E-trust EZ Firewall problems

Help and Discussion

Moderator: The Mod Squad

Postby jimflint1 » Sun Feb 20, 2005 7:32 am

kltsin wrote:
First what is your ISP and how do you connect to the internet? (include your OS)
Check for any driver updates for your hardware.
Reinstall that hardware if needed.


I highly recommend you post a HJT log for review to see if there is anything malicious running.
HiJackThis (HJT) can be found here.
http://www.merijn.org/files/hijackthis.zip
Or here http://computercops.biz/zx/Merijn/hijackthis.zip


My ISP is called Networld and I have a dial-up connection. I've already run Spybot and already had it on my system. I've had trouble downloading and installing Ad-Aware, (corrupt installation file, the message says).. Here's my HJ log, for your enjoyment!

Logfile of HijackThis v1.99.1
Scan saved at 8:41:30 AM, on 2/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
F:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Cyb2k.exe
F:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
F:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
F:\Program Files\NetWORLD Connections Inc\Netsurf.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "F:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8684122234
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C69D895-7A02-4E0D-A2F0-FB546E084A11}: NameServer = 209.63.232.2 209.63.232.254
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - F:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
jimflint1
Brown Belt
Brown Belt
 
Posts: 337
Joined: Thu Mar 18, 2004 5:02 pm

Postby jimflint1 » Sun Feb 20, 2005 7:36 am

In addition, since i had to reinstall and get all the Security Updates from MS, for some reason Service Pack 2 won't download. I don't know if it's necessary since I use Mozilla, (mostly), but my kids my accidentally click on Explorer so I want to at least have all the security (hah!) that Microsoft can provide.

Shane
jimflint1
Brown Belt
Brown Belt
 
Posts: 337
Joined: Thu Mar 18, 2004 5:02 pm

Postby kltsin » Mon Feb 21, 2005 12:11 am

jimflint1 wrote:In addition, since i had to reinstall and get all the Security Updates from MS, for some reason Service Pack 2 won't download. I don't know if it's necessary since I use Mozilla, (mostly), but my kids my accidentally click on Explorer so I want to at least have all the security (hah!) that Microsoft can provide.

Shane


Yeah i see you are big on security from firewalls... I see 3 running or remnants of software firewalls running.
Outpost
ZoneAlarm
Etrust

This is a big no no, make sure you have all but one running...
Check add remove programs for any that are installed and uninstall them.
If you are using msconfig to just load certain items, DONT do so, if you want a program to not be loaded at startup we can work around it...

XP has many many exploits, using Mozilla cant help here (its just a web browser), you need to get SP2 installed.
You can order a free CD from MS as well as download it.
Now what do you mean that you cant download it!!
MS windows update needs IE and its ActiveX client to be able to install.
If IE wont install sp2 readthis forum thread

Your HJT looks OK, there are a few issues
The dual windows update, 3 firewall processes, web related, and 1 other.
I will reply with a full report once you fix the multiple firewall issues.. and then post a new HJT log.
kltsin
Black Belt 2nd Degree
Black Belt 2nd Degree
 
Posts: 2792
Joined: Tue Jun 29, 2004 9:05 am
Location: St. Augustine, Fl

Postby jimflint1 » Mon Feb 21, 2005 6:58 am

Thanks, kltsin. I have a few clarifications to add to what you said.


kltsin wrote:Yeah i see you are big on security from firewalls... I see 3 running or remnants of software firewalls running.
Outpost
ZoneAlarm
Etrust


I've just tried a few in my day.


This is a big no no, make sure you have all but one running...
Check add remove programs for any that are installed and uninstall them.
If you are using msconfig to just load certain items, DONT do so, if you want a program to not be loaded at startup we can work around it...


Not any luck there. Checked Add/Remove Programs and the Outpost and Zone Alarms aren't showing up. So if you have any further suggestions as to how to remove those references, I'd appreciate it.

Shane
jimflint1
Brown Belt
Brown Belt
 
Posts: 337
Joined: Thu Mar 18, 2004 5:02 pm

Postby kltsin » Mon Feb 21, 2005 9:02 pm

jimflint1 wrote: I've had trouble downloading and installing Ad-Aware, (corrupt installation file, the message says).. Here's my HJ log, for your enjoyment!

