is that every so often my computer might shut off and reboot on its own(very annoying).

Once Again, Here's my log from Hijack This:


Logfile of HijackThis v1.99.1
Scan saved at 3:59:36 PM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\OpenOffice.org1.1.2\program\soffice.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Sprint DSL virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I hope I did everything according to the Forum Rules this time, and I hope you can help.  I thank anyone in advance for help they might offer.

Pages: [1]