PDA

View Full Version : Pipas.A :(



Martinx
2006-09-20, 22:37
Hi guys! Unfortunately I recently found out that my computer has been infected with Pipas.A using Spybot S&D:( It frustrates me because I've always been able to keep my computer clean from a single spyware for a long time, and now suddenly I'm getting a lot of spywares, including this one. I managed to get rid of all spywares except for this one. I use Avast! Antivirus which automatically updates itself, and Zonealarm Firewall which also automatically updates itself. I also use many types of Spyware programs to make sure that spywares stay away, so I'm pretty protected. I'm surprised I got this one. Can it be the reason for my SUDDEN major slowdowns, and Windows sometimes freezing during boots? I hope so.

I've read other threads on this spyware, so I ran HijackThis to help you. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 21:31:43, on 2006-09-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\MSMSGS.EXE
C:\Program\IMsecure\IMsecure.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\mmc.exe
C:\Program\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
C:\WINDOWS\explorer.exe
C:\Program\Spybot - Search & Destroy\SpybotSD.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\Documents and Settings\Martin\Mina dokument\Installationer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.imesh.com/intl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Steam] "C:\Program\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: IMsecure.lnk = C:\Program\IMsecure\IMsecure.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{91E014D3-4244-4729-BEAB-7DB8BEA13167}: NameServer = 85.255.114.38,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{F63E0514-880F-4A7E-B09C-98A84DC9F4FD}: NameServer = 85.255.114.38,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Thanks a lot in advance! I'm so eagre to get rid of this spyware!

Martinx
2006-09-20, 23:13
If I'm missing anything please let me know as soon as possible!

I would appreciate some input!

Martinx
2006-09-21, 00:16
Here's the Fixwareout log:

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\cygmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1trap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\2trap
...

Random Runs removed from HKLM
"dmgyc.exe"=-
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSUKU.EXE 51 798 2006-09-17
C:\WINDOWS\SYSTEM32\DMGYC.EXE 62 026 2004-08-04

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

Martinx
2006-09-21, 00:17
Here's the HijackThis log after Fixwareout:

Logfile of HijackThis v1.99.1
Scan saved at 23:17:31, on 2006-09-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\MSMSGS.EXE
C:\Program\IMsecure\IMsecure.exe
C:\PROGRAM\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Martin\Mina dokument\Installationer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Steam] "C:\Program\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: IMsecure.lnk = C:\Program\IMsecure\IMsecure.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{91E014D3-4244-4729-BEAB-7DB8BEA13167}: NameServer = 85.255.114.38,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{F63E0514-880F-4A7E-B09C-98A84DC9F4FD}: NameServer = 85.255.114.38,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Martinx
2006-09-21, 01:40
Well for some odd reason it seems Pipas.A no longer exists after the Fixwipeout. I ran Spybot S&D just out of curiosity to see if it was still there, and to my amazement it wasn't. Was it Fixwipeout that got rid of it, or is it still lurking somewhere there?

LonnyRJones
2006-09-24, 12:03
Welcome

Close all browsers
Start Hijackthis and place a check next to these items If there.
O17 - HKLM\System\CCS\Services\Tcpip\..\{91E014D3-4244-4729-BEAB-7DB8BEA13167}: NameServer = 85.255.114.38,85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{F63E0514-880F-4A7E-B09C-98A84DC9F4FD}: NameServer = 85.255.114.38,85.255.112.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.38 85.255.112.7

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Manualy delete these files if they still exist
C:\WINDOWS\SYSTEM32\CSUKU.EXE
C:\WINDOWS\SYSTEM32\DMGYC.EXE
Your antivirus might delete when you get close to them, thats fine.

delete c:\fixwareout, it wont be needed any longer.

Note:
If You have connection problems or those 017's ~ 85.255.114.38 85.255.112.7, return >
Before doing this write down all the settings, Note that not all system/setups even have these settings, While some connection service's will require them.
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties.
Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
Do that for every conntection listed.