To install adaware, open IE;
Turn the security settings down to default, clear the cache and hit okay.
Make sure adaware isnt installed, check add remove programs.
Now try the installer for adaware again, if that doesnt help try downloading a new installer from lavasoft.

Now onto the other firewalls.

See if there is an uninstall.exe or unwise.exe in this location. "F:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe"
If you can uninstall it that way that would be best, if not ..
If you still have the installer for OUTPOST reinstall it in the same directory , reboot.

If you have successfully Uninstalled it Reboot.

In the RUN box type in
services.msc
Look for "TrueVector Internet Monitor" disable it

Reboot and post a newlog.

The above should fix any issues you are having...err I hope..
kltsin
Black Belt 2nd Degree
Black Belt 2nd Degree
 
Posts: 2792
Joined: Tue Jun 29, 2004 9:05 am
Location: St. Augustine, Fl

Postby jimflint1 » Tue Feb 22, 2005 4:33 am

kltsin wrote:
In the RUN box type in
services.msc
Look for "TrueVector Internet Monitor" disable it

Reboot and post a newlog.

The above should fix any issues you are having...err I hope..


Here is what the guy from microsoft told me to do. I'm having trouble believing that I should turn off my AV and firewall in order to download SP2.

Note: Please disable all installed anti-virus and firewall programs first.

1. Download Windows XP Service Pack 2 setup file at

http://download.microsoft.com/download/ ... P2-ENU.exe

2. Restart the computer.

3. Keep pressing the F8 key until the Windows Startup menu appears.

4. Choose Safe Mode, and press Enter.

Note: In Safe Mode, your system display and Desktop will look and perform differently than in Normal Mode. This is only temporary.

Note: If after pressing F8, nothing happens. It is because the settings have been changed by the computer manufacturer. Please refer to the user manual or contact the computer manufacturer for information on how to enter Safe Mode.

5. In Safe Mode, run the downloaded file.

6. After Installation, restart your computer and check if Windows XP SP2 has been installed correctly.

Note: If SP2 cannot be downloaded on your computer, please feel free to let me know, and I will order a SP2 patch CD for you for free of charge.

Please take your time in trying the suggestions above and let me know the results at your earliest convenience. If anything is unclear or you have any further concerns, please feel free to let me know. It is my pleasure to be of assistance.


Here's the HJ log:



Logfile of HijackThis v1.99.1
Scan saved at 5:45:02 AM, on 2/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Cyb2k.exe
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
F:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
F:\Program Files\Internet Download Manager\IDMan.exe
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
F:\Program Files\NetWORLD Connections Inc\Netsurf.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKCU\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O8 - Extra context menu item: Download All Links with IDM - F:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - F:\Program Files\Internet Download Manager\IEExt.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8684122234
O16 - DPF: {A6B10B85-49AB-4FD7-AD2F-2F02C188896C} (DataUpload Class) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C69D895-7A02-4E0D-A2F0-FB546E084A11}: NameServer = 209.63.232.2 209.63.232.254
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
jimflint1
Brown Belt
Brown Belt
 
Posts: 337
Joined: Thu Mar 18, 2004 5:02 pm

Postby kltsin » Tue Feb 22, 2005 9:09 am

There is a broken LSP winsock, this is from the internetdownloadmanager.
Having a broken winsock can cause the system to not connect to the internet or poorly.
Try uninstalling it and reboot, then reinstalling it and reboot, that should fix it, post a new Log afterward.

As far as you not being able to download sp2.

Did you try what I suggested in my other forum,
I see the link didnt work, here is a new one.
http://s87841630.onlinehome.us/forum/vi ... .php?t=314
I will quote what it says as well:

Hit the windows key on the keyboard and the Pause/Break key at the same time to bring up system properties, (you can also right click My Computer and select properties or just enter it via the control panel).

Turn off Automatic updates hit OK and reboot.
Go back and turn it on to Automatic. Reboot

Go back there a 3rd time and hit the lowest option to show hidden updates.
"offer updates that I have hidden"
**********
Lets make sure you have all of the services required turned on.

In the run box type in
services.msc

(Note there are several ways to do this, the following is set so these services will always turned on, you can set them to manual if you wish but for troubleshooting purposes lest keep them on)

Make sure the following Services are set to these paramaters.

Automatic Updates - set to Automatic, right click and hit start if not started, if already started select restart.

