HiJackThis Log

[abf83]

I dont know if this is where I should post this...

But we have Charter 3 meg service and have been getting very slow speeds around 0.5 and 0.6 megs.

Spent hours on the phone with them... blah blah blah.. they think it might be spyware.

Spybot, AdAware, MS Anti Spyware and the scan on PCPitStop all came up clean.

Virus scan came up clean too.

So just to make sure, could someone look at my HJT log?  Thanks... 

Logfile of HijackThis v1.99.1

Scan saved at 10:03:13 PM, on 9/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:Program FilesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe

C:Program FilesCreativeSBAudigy2ZSDVDAudioCTDVDDET.EXE

C:WINDOWSsystem32CTHELPER.EXE

C:PROGRA~1mcafee.comagentmcagent.exe

C:Program FilesMcAfee.comVSOmcvsshld.exe

C:PROGRA~1McAfeeSPAMKI~1MSKAgent.exe

c:progra~1mcafee.comvsomcvsescn.exe

C:Program FilesMcAfee.comVSOoasclnt.exe

C:PROGRA~1McAfee.comPERSON~1MpfTray.exe

C:WINDOWSsystem32ctfmon.exe

C:WINDOWSsystem32CTsvcCDA.EXE

c:program filesmcafee.comagentmcdetect.exe

C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe

c:PROGRA~1mcafee.comvsomcshield.exe

c:PROGRA~1mcafee.comagentmctskshd.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:PROGRA~1McAfee.comPERSON~1MpfService.exe

C:PROGRA~1McAfeeSPAMKI~1MSKSrvr.exe

C:WINDOWSsystem32svchost.exe

C:HJTHijackThis.exe

C:WINDOWSsystem32wuauclt.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://dellnet.msn.com/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.dell4me.com/myway

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.dell4me.com/myway

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll

O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:program filesmcafeespamkillermcapfbho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll

O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe /r

O4 - HKLM..Run: [CTDVDDET] "C:Program FilesCreativeSBAudigy2ZSDVDAudioCTDVDDET.EXE"

O4 - HKLM..Run: [CTHelper] CTHELPER.EXE

O4 - HKLM..Run: [updReg] C:WINDOWSUpdReg.EXE

O4 - HKLM..Run: [VSOCheckTask] "C:PROGRA~1McAfee.comVSOmcmnhdlr.exe" /checktask

O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe

O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentMcUpdate.exe

O4 - HKLM..Run: [VirusScan Online] C:Program FilesMcAfee.comVSOmcvsshld.exe

O4 - HKLM..Run: [MSKAGENTEXE] C:PROGRA~1McAfeeSPAMKI~1MskAgent.exe

O4 - HKLM..Run: [MSKDetectorExe] C:PROGRA~1McAfeeSPAMKI~1MSKDetct.exe /startup

O4 - HKLM..Run: [OASClnt] C:Program FilesMcAfee.comVSOoasclnt.exe

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [MPFExe] C:PROGRA~1McAfee.comPERSON~1MpfTray.exe

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [MSKAGENTEXE] C:PROGRA~1McAfeeSPAMKI~1MSKAgent.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O8 - Extra context menu item: &Google Search - res://c:program filesgoogleGoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:program filesgoogleGoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:program filesgoogleGoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:program filesgoogleGoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:program filesgoogleGoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03binnpjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03binnpjpi142_03.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:program filesmcafeespamkillermcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:program filesmcafeespamkillermcapfbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:WINDOWSSYSTEM32ati2sgag.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:program filesmcafee.comagentmcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:PROGRA~1mcafee.comvsomcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:PROGRA~1mcafee.comagentmctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:PROGRA~1McAfee.comPERSON~1MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:PROGRA~1McAfeeSPAMKI~1MSKSrvr.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel

[Swimmer]

It look good to me.. try booting into safe mode.. and running a scan.. that should clear up just about any spyware issues.. You have a fairly good antivirus, firewall, and spyware set up..

It might be just network traffic.. I Roadrunner might doing some maintainance on your node...  Give it a few days and if it is still a problem.. then call your ISP... have they had you run a tracert to here?

[resopalrabotnick]

i just scanned over it and saw the entry popcaploader.

[netmasta]

Try copying your log to this analizer. It seems to work pretty good. It will tell you what you should delete.

[Swimmer]

that is helpful!