Jump to content

HELP!!!!!!!!!!!!!!!!!!!


Recommended Posts

ok here's what hijack this logged:

Windows XP sp2

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSSYSTEM32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesTGTSoftStyleXPStyleXPService.exe

C:WINDOWSSYSTEM32Ati2evxx.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

D:Program FilesF-Secure Internet SecurityAnti-Virusfsgk32st.exe

D:Program FilesF-Secure Internet SecurityAnti-VirusFSGK32.EXE

D:Program FilesF-Secure Internet SecurityCommonFSMA32.EXE

C:WINDOWSSystem32svchost.exe

D:Program FilesF-Secure Internet SecurityAnti-Virusfssm32.exe

D:Program FilesF-Secure Internet SecurityCommonFSMB32.EXE

D:Program FilesF-Secure Internet SecurityCommonFCH32.EXE

D:Program FilesF-Secure Internet SecurityCommonFAMEH32.EXE

D:Program FilesF-Secure Internet SecurityFWESProgramfsdfwd.exe

D:Program FilesF-Secure Internet SecurityFSPCfspc.exe

C:WINDOWSsystem32ctfmon.exe

D:Program FilesElaborate BytesVirtualCloneDriveVCDDaemon.exe

C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe

D:Program FilesF-Secure Internet SecurityCommonFSM32.EXE

D:Program FilesF-Secure Internet SecurityAnti-Virusfsav32.exe

D:Program FilesWinampwinampa.exe

C:Program FilesBOINCboincmgr.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesMemTurbo30MemTurbo.exe

D:Program FilesF-Secure Internet SecurityFSGUIfsguiexe.exe

C:Program FilesBOINCboinc.exe

C:Program FilesBOINCprojectssetiathome.berkeley.edusetiathome_4.09_windows_intelx86.exe

C:Program FilesInternet Exploreriexplore.exe

D:Temp2HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://neworleans.cox.net/cci/home

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = KroniK's Internet Explorer

F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.bellsouth.net/s/s.dll?spage=hb/index.htm#"); (C:Documents and Settings`KroniKApplication DataMozillaProfilesdefaultkpk74zsc.sltprefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:Documents and Settings`KroniKApplication DataMozillaProfilesdefaultkpk74zsc.sltprefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll

O4 - HKLM..Run: [VirtualCloneDrive] "D:Program FilesElaborate BytesVirtualCloneDriveVCDDaemon.exe" /s

O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe

O4 - HKLM..Run: [F-Secure Manager] "D:Program FilesF-Secure Internet SecurityCommonFSM32.EXE" /splash

O4 - HKLM..Run: [F-Secure TNB] "D:Program FilesF-Secure Internet SecurityTNBTNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM..Run: [F-Secure Startup Wizard] "D:Program FilesF-Secure Internet SecurityFSGUIFSSW.EXE" /reboot

O4 - HKLM..Run: [WinampAgent] D:Program FilesWinampwinampa.exe

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - Startup: MemTurbo.lnk = C:Program FilesMemTurbo30MemTurbo.exe

O4 - Global Startup: BOINC Manager.lnk = C:Program FilesBOINCboincmgr.exe

O8 - Extra context menu item: &Google Search - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_01binnpjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_01binnpjpi150_01.dll

O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:Program FilesF-Secure Internet SecurityFSPCfspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:Program FilesF-Secure Internet SecurityFSPCfspcmsie.dll

O9 - Extra 'Tools' menuitem: Show website &list - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:Program FilesF-Secure Internet SecurityFSPCfspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - D:Program FilesF-Secure Internet SecurityFSPCfspcmsie.dll

O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - D:Program FilesF-Secure Internet SecurityFSPCfspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - D:Program FilesF-Secure Internet SecurityFSPCfspcmsie.dll

O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - D:Program FilesF-Secure Internet SecurityFSPCfspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - D:Program FilesF-Secure Internet SecurityFSPCfspcmsie.dll

O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - D:Program FilesF-Secure Internet SecurityFSPCfspcmsie.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:WINDOWSSystem32shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:WINDOWSSystem32shdocvw.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe

O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:PROGRA~1F-SecureBackWeb7681197ProgramSERVIC~1.EXE

O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:Program FilesF-SecureBackWeb7681197Programfsbwlan.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - D:Program FilesF-Secure Internet SecurityAnti-Virusfsgk32st.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:Program FilesF-Secure Internet SecurityFWESProgramfsdfwd.exe

O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:Program FilesF-Secure Internet SecurityFSPCfshttpsfshttps.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:Program FilesF-Secure Internet SecurityCommonFSMA32.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

O23 - Service: StyleXPService - Unknown owner - C:Program FilesTGTSoftStyleXPStyleXPService.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe

Here's my Download test:

