Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this


  • Please log in to reply
20 replies to this topic

#1 mattie

mattie

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 31 January 2005 - 08:54 AM

my pc has been running slow and acting up for a week or two now so i would be greatfull if someone could look at this log and advixe ... ty in advance ..
Logfile of HijackThis v1.98.2
Scan saved at 13:50:42, on 01/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\unzipped\hijackthis_198\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

BC AdBot (Login to Remove)

 


m

#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 31 January 2005 - 01:12 PM

Hi mattie,

HijackThis has been updated since you posted your last log. There are some additional detections that we may need to see. Please delete all copies of HijackThis you have and follow the instructions in this tutorial to install v. 1.99 and please post a new log:
How to submit a Hijackthis Log

I also would like to know if you have installed any software that uses a proxy that you know of. These lines have changed from the logs you posted earlier:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

For my own reference, here are links to your other two threads, which I will be closing now:

http://www.bleepingcomputer.com/forums/ind...wtopic=6444&hl=
http://www.bleepingcomputer.com/forums/ind...wtopic=6799&hl=

BTW, thanks for sticking around BC. :thumbsup:

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#3 mattie

mattie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 31 January 2005 - 02:55 PM

thank for looking at this papakid ;)
the question you have about proxy servers i think is summit to do with the fact that i have got a new modem and changed my connection slightly with my isp.I dont know if you are familiar with ntl but the give you your internet connection through the same set top box that you get your tv channels from,i have done away with the tv and now have a cable modem.I`m pretty sure that ntl use a proxy server (although im not sure what that is exactly ) :thumbsup: i do know i am on a lan connection. any way here is the new log.I have run adaware and spybot s/d: Thanx in advance...

Logfile of HijackThis v1.99.0
Scan saved at 19:42:57, on 01/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\home\LOCALS~1\Temp\Rar$EX00.609\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Virtual NIC Service - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 31 January 2005 - 11:23 PM

Hi mattie,

Doesn't look too bad, but let's see.

First could you please unzip HijackThis? I'm not familiar with the program you're using to extract but HJT is running from a Temp folder and backups will not get made that way. Unzipping is easy with the archiving utility that comes with XP. Please do the following:

1. Double click HijackThis.zip.
2. In the left hand column, click "Extract all Files". The Extraction Wizard will pop
up.
3. Click Next, then Browse.
4. Select Desktop>OK.

That will put HijackThis.exe on your Desktop. You could also just click Next in the extraction wizard and then OK, to extract to the same folder that HijackThis.zip is currently in. But please only run it after it has been extracted.

Scan again with HijackThis. Put a checkmark by these entries, double-checking to be sure that only these entries are checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

Click Fix Checked, close HJT and then REBOOT.

Scan again with HijackThis and then post a new log. Let me know if the PC has gotten any faster or any other problems.

There could be other factors causing slowness. If this fix doesn't help I have some ideas for you to consider. One is that you have a service from Compuserve running. Do you use it? Or did it come already installed on your PC?

Let's see what your next log looks like before we get into that tho.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#5 mattie

mattie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 01 February 2005 - 08:42 AM

ok heres my latest log,and no i dont use compuserve ... :thumbsup:

Logfile of HijackThis v1.99.0
Scan saved at 13:38:14, on 02/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Advanced System Optimizer\adblock.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Paltalk\paltalk.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Documents and Settings\home\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - Default URLSearchHook is missing
O2 - BHO: Local Spool support DLL - {00C9D850-244D-10E1-B3C1-20805E499D95} - C:\WINDOWS\system32\winspl32.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Virtual NIC Service - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 01 February 2005 - 11:22 AM

Hi mattie,

Hmmm, that proxy appears to be a backdoor server. Frankly I'm not familiar with anything but a direct dial-up connection, so I'm going to have to consult with some others on exactly what to do. Here's what I would like for you to do in the meantime.

1. Call your ISP and find out for sure what your proxy settings are supposed to be or if it is required in the first place. You can read this article so you can make some informed inquiries:
http://support.microsoft.com/?kbid=135982

2. I would like for you to submit this file for analysis: winspl32.dll

Please go to BC's Malware Submission page and fill in all the fields.

In the Browse to the file you want to submit: field, copy and paste the following file path:

C:\WINDOWS\system32\winspl32.dll

In the comment field paste in the following bold text.

Requested by Papakid. Please contact him with results.