Background Intelligent Transfer Service - set to Automatic, right click and hit start if not started, if already started select restart.

Open control panel.
Internet options
Security Tab, select default and hit okay
Close all windows
Open IE and click tools, windows update

If it isnt working then we can dig deeper.
kltsin
Black Belt 2nd Degree
Black Belt 2nd Degree
 
Posts: 2792
Joined: Tue Jun 29, 2004 9:05 am
Location: St. Augustine, Fl

Postby jimflint1 » Tue Feb 22, 2005 2:56 pm

kltsin wrote:There is a broken LSP winsock, this is from the internetdownloadmanager.
Having a broken winsock can cause the system to not connect to the internet or poorly.
Try uninstalling it and reboot, then reinstalling it and reboot, that should fix it, post a new Log afterward.

As far as you not being able to download sp2.

Did you try what I suggested in my other forum,


thanks. I'm not on my home computer right now, but when I get time, hopefully tonight, I'll try your suggestions. I am getting some kind of very slow download indicated by the "automatic updates" icon on the lower right task bar. Yesterday it was saying 35% and this morning 40%. Is there any way of finding out what that's downloading?

Shane
jimflint1
Brown Belt
Brown Belt
 
Posts: 337
Joined: Thu Mar 18, 2004 5:02 pm

Postby jimflint1 » Tue Feb 22, 2005 5:13 pm

On Background etc., I clicked "restart" and it went through, trying to shut down. After awhile it came back with a message that read:"did not respond in a timely fashion" and stopped.

Anyway, here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 6:18:12 PM, on 2/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Cyb2k.exe
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
F:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
F:\Program Files\NetWORLD Connections Inc\Netsurf.exe
F:\Program Files\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "F:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 8684122234
O16 - DPF: {A6B10B85-49AB-4FD7-AD2F-2F02C188896C} (DataUpload Class) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C69D895-7A02-4E0D-A2F0-FB546E084A11}: NameServer = 209.63.232.2 209.63.232.254
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
jimflint1
Brown Belt
Brown Belt
 
Posts: 337
Joined: Thu Mar 18, 2004 5:02 pm

Postby kltsin » Tue Feb 22, 2005 10:00 pm

jimflint1 wrote:thanks. I'm not on my home computer right now, but when I get time, hopefully tonight, I'll try your suggestions. I am getting some kind of very slow download indicated by the "automatic updates" icon on the lower right task bar. Yesterday it was saying 35% and this morning 40%. Is there any way of finding out what that's downloading?


Well a slow update means a large file, but being on dial up it also depends on what is being installed.
As I said you can order the SP2 cd for free from here...
http://www.microsoft.com/windowsxp/down ... fault.mspx
It may take a while to come, but this may be a good thing if you dont have SP2 installed...

Your system should be stable before installing sp2, any issues may come back to haunt you.
So after removing the firewalls etc are you having any issues...
Again as I stated in previous posts, you may not be connecting to some sites for other reasons, like automatic updates is installing and stealing bandwidth or that site is busy with traffic...

You can set automatic updates to notify you of new updates then choose to install them.

Or what I prefer to do when I dont have alot of internet bandwidth and stuck with dial up is download the individual updates. Since you dont have SP2 and your system is very much lagging, you have no choice but to get your system up to date for all critical updates FIRST.
After you get all of the critical updates you can set the automatic updates to notify you of new updates and then choose to install them at will and know what is downloading.

I also personally have the automatic feature turned off, each update has a name attached to it. Go to windows update site to see the KB#####, then, Referencing through microsofts site for that number I can use a Get right to download that file at will, then install it and not use the automatic or activeX install ever. Why would I do this? If I ever crashed a system, I dont have to redownload it, I have it on disk and just need to install it...


jimflint1 wrote:On Background etc., I clicked "restart" and it went through, trying to shut down. After awhile it came back with a message that read:"did not respond in a timely fashion" and stopped.

Anyway, here's the new log:


On this I hope you followed my instructions carefully, dont use HJT to remove instances you are unsure of...
That said and done, hows everything running?
kltsin
Black Belt 2nd Degree
Black Belt 2nd Degree
 
Posts: 2792
Joined: Tue Jun 29, 2004 9:05 am
Location: St. Augustine, Fl

PreviousNext

Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 1 guest