:::.. Download Stats ..:::

Connection is:: 1410 Kbps about 1.4 Mbps (tested with 1496 kB)

Download Speed is:: 172 kB/s

Tested From:: https://testmy.net/ (server2)

Test Time:: Fri Jun 10 23:37:13 CDT 2005

Bottom Line:: 25X faster than 56K 1MB download in 5.95 sec

Diagnosis: May need help : running at only 44.45 % of your hosts average (cox.net)

Validation Link:: https://testmy.net/stats/id-4C5O78BTQ

Here's my upload test:

:::.. Upload Stats ..:::

Connection is:: 439 Kbps about 0.4 Mbps (tested with 579 kB)

Upload Speed is:: 54 kB/s

Tested From:: https://testmy.net/ (server1)

Test Time:: Sat Jun 11 00:21:50 CDT 2005

Bottom Line:: 8X faster than 56K 1MB upload in 18.96 sec

Diagnosis: Looks Great : 16.14 % faster than the average for host (cox.net)

Validation Link:: https://testmy.net/stats/id-U3RNX9PBA

Share this post


Link to post
Share on other sites
Guest helloimtim

This usually gets people excited. Im telling ya. I have NO experience reading hijack this logs. But here is what you can do. I have done this countless times and my computer has never crashed...blown up......took my truck for a joy ride.........ok the joy ride was a bit much bur really these sites are pretty dead on right and safe........they read hijack this logs..... http://www.help2go.com/modules.php?name=HJTDetective  and or http://www.hijackthis.de/ if you need a bit of info on how to run hijack this give a shout.

Share this post


Link to post
Share on other sites

yes, my wifes computer is on the same cable and modem via router, i was getting the same connection as hers 4.1 MB then all of a sudden I wasnt, cant figure out why, I have Both Spybot S&D and Adware SE both find nothing I have no known virus' according to F-Secure Internet Seciurity Pro. I have the latest drivers for my NIC card all the updates for windows. here's what the TCP/IP analizer came up with:

TCP options string = 020405b40103030301010402

MTU = 1500

MTU is fully optimized for broadband.

MSS = 1460

Maximum useful data in each packet = 1460, which equals MSS.

Default Receive Window (RWIN) = 512000

RWIN Scaling (RFC1323) = 3 bits (scale factor of 6)

Unscaled Receive Window = 64000

For optimum performance, consider changing RWIN to a multiple of MSS.

Other values for RWIN that might work well with your current MTU/MSS:

513920 (MSS x 44 * scale factor of 8)

256960 (MSS x 44 * scale factor of 4)

128480 (MSS x 44 * scale factor of 2)

64240 (MSS x 44) 

bandwidth * delay product (Note this is not a speed test):

Your RcvWindow limits you to: 20480 kbps (2560 KBytes/s) @ 200ms

Your RcvWindow limits you to: 8192 kbps (1024 KBytes/s) @ 500ms

MTU Discovery (RFC1191) = OFF

Time to live left = 54 hops

TTL value is ok.

Timestamps (RFC1323) = OFF

Selective Acknowledgements (RFC2018) = ON

IP type of service field (RFC1349) = 00000000 (0)

Share this post


Link to post
Share on other sites
Guest helloimtim

Have you considerd that your computer is just evil??  :D  Have you tried to switch your computer. If your wife is getting the speeds have you tried to just put your computer on her connection to see what would happen? Could be you just have a bad wire or connection. Give that a shot. Hook your computer into her connection useing her wires and everything.

Share this post


Link to post
Share on other sites

holy crap! I fixed it.........you'll never believe what did it. lol I feel so stupid. Well, first I reset my TCPIP that didnt work. then I unplugged my modem and router for about a minute or two and ......wel....... here's the results:

:::.. Download Stats ..:::

Connection is:: 3800 Kbps about 3.8 Mbps (tested with 2992 kB)

Download Speed is:: 464 kB/s

Tested From:: https://testmy.net/ (server2)

Test Time:: Sat Jun 11 14:26:31 CDT 2005

Bottom Line:: 68X faster than 56K 1MB download in 2.21 sec

Diagnosis: Looks Great : 19.87 % faster than the average for host (cox.net)

Validation Link:: https://testmy.net/stats/id-UP98M0G4V

:::.. Upload Stats ..:::

Connection is:: 518 Kbps about 0.5 Mbps (tested with 579 kB)

Upload Speed is:: 63 kB/s

Tested From:: https://testmy.net/ (server1)

Test Time:: Sat Jun 11 14:29:38 CDT 2005

Bottom Line:: 9X faster than 56K 1MB upload in 16.25 sec

Diagnosis: Awesome! 20% + : 37.04 % faster than the average for host (cox.net)

Validation Link:: https://testmy.net/stats/id-4M80ZOHN7

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...