Post a fresh hijackthis log please, be sure to mention any current problems.

Martinx
2006-09-25, 19:24
Thanks a lot LonnyRJones! I tried to do everything exactly as you told me, and I think I managed good in every step without too much complexity.

Here's the new HijackThis logfile done after your proceedings:

Logfile of HijackThis v1.99.1
Scan saved at 18:22:04, on 2006-09-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\MSMSGS.EXE
C:\Program\IMsecure\IMsecure.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Martin\Mina dokument\Installationer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Steam] "C:\Program\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: IMsecure.lnk = C:\Program\IMsecure\IMsecure.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


There seems to be no problems as of now. Thanks a lot! I will gladly return when I get a new problem, which I really do not hope! Thanks once again!

LonnyRJones
2006-09-25, 20:09
Looks fine Martinx

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

tashi
2006-10-01, 05:21
As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Glad we could help.

LonnyRJones
2006-10-03, 15:39
Thread re-opend on request

Martinx
2006-10-03, 17:09
Okay so I wanted to re-open this thread because I felt that I'm getting slowdowns for no apparent reason. I just want you guys to read my logfiles and make sure there isn't any malware left on my computer.

Okay, here's my HijackThis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 16:05:22, on 2006-10-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\MSMSGS.EXE
C:\Program\IMsecure\IMsecure.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Martin\Mina dokument\Installationer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Steam] "C:\Program\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: IMsecure.lnk = C:\Program\IMsecure\IMsecure.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

LonnyRJones
2006-10-03, 17:16
Hi
Slowdowns as in Browsers or the PC ?

When you suspect a virus/trojan or bots or the pc is just plain acting wierd get more opinions
post a report from one or both of these free online scans.

Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
We dont need to see item's listed as "Object is locked skipped" so edit those out.
We do not need to see items reported that are in an antivirus quorantine folder.

Martinx
2006-10-03, 17:19
Well I ran Fixwareout just now, so I might as well just post the logfile:


Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.



I'm working on the free online scans you provided. I'll post them immidiately after I finnished scanning.

Martinx
2006-10-03, 17:25
When I pressed on the My Computer button, it tells me to enter my country and email adress, and then wants me to install some kind of program called ActiveX, is that the one you wanted me to press on?

Martinx
2006-10-03, 17:28
When I accepted to install ActiveX, my antivirus detects this:

A VIRUS WAS FOUND!

File Name: http://acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL

Malware name: Win32:CTZ

Malware type: Virus/Worm

VPS version: 0640-1, 2006-10-03

Is it not a virus, and should I ignore it?

LonnyRJones
2006-10-03, 17:33
Avast alerted when Panda activex was installing ?

You should go let the people at avast know about that later.

Allow it

Martinx
2006-10-03, 17:35
Haha okay good. I'll let Avast know about it. I'll post back very soon.

Martinx
2006-10-03, 18:00
Here is the result of the scan (quite a lot of spyware actually):

Incident Status Location

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.com.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.research-int.se/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.atwola.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.ig.com.br/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[drivecleaner.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[server.iad.liveperson.net/hc/1856972]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\fsrt92vb.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Martin\Cookies\martin@research-int[1].txt
Potentially unwanted tool:Application/Zango Not disinfected C:\Program\Mozilla Firefox\plugins\npclntax.dll
Potentially unwanted tool:Application/RealSpy Not disinfected C:\WINDOWS\system32\actskn45.ocx

Martinx
2006-10-03, 18:16
The results above are of the Panda Software scan, I'm currently working on the Kaspersky scanner.

Martinx
2006-10-03, 19:20
Here's the Kaspersky scan result (I desperately waited for a whole hour!!):

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 79904
Number of viruses found 2
Number of infected objects 6 / 0
Number of suspicious objects 0
Duration of the scan process 00:58:33

C:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped

C:\System Volume Information\_restore{5BDEA040-7E38-4EB9-98B7-5DEBC9351A9A}\RP115\A0018021.dll Infected: not-a-virus:AdWare.Win32.180Solutions.au skipped

C:\System Volume Information\_restore{5BDEA040-7E38-4EB9-98B7-5DEBC9351A9A}\RP142\A0030292.dll Infected: not-a-virus:AdWare.Win32.180Solutions.au skipped

C:\System Volume Information\_restore{5BDEA040-7E38-4EB9-98B7-5DEBC9351A9A}\RP142\A0030480.dll Infected: not-a-virus:AdWare.Win32.180Solutions.au skipped


These are the results.

LonnyRJones
2006-10-03, 23:36
Thanks

Describe the problem in as much detail as possible,
Is it just that browsers are slow or is it the PC in gerneral ?


Mirc is a false possitive
Lets go see what other programs think about these two
C:\Program\Mozilla Firefox\plugins\npclntax.dll
C:\WINDOWS\system32\actskn45.ocx
By submiting each here http://www.virustotal.com/flash/index_en.html

Martinx
2006-10-04, 14:21
Well it's not like the computer is slow in windows or anything, or that programs take long time to load (I have a P4 3,2ghz and 2gig ram), it's just that I'm experiencing some slowdowns in gaming which I've never had before. I can tell the difference. Oh, I also get this problem that I also got before when I had the Pipas.A spyware on my system. Sometimes when I boot into windows, explorer.exe doesn't start, meaning that the only thing that shows up is my background picture, nothing else. So I have to open the task manager and open explorer.exe manually. But when I do that, the only thing that opens is windows, but all my programs such as Zonelabs Firewall and Avast! Antivirus don't load like the usually do at startup. So I have to reboot again.

Okay I'll try those two files (C:\Program\Mozilla Firefox\plugins\npclntax.dll
C:\WINDOWS\system32\actskn45.ocx).

Oh, and what do you mean by "a false possitive? How come you only think those two are spywares? Didn't the scanners I used yesterday detect like 34 spywares or more?

Thanks a lot for your help so far, I appreciate it.

Martinx
2006-10-04, 14:46
Here is the result I got for C:\Program\Mozilla Firefox\plugins\npclntax.dll:

Antivirus Version Update Result
AntiVir 7.2.0.22 10.04.2006 no virus found
Authentium 4.93.8 10.03.2006 W32/Agent.AMO
Avast 4.7.892.0 10.03.2006 no virus found
AVG 386 10.03.2006 no virus found
BitDefender 7.2 10.04.2006 Adware.180solution.E
CAT-QuickHeal 8.00 10.03.2006 no virus found
ClamAV devel-20060426 10.04.2006 no virus found
DrWeb 4.33 10.04.2006 Adware.Zango
eTrust-InoculateIT 23.73.13 10.04.2006 no virus found
eTrust-Vet 30.3.3114 10.04.2006 no virus found
Ewido 4.0 10.04.2006 no virus found
Fortinet 2.82.0.0 10.04.2006 Adware/ZangoSA
F-Prot 3.16f 10.03.2006 security risk named W32/Agent.AMO
F-Prot4 4.2.1.29 10.04.2006 W32/Agent.AMO
Ikarus 0.2.65.0 10.04.2006 no virus found
Kaspersky 4.0.2.24 10.04.2006 no virus found
McAfee 4865 10.03.2006 potentially unwanted program Adware-ZangoSA
Microsoft 1.1603 10.04.2006 no virus found
NOD32v2 1.1789 10.04.2006 no virus found
Norman 5.90.23 10.04.2006 no virus found
Panda 9.0.0.4 10.03.2006 Application/Zango
Sophos 4.10.0 10.04.2006 no virus found
Symantec 8.0 10.04.2006 no virus found
TheHacker 6.0.1.091 10.04.2006 no virus found
UNA 1.83 10.03.2006 no virus found
VBA32 3.11.1 10.03.2006 no virus found
VirusBuster 4.3.7:9 10.03.2006 no virus found

Aditional Information
File size: 39424 bytes
MD5: 716fc302e0b3948805e45dfe6dc6d0f3
SHA1: ad8b2e888196e36de66998edf0247119688f1de9

Martinx
2006-10-04, 15:05
Here is the result for C:\WINDOWS\system32\actskn45.ocx:

Antivirus Version Update Result
AntiVir 7.2.0.22 10.04.2006 no virus found
Authentium 4.93.8 10.03.2006 no virus found
Avast 4.7.892.0 10.03.2006 no virus found
AVG 386 10.03.2006 no virus found
BitDefender 7.2 10.04.2006 no virus found
CAT-QuickHeal 8.00 10.03.2006 no virus found
ClamAV devel-20060426 10.04.2006 no virus found
DrWeb 4.33 10.04.2006 Trojan.Isbar.439
eTrust-InoculateIT 23.73.13 10.04.2006 no virus found
eTrust-Vet 30.3.3114 10.04.2006 no virus found
Ewido 4.0 10.04.2006 Downloader.IstBar
Fortinet 2.82.0.0 10.04.2006 no virus found
F-Prot 3.16f 10.03.2006 no virus found
F-Prot4 4.2.1.29 10.04.2006 no virus found
Ikarus 0.2.65.0 10.04.2006 no virus found
Kaspersky 4.0.2.24 10.04.2006 no virus found
McAfee 4865 10.03.2006 no virus found
Microsoft 1.1603 10.04.2006 no virus found
NOD32v2 1.1789 10.04.2006 no virus found
Norman 5.90.23 10.04.2006 no virus found
Panda 9.0.0.4 10.03.2006 Application/RealSpy
Sophos 4.10.0 10.04.2006 no virus found
Symantec 8.0 10.04.2006 no virus found
TheHacker 6.0.1.091 10.04.2006 no virus found
UNA 1.83 10.03.2006 no virus found
VBA32 3.11.1 10.03.2006 Trojan.Isbar.439
VirusBuster 4.3.7:9 10.03.2006 no virus found

Aditional Information
File size: 483328 bytes
MD5: 5c94442ad4f2a8e23487c2d245f4feb4
SHA1: 228f994f96675d6714733e44eefd54d0ccd17e3e

LonnyRJones
2006-10-04, 15:28
Thanks

Ok delete both of them while all browsers are closed, any problems deleting them do so while in safe mode.

Martinx
2006-10-04, 15:39
Done! I could delete them both without going into safe mode.

But were those two the only problems you could find in all these scans I made? If so, great! Thanks a bunch mate!

LonnyRJones
2006-10-04, 15:51
The others were just cookies,

Give it a few days then post back again to let us know how its acting.

"slowdowns in gaming" perhaps check and see if your video card has a new version of its software.

""Sometimes when I boot into windows, explorer.exe doesn't start, meaning that the only thing that shows up is my background picture, nothing else. So I have to open the task manager and open explorer.exe manually. But when I do that, the only thing that opens is windows, but all my programs such as Zonelabs Firewall and Avast! Antivirus don't load like the usually do at startup. So I have to reboot again.""

Not sure it would help but Have you done any basic PC maintenance lately ?
as in run chrdisk and defrag
Start > Run > type in cmd
At the command prompt type in chkdsk C: /r
or whichever drive you want to check > Enter
Accept the message that chkdsk will run at the next reboot.
Restart your PC
Then run Disk Defragmenter
Start > Programs > Accessories > System Tools >Disk Defragmenter

Martinx
2006-10-04, 17:48
I have the latest drivers for my graphics card, so that's not the problem. I'll try to sort the gaming thing out myself. I defragment my computer once or twice every week, so that's alright too. But I haven't tried the chrdisk thing, so I'll try that just incase.

Thanks a lot for your help Lonny!!

tashi
2006-10-10, 09:22
This topic has been closed to prevent others with similar issues posting in it.
:)
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.