-
Poster
-
-
06-16-2004, 06:31 AM
Software & Hardware -
#2
Poster
try this:
download hijack this here.
extract the program into it's own folder. scan and save a log. post the contents here.
-
-
06-16-2004, 01:35 PM
Software & Hardware -
#3
-
-
06-16-2004, 01:52 PM
Software & Hardware -
#4
AKA jaigandhi5
BT Rep: +7
-
-
06-16-2004, 02:22 PM
Software & Hardware -
#5
Poster
BT Rep: +3
just share everything you've got........... you wont hear us complain
-
-
06-16-2004, 02:26 PM
Software & Hardware -
#6
-
-
06-16-2004, 03:34 PM
Software & Hardware -
#7
Poster
I have DSL, my speed is suppose to be 3mbps DL / 320 Kbps UL
here i took 2 more test, it looks a bit better but my DL speed is still looks wrong
Image Resized
Image Resized
[img]http://img19.imageshack.us/img19/2649/untitled122.jpg' width='200' height='120' border='0' alt='click for full size view'>
if it doesnt work
Image Resized
Image Resized
[img]http://img9.imageshack.us/img9/5398/untitled195.jpg' width='200' height='120' border='0' alt='click for full size view'>
here if it doesnt work
Logfile of HijackThis v1.97.7
Scan saved at 10:35:28 AM, on 6/16/2004
Platform: Windows XP SP1
MSIE: Internet Explorer v6.00 SP1
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\InkSaver\InkSaver.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
C:\Program Files\Sync Manager\agent\syncagent.exe
C:\Documents and Settings\Owner\Local Settings\Temp\FreeRAM XP Pro 1.40.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://start.sympatico.ca/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [InkSaver] C:\Program Files\InkSaver\InkSaver.exe hide
O4 - HKLM\..\Run: [WinPatrol PLUS] C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
O4 - HKLM\..\Run: [Reg Run] C:\WINDOWS\System32\cvhost.exe
O4 - HKLM\..\Run: [Synchronization Agent] C:\Program Files\Sync Manager\agent\syncagent.exe
O4 - HKLM\..\RunServices: [Reg Run] C:\WINDOWS\System32\cvhost.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Owner\Local Settings\Temp\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [Washee] C:\Program Files\Washee\Washee.exe FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime
O4 - HKCU\..\Run: [Reg Run] C:\WINDOWS\System32\cvhost.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Smart Shutdown.lnk = C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe
O8 - Extra context menu item: Add to Ad Hunter - C:\Program Files\MYIE2\config/blacklist.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5A42E51-0BE2-4CFF-AA45-2E0F77FB1F40}:
-
-
06-16-2004, 03:47 PM
Software & Hardware -
#8
-
-
06-16-2004, 04:33 PM
Software & Hardware -
#9
Poster
before fixing anything, please unzip hijack this and place it (the icon with the dynamite) into it's own folder. this is so the backups won't get accidently erased with the temp files.
you seem to have the gaobot virus.
please run this online scan:
http://housecall.trendmicro.com/hous...start_corp.asp
have it fix whatever it finds.
reboot
rescan with hijack this and check the following (if still there) :
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [Reg Run] C:\WINDOWS\System32\cvhost.exe
O4 - HKLM\..\RunServices: [Reg Run] C:\WINDOWS\System32\cvhost.exe
O4 - HKCU\..\Run: [Reg Run] C:\WINDOWS\System32\cvhost.exe
this is optional, but a known resource hog, and not needed for photoshop.
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
this one is very odd:
O4 - HKCU\..\Run: [Washee] C:\Program Files\Washee\Washee.exe FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime FirstTime
especially the firsttime firsttime part. if you know what it is fine, but i would at least like to know the properties of this file. navigate to the file, right click select properties. if it's part of a legit app, fine, but i can't find any information on it, so i would at least for now, fix it.
close all browser windows and hit fix checked.
first check and see if this file still remains after the virus scan, C:\WINDOWS\System32\cvhost.exe
if it does, reboot into safe mode (hit f8 during start) and delete the file.
regarding inksaver: i use the program myself and it doesn't have to be run at startup to work. the settings i use are: having enable ink saver and ask before every print job checked, with the add icon to taskbar at startup-- unchecked. i think it will be better to change it with the program rather than with hijack this, but that's up to you.
can you tell me if you are the administrator of this computer?
-
-
06-16-2004, 06:58 PM
Software & Hardware -
#10
Poster
-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Bookmarks