| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 77508 | 2007-03-12 05:36:00 | sudden losses of internet connections and overall slowdown | gnawing (11992) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 532320 | 2007-03-12 05:36:00 | recently my computer has slowed down alot and i keep dropping internet connections... do i have something bad? Logfile of HijackThis v1.99.1 Scan saved at 1:31:41 AM, on 3/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\Program Files\SafeTweak XP\stxptray.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\clipsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\DfrgNtfs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Mindy\My Documents\my downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.boston.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [RegDoctor] C:\Program Files\RegDoctor\RegDoctor.exe -Quick O4 - HKLM\..\Run: [stxptray] C:\Program Files\SafeTweak XP\stxptray.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Mindy\My Documents\my downloads\HijackThis.exe /startupscan O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{6DD11F9B-88A6-475F-9DC1-43EC0B583B0C}: NameServer = 85.255.114.86,85.255.114.85 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe |
gnawing (11992) | ||
| 532321 | 2007-03-12 07:25:00 | Your HJ log Looks fine Speedy will probably give you a more in-depth analysis You seem to have a lot of programs loading at start up, I would recomend that you disable a few, which will help a bit. Like Quicktime, Adobe, iTunes, Registry Booster, RegDoctor, WinPatrol Also I would remove O4 - HKLM\..\Run: [stxptray] C:\Program Files\SafeTweak XP\stxptray.exe |
radium (8645) | ||
| 532322 | 2007-03-12 08:03:00 | Are u in Ukraine? Or New Zealand gnawing?? Unzip the HJT zipped file and put it in its own folder, then run it c;lick on scan and save a log. Then tick these entries and tick fix checked. Close browser/s. O4 - HKLM\..\Run: [RegDoctor] C:\Program Files\RegDoctor\RegDoctor.exe -Quick - I would uninstall this O4 - HKLM\..\Run: [stxptray] C:\Program Files\SafeTweak XP\stxptray.exe - And uninstall this O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S - And uninstall this R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore Dont remove that WGA entry leave it there. Also get trojan remover in my sig below install run click on scan. Then select the 3rd - 7th option in the utilities menu. |
Speedy Gonzales (78) | ||
| 532323 | 2007-03-16 00:01:00 | I'm in Ma, USA....do u think its' a trojan? | gnawing (11992) | ||
| 532324 | 2007-03-16 01:05:00 | Unzip HJT and put it in it own folder first then run it click on scan and save a log. Then tick this entry and tick fix checked. Close browser/s. This looks like its from the Ukraine, which is why I asked if u were there. It maybe a possible hijack. O17 - HKLM\System\CCS\Services\Tcpip\..\{6DD11F9B-88A6-475F-9DC1-43EC0B583B0C}: NameServer = 85.255.114.86,85.255.114.85 Then post another log gnawing. Did u get trojan remover? And do what I posted in the previous post?? I would also get rogueremover, in my sig below, see if that picks anything up. |
Speedy Gonzales (78) | ||
| 532325 | 2007-03-16 09:13:00 | Unzip HJT and put it in it own folder first then run it click on scan and save a log. Then tick this entry and tick fix checked. Close browser/s. This looks like its from the Ukraine, which is why I asked if u were there. It maybe a possible hijack. O17 - HKLM\System\CCS\Services\Tcpip\..\{6DD11F9B-88A6-475F-9DC1-43EC0B583B0C}: NameServer = 85.255.114.86,85.255.114.85 Then post another log gnawing. Did u get trojan remover? And do what I posted in the previous post?? I would also get rogueremover, in my sig below, see if that picks anything up. <a href="www.warpspeedhosting.com 11.95 Domain Name Registration</a> |
Binary_bandit (9508) | ||
| 532326 | 2007-03-16 12:13:00 | Heh, when the read the topic title I immediately though "Xtra Go large" I was just on the phone to them yesterday, my internet keeps disconnecting and they monitored it for half a day - a day and they rung back and said "It dropped out 9 times, which IS ACCEPTABLE MY ASS IT IS. Anyway, sorry to kinda steal your thread there. |
--Wolf-- (128) | ||
| 532327 | 2007-03-16 15:14:00 | The Ukraine O_o""" what does that mean???? stupid comcast ><" rougueremover said i'm clean, trojan remover found:says Windows registry atempts to run this program at boot time:(and excuteable file with this name has not been found *it may be hidden*) csxhp.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon Registry value name: system D:\INSTALL\GMSIPCI.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\GMSIPCI\"ImagePath" conclusion: no active malicious files were found and i didn't delete those two yet because i'm not sure how to deal with it..... T_T now my the save log for my hijack this looks like this: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\clipsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.boston.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Mindy\My Documents\my downloads\HijackThis.exe /startupscan O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe :( |
gnawing (11992) | ||
| 532328 | 2007-03-16 17:56:00 | The Ukraine O_o""" what does that mean???? stupid comcast ><" rougueremover said i'm clean Good! I read there is a Ukraine DNS hijacker around somewhere, that may have been what u had. Is the system any faster now? trojan remover found:says Windows registry attempts to run this program at boot time and executable file with this name has not been found *it may be hidden*) csxhp.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon Registry value name: system D:\INSTALL\GMSIPCI.SYS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\GMSIPCI\"ImagePath" conclusion: no active malicious files were found and i didn't delete those two yet because i'm not sure how to deal with it..... T_T It should say something like remove its reference or something. Select this. It'll remove the above entries from the registry, since they both dont exist. Then reboot. The HJT log looks ok now. You can tick this entry in HJT tho, and tick fix checked. Its not nasty but not needed. Close browser/s. Run trojan remover, go to options menu, select the 4th option then ok. O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Mindy\My Documents\my downloads\HijackThis.exe /startupscan |
Speedy Gonzales (78) | ||
| 532329 | 2007-03-18 05:57:00 | TY XD i'm no longer being dropped as much >< stupid comcast but my computer seems to operating much better now ty =) | gnawing (11992) | ||
| 1 2 | |||||