abf83 Posted September 12, 2005 CID Share Posted September 12, 2005 I dont know if this is where I should post this... But we have Charter 3 meg service and have been getting very slow speeds around 0.5 and 0.6 megs. Spent hours on the phone with them... blah blah blah.. they think it might be spyware. Spybot, AdAware, MS Anti Spyware and the scan on PCPitStop all came up clean. Virus scan came up clean too. So just to make sure, could someone look at my HJT log? Thanks... Logfile of HijackThis v1.99.1 Scan saved at 10:03:13 PM, on 9/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:Program FilesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe C:Program FilesCreativeSBAudigy2ZSDVDAudioCTDVDDET.EXE C:WINDOWSsystem32CTHELPER.EXE C:PROGRA~1mcafee.comagentmcagent.exe C:Program FilesMcAfee.comVSOmcvsshld.exe C:PROGRA~1McAfeeSPAMKI~1MSKAgent.exe c:progra~1mcafee.comvsomcvsescn.exe C:Program FilesMcAfee.comVSOoasclnt.exe C:PROGRA~1McAfee.comPERSON~1MpfTray.exe C:WINDOWSsystem32ctfmon.exe C:WINDOWSsystem32CTsvcCDA.EXE c:program filesmcafee.comagentmcdetect.exe C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe c:PROGRA~1mcafee.comvsomcshield.exe c:PROGRA~1mcafee.comagentmctskshd.exe C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE C:PROGRA~1McAfee.comPERSON~1MpfService.exe C:PROGRA~1McAfeeSPAMKI~1MSKSrvr.exe C:WINDOWSsystem32svchost.exe C:HJTHijackThis.exe C:WINDOWSsystem32wuauclt.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://dellnet.msn.com/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.dell4me.com/myway R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:program filesmcafeespamkillermcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe /r O4 - HKLM..Run: [CTDVDDET] "C:Program FilesCreativeSBAudigy2ZSDVDAudioCTDVDDET.EXE" O4 - HKLM..Run: [CTHelper] CTHELPER.EXE O4 - HKLM..Run: [updReg] C:WINDOWSUpdReg.EXE O4 - HKLM..Run: [VSOCheckTask] "C:PROGRA~1McAfee.comVSOmcmnhdlr.exe" /checktask O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentMcUpdate.exe O4 - HKLM..Run: [VirusScan Online] C:Program FilesMcAfee.comVSOmcvsshld.exe O4 - HKLM..Run: [MSKAGENTEXE] C:PROGRA~1McAfeeSPAMKI~1MskAgent.exe O4 - HKLM..Run: [MSKDetectorExe] C:PROGRA~1McAfeeSPAMKI~1MSKDetct.exe /startup O4 - HKLM..Run: [OASClnt] C:Program FilesMcAfee.comVSOoasclnt.exe O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [MPFExe] C:PROGRA~1McAfee.comPERSON~1MpfTray.exe O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MSKAGENTEXE] C:PROGRA~1McAfeeSPAMKI~1MSKAgent.exe O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O8 - Extra context menu item: &Google Search - res://c:program filesgoogleGoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:program filesgoogleGoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:program filesgoogleGoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:program filesgoogleGoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:program filesgoogleGoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03binnpjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_03binnpjpi142_03.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:program filesmcafeespamkillermcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:program filesmcafeespamkillermcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:WINDOWSSYSTEM32ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:program filesmcafee.comagentmcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:PROGRA~1mcafee.comvsomcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:PROGRA~1mcafee.comagentmctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:PROGRA~1McAfee.comPERSON~1MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:PROGRA~1McAfeeSPAMKI~1MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel Quote Link to comment https://testmy.net/ipb/topic/7657-hijackthis-log/ Share on other sites More sharing options...
Swimmer Posted September 12, 2005 CID Share Posted September 12, 2005 It look good to me.. try booting into safe mode.. and running a scan.. that should clear up just about any spyware issues.. You have a fairly good antivirus, firewall, and spyware set up.. It might be just network traffic.. I Roadrunner might doing some maintainance on your node... Give it a few days and if it is still a problem.. then call your ISP... have they had you run a tracert to here? Quote Link to comment https://testmy.net/ipb/topic/7657-hijackthis-log/#findComment-79275 Share on other sites More sharing options...
resopalrabotnick Posted September 12, 2005 CID Share Posted September 12, 2005 i just scanned over it and saw the entry popcaploader. Quote Link to comment https://testmy.net/ipb/topic/7657-hijackthis-log/#findComment-79282 Share on other sites More sharing options...
netmasta Posted September 12, 2005 CID Share Posted September 12, 2005 Try copying your log to this analizer. It seems to work pretty good. It will tell you what you should delete. Quote Link to comment https://testmy.net/ipb/topic/7657-hijackthis-log/#findComment-79306 Share on other sites More sharing options...
Swimmer Posted September 12, 2005 CID Share Posted September 12, 2005 that is helpful! Quote Link to comment https://testmy.net/ipb/topic/7657-hijackthis-log/#findComment-79382 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.