3. Since you aren't using Compuserve, then you don't need this file running as a service: PackethSvc.exe More info here:
http://www.answersthatwork.com/Tasklist_pages/tasklist_p.htm

As we have little knowledge of this task we cannot make a recommendation about it, except that if you do not use either CompuServe 2000 or AOL, then this task may be running purely because CompuServe 2000 came pre-installed with a new PC/Laptop you bought

Rather than just stopping the service from running, I recommend that you reboot your computer into Safe Mode, go to Add/Remove programs and uninstall Compuserve if it is there. Let me know how that goes and then post another log, please.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#7 mattie

mattie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 05 February 2005 - 06:14 PM

it will not let me submit that file as you asked me to.it keeps saying there was an error? and compuserve does not appear in add/remove programs.

Edited by mattie, 05 February 2005 - 06:18 PM.


#8 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 06 February 2005 - 12:12 PM

it will not let me submit that file as you asked me to.it keeps saying there was an error?

Could you be more specific, please, what kind of error? Could you Copy and Paste the exact error message or type it out if you would be so kind.

Also please post a fresh log.

Edited by Papakid, 06 February 2005 - 12:13 PM.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#9 mattie

mattie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 07 February 2005 - 11:01 AM

There was a problem with your submission. Please Contact Us and let us know the name of the file, the size of the file, and the error code given below.
thats the error im getting when trtin to submit that file. and here is my latest log file:
Logfile of HijackThis v1.99.0
Scan saved at 16:00:52, on 02/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\McAfee\SpamKiller\MSKClnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\home\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - Default URLSearchHook is missing
O2 - BHO: Local Spool support DLL - {00C9D850-244D-10E1-B3C1-20805E499D95} - C:\WINDOWS\system32\winspl32.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CachemanXP - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Virtual NIC Service - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

#10 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 10 February 2005 - 09:16 AM

My apologies for the delay mattie.

Could you just send that file to me, please? Zip it and mail to Papakid at myway.com. To zip it up, right click on the file and choose Send To>>Compressed (zipped) folder.

Scan with HijackThis and put a check next to the following line:

O23 - Service: Virtual NIC Service - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

With all other windows closed, click Fix checked.

Reboot and post a new log please. Let me know if that helped any with the slowness issue.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#11 mattie

mattie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 10 February 2005 - 11:22 AM

My apologies for the delay mattie.

Could you just send that file to me, please?  Zip it and mail to Papakid at myway.com.  To zip it up, right click on the file and choose Send To>>Compressed (zipped) folder.

Scan with HijackThis and put a check next to the following line:

O23 - Service: Virtual NIC Service - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

With all other windows closed, click Fix checked.

Reboot and post a new log please.  Let me know if that helped any with the slowness issue.

i do use aol some times,are you sure i should delete that? and im gonna send that file in a few mins,thnx again for all the help :thumbsup: also papakid would you please give me any info you have about"application layer gateway" ALG for short i have been readibng about it and i see very conflicting info as to weather it is malware or needed,thnx in advance ..

Edited by mattie, 10 February 2005 - 12:13 PM.


#12 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 10 February 2005 - 02:17 PM

Hi mattie,

Thanks for sending the file. It appears to be legit, downloaded with SP2. Why it is starting as a BHO I don't know. Have you installed or reinstalled a printer lately, updated printer software, etc.? I'll see if I can find out some more about that, but let's leave it for now.

also papakid would you please give me any info you have about"application layer gateway" ALG for short i have been readibng about it and i see very conflicting info as to weather it is malware or needed

As long as the file alg.exe is located in the System32 folder it should be left alone. It is more than just the Windows firewall, but also needed when you go to Windows Update.

i do use aol some times,are you sure i should delete that?

It depends on whether you sometimes use AOL to connect to your ISP. You can hold off on using HijackThis to fix it for now if that's the case. Or, if you want to experiment with whether it is needed or not, you can fix it with HijackThis, which will stop the service from running, then try to connect with Compuserve/AOL. If that doesn't work properly, you can restore the service with the HijackThis Backups.

:thumbsup: Open HijackThis>Config...>Backups.
Put a checkmark in the box next to the 023 line>Restore.
Reboot, then test.

Or, probably the safest way to handle it would be to set the service to manual as suggested by Answers That Work. That way it will only start when needed.

Right now, you just have one item in your log that needs to be fixed. Your choice on whether or not to fix the 023. The ProxyServer = localhost:2323 could be used as a backdoor or could be part of your configuration--I still need to know from you if that was set by a System Admin or Isp software before I can recommend whether it be removed or not. So please do this:

Scan with HijackThis, and check the following entry:

R3 - Default URLSearchHook is missing

With all other windows closed, click Fix Checked, close HijackThis, REBOOT, then post a fresh log.

Then we'll see if any malware comes back. I think your slowness comes from other factors and we can work on them next if the next log comes up clean. How much RAM do you have installed?

