[Wizard]

Lets see a fresh HijackThis log and use the Task Manager to determine whats drawing the most resources and let me know that Info!

[Advertisements]

The Proccess that is drawing most stuff away is called gcasDTServ.exe when i end that proccess, the computer seems to work fine. Here is the fresh log.

Logfile of HijackThis v1.99.1
Scan saved at 10:08:30 PM, on 6/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zak\My Documents\HIjackThis\20050520-023-i32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-nz\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-nz\msntb.dll
O3 - Toolbar: (no name) - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - (no file)
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119090581923
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1119090532626
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D16784D-A822-405A-9369-77E03E217EFC}: NameServer = 203.96.152.4,203.96.152.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{360EC9B5-F434-4075-8B35-C2601DB31C19}: NameServer = 203.96.152.4,203.96.152.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D16784D-A822-405A-9369-77E03E217EFC}: NameServer = 203.96.152.4,203.96.152.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

[Omnifire]

The Proccess that is drawing most stuff away is called gcasDTServ.exe when i end that proccess, the computer seems to work fine. Here is the fresh log.

Logfile of HijackThis v1.99.1
Scan saved at 10:08:30 PM, on 6/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zak\My Documents\HIjackThis\20050520-023-i32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-nz\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-nz\msntb.dll
O3 - Toolbar: (no name) - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - (no file)
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119090581923
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1119090532626
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D16784D-A822-405A-9369-77E03E217EFC}: NameServer = 203.96.152.4,203.96.152.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{360EC9B5-F434-4075-8B35-C2601DB31C19}: NameServer = 203.96.152.4,203.96.152.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D16784D-A822-405A-9369-77E03E217EFC}: NameServer = 203.96.152.4,203.96.152.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

[Wizard]

OK,that would make sense!

Uninstall these

Ewido

Microsoft AntiSpyware

Super Ad Blocker Service<< Unless you really want to keep this!

Norton Antivirus<< Unless you plan on paying for it!
http://www.cit.corne...installnav.html

If you have any problems getting Norton to uninstall visit Symantecs Web Site and look for the Uninstallation Instructions for your Version!

Once Completed,Restart the PC!

If you have not got a firewall Installed,let me know and I will link you to some free ones that do a fine job!

Be sure to keep Spybot Updated and consider Activating Tea Timer!

[Omnifire]

My Previou firewall (sygate) was annoying as [bleep] (kept on minimizing my gaming window to brag aobut it's own success) so i wasted it. So to answe the question, no, i odn't have a firewall, please hoook me up.

[Wizard]

Any firewall is going to do that until you configure the Programs Accesses to allow the traffic you deem Safe!

Sygate is an excellent firewall and yes,its annoying as Shite until you get everything placed and Configured the Way you want the PC to Access the Internet!

Shall wedo some more trimming to allow a littl more System Resources for lets say...Games??

[Omnifire]

THat would be great. But can you gimme a link to a firewall? (i forgot where i got sygate)

[Wizard]

Sorry,Small Brain Fart!

Sygate
http://smb.sygate.co...pf_standard.htm

Kerio
http://www.kerio.com...f_download.html

Zone Alarm
http://www.zonelabs....ontent/home.jsp

OutPost
http://www.agnitum.c...d/outpost1.html

[Omnifire]

And how do i make it stop killing my gaming experience o wisest of malware removalists?

[Wizard]

In each of those,there should be a set of program control settings!

You will want to set the access for the game to Automatic!

This is what I had to do with Blackhawk Down when I use to team with my teenage son!

Almost every Online game we have ever used,the firewall had to be configured for access or dropped while logging in!

NovaWorld was touchy though,I am unfamiliar most all the other games but it was all related to the site being able to ping us!

Hope that helps!

[Omnifire]

I'm coming up blank mate...(bit of a computer retard right here)

[Wizard]

Simply put,if the firewall gives you that much grief while trying to play a game,just disable it until you begin to actually play,then renable it!

If it begins to block any access from there,I will have to Install the Firewall on a test PC and Install the game before I cvan give any further Advice!

This is no a problem at all,its the only way I know to give solid Advice!

[Omnifire]

what do i actually use the firwall to block?

[Wizard]

Explaining that is rather difficult as time goes on you will understand how to make it effective for your personal use!

The link below will explain alot!
http://www.bleepingc...tutorial60.html

Basically Firewalls are designed to monitor all traffic inbound and outbound!

So if you are playing a game,you dont want the firewall blocking it!

And if you are playing a game and thats all that is open and say Internet Explorer was trying to access the Internet,well then you would want to block it until you know whats going on!

And if you were playing a game and got a message that something was trying to Intrude on the PC,it will be blocked automatically and then give you details as to what happened and you will be able to assess if its Malicious or Wanted for your PC!

The Link explains it alot better than me!

[Omnifire]

Thanks. To you and your links