Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Magiccontrol and others [RESOLVED]


  • This topic is locked This topic is locked

#16
TheoDread

TheoDread

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hey There jfcap,

I guess I need to appologize for my eagerness. My appologies :tazz: .

Please bear with me momentarily

I have been using computers for more than 20 years now. My first was a Texas Instrument with a cassette drive. I have had C-64s and all *86 models. I have always had fun with them, and I used to program some in Basic ....ya ya I know...ancient history. My point is only that I have always been a hands on user. I DO NOT know everything...in fact I have fallen very very far behind as far as todays systems are concerned. I still love to play with them, and I am always learning. And I know none of that means squat in real terms.

I only mention this because I feel a slight need to defend myself ( a charater flaw ), I really didn't feel like I was giving you advice. I was simply having fun learning. I guess I thought I could pick your brain and discover the reasons for your instructions as we went through them.. I was tossing out my thoughts looking for corrections to my reasoning. I was looking to learn from you as this machine was worked on.

In hindsight, I can see where this forum is not the place to accomplish that end. Geek-u is the place to learn...not here.

Again...my appologies


I am still interested in having my computer run better. I am however, unsure if this thread is right place to do it. I do not know if I have a malware infection, a conflict between programs, something setup improperly...I don't know. I don't know if you would be willing to help me figure it out.

When I first found Geeks To Go, I was infected...what I learned in the first hour here was that I was using malware as a legitimate malware remover. That got fixxed and I ran all the scans I was asked to. Thank you.

Startup and Shutdown are still extreemly slow... there may be something wrong with my firewall..I just don't know.


Gadzooks...I do go on don't I...


Anyway, I have reset the restore points and I have run KAV (there was one of the 016s still showing up)

Yes I am using Tweakui


Once more Thank You for your Time.
  • 0

Advertisements


#17
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts

I only mention this because I feel a slight need to defend myself ( a charater flaw ), I really didn't feel like I was giving you advice. I was simply having fun learning. I guess I thought I could pick your brain and discover the reasons for your instructions as we went through them.. I was tossing out my thoughts looking for corrections to my reasoning. I was looking to learn from you as this machine was worked on.


Dont worry about this, I know you are trying to learn the ropes of everything related to malware. I get so many logs a day, It is hard to remember who is GeekU and who is not (Yeah I know if says under your name..). Ill try my best to explain my reasonings as we go, and ill be happy to answer any questions that you have.

First, lets shut down TweakUI, as it could be the cause of this entire issue.

Let me know how the computer works without TeakUI running.
  • 0

#18
TheoDread

TheoDread

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hello again,

I spent some time looking for a way to uninstall tweak. in is not in the add/remove programs or the add/remove windows components.. I cannot find an uninstall for it.. none of the tabs in the program have an uninstall button. When I right click the icon I do not get a properties option.

So... :tazz:

I tried to google "uninstalling tweakui" but the results were many and basicly said that the add/remove programs list shouild be the way to go.

Everything seems to be working alright....it is just startup and shutdown that are are acting different than they were. It seems to take forever to do either.

I think ( read that Guess ), that I may have too many AV auto scans set up, and they are all trying to do the same things at the same time.

I await your next instruction.

Meanwhile, I will leave my puter alone and work on practice log one.

Thanks again.
  • 0

#19
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
What autoscans do you have set up?
  • 0

#20
TheoDread

TheoDread

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I am assuming these are scaning as they startup, as they are loaded at Startup. I am seeing these icons in the system tray, Panda Platinum Automatic Protection, TrojanHunter Guard, a Squared Guard, Ewido Security Suite.

The Panda protection seems to be taking the longest to load and everything is slow untill it does. It can take more than 5 minutes from the time I logon to the time anything will respond to the mouse...startmenu..desktop icons..etc

I am sure there must be some redundancies here someplace. Again, I am unsure what should be running. I am close to an information overload. There is just so much reading to do...and it is all still filtering in. I am trying to keep it simple and yet my simple solutions are what got me here in the first place. ( for example...I was running just one AV program and I was simply trusting it to protect me against everything with its default settings)

Thanks again
  • 0

#21
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
I would reccomend uninstalling everything you listed above except for Ewido.

And see if that helps with the speed of things.

Also, how old is your computer?
  • 0

#22
TheoDread

TheoDread

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
:tazz: G'Day jfcap

Sorry it's been a day or two...been real busy here.

I am using a PIII 730mhz 128mb ram. I don't know how old it is as I bought it second hand from a government surplus sale.

After uninstalling all the "extra" programs I had running in the backgroung things seem to be working fine. Startup and shut down are now runnibng smoothly. an ewido scan this morning showed zero infections.

I think this just may be close to the end.

Just let me know if you want to see another HJT log.

Thanks Again jfcap.
  • 0

#23
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Post one more HJT log and I will make sure it is clean. Then Ill give you a list of things that you should use that will protect your computer :tazz:
  • 0

#24
TheoDread

TheoDread

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hullo

I have a couple of minutes before work....here's the Log..

Logfile of HijackThis v1.99.1
Scan saved at 5:56:48 AM, on 06/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SYSTEM32\USRmlnkA.exe
D:\WINDOWS\SYSTEM32\USRshutA.exe
D:\WINDOWS\SYSTEM32\USRmlnkA.exe
D:\WINDOWS\system32\atiptaxx.exe
D:\Program Files\Netscape Online Accelerator\slipaccel.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\GtGfix\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [USRpdA] D:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [QuickTime Task] "D:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [slipaccel.exe] "D:\Program Files\Netscape Online Accelerator\slipaccel.exe"
O4 - Global Startup: Netscape Online Accelerator.lnk = D:\Program Files\Netscape Online Accelerator\slipaccel.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/d...r/int_ver30.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe



And here's my thanks

again
  • 0

#25
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

That log is as clean as a whistle! (never got that one....)

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Let me know if you have any other questions!
  • 0

Advertisements


#26
TheoDread

TheoDread

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
My Thanks jfcap

Your patience as I fumbled through this was appreciated.

It is so nice to have a clean machine.

I look forward to learning more as I work out the practice logs.

Any comments you might feel like making as I work on them would be welcomed.

Again, My Thanks for an issue well resolved.
  • 0

#27
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Im Happy to help!

Feel free to PM me if you have any questions. :tazz:

Good Luck in GeekU!
  • 0

#28
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP