Tech help needed
By
Back_Blast,
Posted on: 2010-07-08 05:09 in ALL ACCESS Gameplay Technical Issues Bugs
Oh and this is my HiJack thing lol:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:12:36, on 08/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Donny\My Documents\Downloads\CohHelper.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvdirect.iamwired.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tracking.gajmp.com/click.trac...242269&SID=105
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: everyflv - {deec05c7-b799-232e-0513-03066e5187e2} - C:\WINDOWS\system32\_-igyv.dll
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 5864 bytes
A Fishy Tale: Arc ID: 334602
Co-Leader of the CREE
http://boards.cityofheroes.com/showthread.php?t=254005 when I can be bothered.
Try upgrading both your sound and video drivers.
You're on the old 197.45's
Current version is 257.21.
Your Creative soundcard appears to be roughly 4 years out of date driver-wise.
And your Realtek sound device appears to have a corrupted driver date.
Any one of these things could be contributing to your issues.
Moreover, you've got 1GB of RAM. It's quite possible, with the memory leaks in the client, that you're overrunning your system.
You may want to think about putting more memory in.
Here's a link to the Crucial.com page showing how much and what type of memory you can place in your system.
Clicking on the linked image above will take you off the City of Heroes site. However, the guides will be linked back here.
You also may want to go into your Device Manager (doing it at the BIOS level is better, if you know how, and if your particular BIOS supports turning it off there) and disable the RealTek on-board sound, since you are running a seperate Sound Blaster card.
6000+ levels gained and 8 level 50's
Hello, my name is Soulwind and I have Alt-Itis.
I'll also bring up this entry from your HJT log:
O2 - BHO: everyflv - {deec05c7-b799-232e-0513-03066e5187e2} - C:\WINDOWS\system32\_-igyv.dll
I've no idea what that is and the filename just looks suspicious to me. Anyone know what that is?
It is known that there are an infinite number of worlds, simply because there is an infinite amount of space for them to be in. However, not every one of them is inhabited. Therefore, there must be a finite number of inhabited worlds. Any finite number divided by infinity is as near to nothing as makes no odds, so the average population of all the planets in the Universe can be said to be zero. From this it follows that the population of the whole Universe is also zero, and that any people you may meet from time to time are merely the products of a deranged imagination.
There is a very very good chance that it's the low memory. Only having 1 gig can cause stability problems, most often while zoning. In addition to that you are using Symantec as your antivirus. Symantec is a memory hog. Even when idle it uses more memory than it should and when the rtvscan kicks in it bullies other programs off into the corner while it grabs up every bit of available memory.
Don't count your weasels before they pop dink!
Quote:
LOL! The VERY first link in reference to _igyv.dll on Google links right back to this thread!|
Originally Posted by Back_Blast
I'll also bring up this entry from your HJT log:
O2 - BHO: everyflv - {deec05c7-b799-232e-0513-03066e5187e2} - C:\WINDOWS\system32\_-igyv.dll I've no idea what that is and the filename just looks suspicious to me. Anyone know what that is? |
The everyflv is some sort of Browser Helper Object (BHO) for playing or possibly recording flv video streams (like YouTube).
Ideally HJT should be run on a freshly booted system or one where all the other apps have been closed down (including web browser windows, etc).
Clicking on the linked image above will take you off the City of Heroes site. However, the guides will be linked back here.
Quote:
That means it's most likely been randomly generated file name, and that's generally only used by malware to hide themselves from when people do a google search for the name. And with a name like that, it looks highly suspicious to begin with (not to mention that 'everyflv' comes up with no decent Google results). Your system is most likely infected with at least one nasty, probably more (where there's one, there's many).|
Originally Posted by Hyperstrike
LOL! The VERY first link in reference to _igyv.dll on Google links right back to this thread!
|
It doesn't help that he's running Symantec AntiVirus, which is legendary for consuming massive amounts of system resources, and as well as being horribly ineffective at catching anything. I'd recommend uninstalling Symantec AntiVirus (hopefully you don't have to go to their website anymore to download the clearner due to Symantec wanting to leave junk around on your system), and installing some other antivirus software (I personally like Avast! and Microsoft's Security Essentials).
Quote:
|
Originally Posted by ShadowNate
;_; ?!?! What the heck is wrong with you, my god, I have never been so confused in my life!
|
Quote:
Yes, you still have to go manually get thier "uninstaller that actually uninstalls" to clean SAV off correctly.|
Originally Posted by Kitsune Knight
That means it's most likely been randomly generated file name, and that's generally only used by malware to hide themselves from when people do a google search for the name. And with a name like that, it looks highly suspicious to begin with (not to mention that 'everyflv' comes up with no decent Google results). Your system is most likely infected with at least one nasty, probably more (where there's one, there's many).
It doesn't help that he's running Symantec AntiVirus, which is legendary for consuming massive amounts of system resources, and as well as being horribly ineffective at catching anything. I'd recommend uninstalling Symantec AntiVirus (hopefully you don't have to go to their website anymore to download the clearner due to Symantec wanting to leave junk around on your system), and installing some other antivirus software (I personally like Avast! and Microsoft's Security Essentials). |
And I agree that it sounds like he's got at least some malware on there.