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#13 mattie

mattie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 11 February 2005 - 10:19 AM

Here is my new log papakid,my lad has been messing with my pc and ive spent all morning trying to log on grrrr@ kids,so if this looks different to the last one its because of that i would guess.I have 256 ram fyi,i know i need to get more.Also i called my isp and asked about the proxy server,they said not a proxy server but a server that i cant remember the name of lol summit begining with d, if you need me to call them again i will ...
Logfile of HijackThis v1.99.0
Scan saved at 15:14:14, on 02/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Documents and Settings\home\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Local Spool support DLL - {00C9D850-244D-10E1-B3C1-20805E499D95} - C:\WINDOWS\system32\winspl32.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Program Files\Advanced System Optimizer\adblock.exe"
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CachemanXP - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: McAfee SecurityCenter Update Manager - Unknown - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee SpamKiller Server - Unknown - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Virtual NIC Service - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Edited by mattie, 11 February 2005 - 11:25 AM.


#14 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 14 February 2005 - 12:13 PM

Hi again mattie. Sorry to be so slow again. Had a long power outage Sat. night and some other problems.

Your lad doesn't seem to have changed anything in the log. :) There are no signs of malware. The only thing I have a question about that might be malware related is the proxy server. Thanks for the info from your ISP--they probably just said that they use their DNS server. I also am wondering if the proxy has been enabled by Bit Tornado and why you have two instances of that running at the same time.

For now do this, please:

Open Internet Explorer>Tools>Internet Options

Under the Connections tab click on the LAN Settings button.

Let me know the following:

:trumpet: 1. Are there checkmarks next to:
:inlove: :flowers: Use a proxy server for your LAN
:cool: :bike: Bypass proxy server for local addresses
:thumbsup: 2. Is anything entered in the Address and Port boxes; if so what?

I'm not familiar with Bit Torrent and Bit Tornado or really any P2P as I've never run those myself. If you or your lad know that BT is using Port 2323 and a proxy, or if you can check that out and let me know, that might help. From what I can tell from descriptions of how BT works, having it constantly running and leaving a port open could be one reason for slowness and if your firewall isn't properly configured could also be a security risk.

256 MB for XP is not bad if you don't use your PC for any resource intensive applications like intense games, videos, etc., or having several apps open on your Task Bar at once, but having a minimum of 512 makes a world of difference. All those speed up and optimizing programs you are running won't be needed if you upgrade your RAM. I've researched those apps on the web and some of them have features that do the same thing. As a rule of thumb, it is not a good idea to have more than one program designed to do the same thing running at the same time, as they might conflict and this also could be a reason for slowness. For example, CachemanXP, SpeedUpMyPC and TuneUp Utilities 2004 have features to optimize RAM/memory. Unless you have these programs configured correctly they could be causing more harm than good. If it were me, I would save the money you may have spent on those apps and put it into getting more RAM.

Also running more than one PopupBlocker is notorious for causing problems and sometimes just running one will. I recommend that if you have the PUB for SP2 running and are using another, that you turn off SP2's. In Internet Options, privacy tab, uncheck Block popups. And turn off any other PUB's and just run the one from Super Ad Blockerô.

Something else I've noticed after taking a closer look at your log:

O23 - Service: McAfee SecurityCenter Update Manager - Unknown - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee SpamKiller Server - Unknown - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)

Are you still using McAfee antivirus and SpamKiller? If not you should uninstall them if possible. The (file missing) could mean they have already been uninstalled and the service is still running, but HijackThis sometimes gives false indications about this. So please do this:

Using My Computer/Windows Explorer, navigate to the following files in bold and tell me if they still exist or not:

C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\McAfee\SPAMKI~1\MSKSrvr.exe >The name of the SPAMKI~1 folder will be Spamkiller something or at least will begin with SPAMKI

Post back with that information and I will give instructions on how to stop these services from running if they are unneeded.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#15 mattie

mattie
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 14 February 2005 - 07:11 PM

Hi papakid,no worries about the time ya take to answer my posts,im going nowhere lol.
first of all i checked my lan settings and none of the boxes are checked there is however an address in the address box it says "local host" and the port number is 2323 but like i said it is not selected so i guess that makes no difference.
Now bt is running for the most part on my pc,i do have it configured on my firewall,and its very possible that i have 2 or 3 different torrents running at the same time.The ports used for this vary immensely,but i have done port scans and they all seem to be blocked or closed to attacks,FYI i do use sygate firewall.As for spam killer which was connected to security center i uninstalled it because it really wasnt that good.
I navigated to the mcafee folder it is there but it is empty,completely empty.
Once again helps for the advice.

Edited by mattie, 14 February 2005 - 07:16 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users