Probably be best to just put the windows setup disc in, delete the whole partition, and rebuild the drive cleanly. (and then get a REAL AV scanner [avg, avast] and a good malware detector(s) [malwarebytes and spybot s&d])
6000+ levels gained and 8 level 50's
Hello, my name is Soulwind and I have Alt-Itis.
Quote:
Nuke the entire site from orbit. It's the only way to be sure.|
Originally Posted by Soulwind
Probably be best to just put the windows setup disc in, delete the whole partition, and rebuild the drive cleanly. (and then get a REAL AV scanner [avg, avast] and a good malware detector(s) [malwarebytes and spybot s&d])
|
Yeah, the only way to be sure you've cleaned the system (well, 99.9999%... they could still infect the BIOS and other flashable firmware, but that's incredibly rare) is to completely wipe the system and do a fresh install, although that takes some effort to properly backup anything you want to keep, then do a new install, including all the software (plus, lots of people lack the technical skills).
Quote:
|
Originally Posted by ShadowNate
;_; ?!?! What the heck is wrong with you, my god, I have never been so confused in my life!
|
Quote:
Kinda what I was thinking as well but wanted another opinion.
|
Originally Posted by Kitsune Knight
That means it's most likely been randomly generated file name, and that's generally only used by malware to hide themselves from when people do a google search for the name. And with a name like that, it looks highly suspicious to begin with (not to mention that 'everyflv' comes up with no decent Google results). Your system is most likely infected with at least one nasty, probably more (where there's one, there's many).
It doesn't help that he's running Symantec AntiVirus, which is legendary for consuming massive amounts of system resources, and as well as being horribly ineffective at catching anything. I'd recommend uninstalling Symantec AntiVirus (hopefully you don't have to go to their website anymore to download the clearner due to Symantec wanting to leave junk around on your system), and installing some other antivirus software (I personally like Avast! and Microsoft's Security Essentials). |
It is known that there are an infinite number of worlds, simply because there is an infinite amount of space for them to be in. However, not every one of them is inhabited. Therefore, there must be a finite number of inhabited worlds. Any finite number divided by infinity is as near to nothing as makes no odds, so the average population of all the planets in the Universe can be said to be zero. From this it follows that the population of the whole Universe is also zero, and that any people you may meet from time to time are merely the products of a deranged imagination.
Looks like you may be tight on memory with a page file showin 629MB in use. I think there is a "gaming" mode on that antivirus that might help, but some more memory would be nice. http://www.blackviper.com/ is a good site to learn how to disable some services to free up ram if you want to try that route. Are you using Skype while your gaming?
Actually Norton redid their virus engine a couple years ago and it's much less of a memory hog, and I do like their "pulse" feature that gets virus updates as their put out. It's not the smallest footprint AV, but it has gotten much better. I also run MS Security on a diff computer, and it's footprint is pretty small. Interesting link re: AV memory usage ratings.
http://www.raymond.cc/blog/archives/...rity-for-2010/
For a while now my PC has been freezing and sound looping.
I'm a COMPLETE moron when it comes to these things so I was wondering if anyone could help.
I have used CoHhelper and here's the report:
---System information gathered by CoH Helper version 0.2.0.2---
DxDiag gathered at July 8, 2010 13:06 (+01:00)
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_gdr.100216-1514)
System Manufacturer: System manufacturer
System Model: System Product Name
BIOS: Phoenix - AwardBIOS v6.00PG
Central Processor: AMD Sempron(tm) Processor 2800+, MMX, 3DNow
Memory: 1022MB
.Net Memory Report: 590MB out of 1022MB available
Page File: 1830MB (629MB currently in use)
Windows directory location: C:\WINDOWS
DirectX: DirectX 9.0c (4.09.0000.0904)
DirectX Diag version: 5.03.2600.5512 (32-bit version)
Display Notes: No problems found.
Sound Notes: No problems found.
No problems found.
Input Notes: No problems found.
Monitor: Plug and Play Monitor
Monitor's Max Resolution: 1600,1200
Video Device Name: NVIDIA GeForce 7300 GS
Manufacturer / Chip: NVIDIA / GeForce 7300 GS
Video Memory: 512.0 MB
Driver Version: 6.14.0011.9745
Driver Date: 04/03/2010 23:55:31
Driver Language: English
Sound Device Description: SB Audigy 4 [9F00]
Driver File: ctaud2k.sys
Driver Version: 5.12.0001.1196
Driver Date: 08/11/2006 14:45:38
Sound Device Description: Realtek HD Audio output
Driver File: RtkHDAud.sys
Driver Version: 5.10.0000.6050
Driver Date: 01/01/0001 00:00:00
WMI Information
Motherboard Manufacturer: ASUSTek Computer INC.
Motherboard Model: (empty)
Motherboard Product: K8V-XE
Motherboard Version: 1.XX
BIOS Manufacturer: Phoenix Technologies, LTD
BIOS Name: Phoenix - AwardBIOS v6.00PG
BIOS Version: K8T890 - 42302e31
BIOS Release: 20060302000000.000000+000
PLS help :'(
A Fishy Tale: Arc ID: 334602
Co-Leader of the CREE
http://boards.cityofheroes.com/showthread.php?t=254005 when I can be bothered.