Please help.

MCpoolish · Post by **MCpoolish** » Wed Apr 21, 2010 6:27 am

Can you tell me if my PC is in a good condition or malware free?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:26:03 PM, on 4/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.goodmima.cn/nod32id/nod32-47.html
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" /S
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [mssysfs] C:\WINDOWS\system32\ojvlaanq.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1521574390
O21 - SSODL: wVuIpjysuFCxVvPrc - {1862A153-B2C8-0BF9-F7CC-FC1655C7537B} - C:\WINDOWS\system32\cviyc.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Vipre Trial Reset (.vipre_reset) - Unknown owner - C:\Program Files\Vipre_Reset.exe (file missing)
O23 - Service: Cacheman Service (CachemanService) - Unknown owner - C:\Program Files\Cacheman\CachemanServ.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5152 bytes

MCpoolish · Post by **MCpoolish** » Wed Apr 21, 2010 7:32 am

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\mirmo>tracert http://www.yahoo.com

Tracing route to any-fp.wa1.b.yahoo.com [209.191.122.70]
over a maximum of 30 hops:

1 * * * Request timed out.
2 28 ms 17 ms 24 ms 203.87.204.69
3 15 ms 17 ms 24 ms 121.1.4.241
4 17 ms 22 ms 20 ms 121.54.9.154
5 20 ms 22 ms 19 ms 203.87.132.126
6 24 ms 16 ms 32 ms 203.111.226.41
7 19 ms 16 ms 12 ms 119.92.129.109.static.pldt.net [119.92.129.109]

8 24 ms 22 ms 36 ms 58.71.0.158
9 234 ms 204 ms 247 ms if-15-0.mcore3.laa-losangeles.as6453.net [216.6.
84.25]
10 262 ms 257 ms 292 ms if-3-0-0-926.core1.dtx-dallas.as6453.net [216.6.
53.21]
11 293 ms 299 ms 289 ms ix-5-0.core1.dtx-dallas.as6453.net [216.6.53.2]

12 334 ms 362 ms 319 ms ae2-p100.msr1.mud.yahoo.com [216.115.104.105]
13 279 ms 277 ms 279 ms te-9-2.fab1-a-gdc.mud.yahoo.com [209.191.78.151]

14 306 ms 314 ms 342 ms UNKNOWN-209-191-78-175.yahoo.com [209.191.78.175
]
15 273 ms 286 ms 323 ms ir1.fp.vip.mud.yahoo.com [209.191.122.70]

Trace complete.

C:\Documents and Settings\mirmo>

Speed paying for: 1mbps

MCpoolish · Post by **MCpoolish** » Wed Apr 21, 2010 7:38 am

Problem is that the ping goes too high.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\mirmo>tracert http://www.yahoo.com

Tracing route to any-fp.wa1.b.yahoo.com [209.191.122.70]
over a maximum of 30 hops:

1 * * * Request timed out.
2 250 ms 192 ms 249 ms 203.87.204.69
3 137 ms 199 ms 84 ms 121.1.4.241
4 179 ms 202 ms 257 ms 121.54.9.154
5 239 ms 197 ms 202 ms 203.111.226.42
6 156 ms 151 ms 131 ms 203.111.226.41
7 187 ms 132 ms 44 ms 119.92.129.109.static.pldt.net [119.92.129.109]

8 138 ms 73 ms 179 ms 58.71.0.158
9 211 ms 215 ms 226 ms if-15-0.mcore3.laa-losangeles.as6453.net [216.6.
84.25]
10 284 ms 342 ms 336 ms if-3-0-0-926.core1.DTX-Dallas.as6453.net [216.6.
53.21]
11 449 ms 434 ms 378 ms ix-5-0.core1.dtx-dallas.as6453.net [216.6.53.2]

12 460 ms 471 ms 431 ms ae2-p100.msr1.mud.yahoo.com [216.115.104.105]
13 511 ms 454 ms 367 ms te-9-2.fab1-a-gdc.mud.yahoo.com [209.191.78.151]

14 395 ms 489 ms 432 ms UNKNOWN-209-191-78-175.yahoo.com [209.191.78.175
]
15 514 ms * 439 ms ir1.fp.vip.mud.yahoo.com [209.191.122.70]

Trace complete.

C:\Documents and Settings\mirmo>

Rollingstone · Post by **Rollingstone** » Wed Apr 21, 2010 8:57 am

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

Fix it by Hijackthis !

akbarri · Post by **akbarri** » Wed Apr 21, 2010 9:53 am

Fix it

MCpoolish wrote: O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [mssysfs] C:\WINDOWS\system32\ojvlaanq.exe
O21 - SSODL: wVuIpjysuFCxVvPrc - {1862A153-B2C8-0BF9-F7CC-FC1655C7537B} - C:\WINDOWS\system32\cviyc.dll
O23 - Service: Vipre Trial Reset (.vipre_reset) - Unknown owner - C:\Program Files\Vipre_Reset.exe (file missing)
O23 - Service: Cacheman Service (CachemanService) - Unknown owner - C:\Program Files\Cacheman\CachemanServ.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

MCpoolish · Post by **MCpoolish** » Wed Apr 21, 2010 3:27 pm

Sorry wrong info on Speed pay for. It is 2mbps.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:21:26 AM, on 4/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster 2009\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4534 bytes

http://www.speedtest.net/result/789891268.png
http://www.speedtest.net/result/789893459.png
http://www.speedtest.net/result/789894891.png

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Home>tracert http://www.yahoo.com

Tracing route to any-fp.wa1.b.yahoo.com [209.191.122.70]
over a maximum of 30 hops:

1 * * * Request timed out.
2 51 ms 19 ms 19 ms 203.87.204.69
3 19 ms 21 ms 20 ms 121.1.4.241
4 11 ms 19 ms 19 ms 121.54.9.154
5 14 ms 17 ms * 203.87.132.130
6 21 ms 19 ms 19 ms 203.111.226.41
7 18 ms 24 ms 16 ms 119.92.129.109.static.pldt.net [119.92.129.109]

8 50 ms 14 ms 15 ms 58.71.0.158
9 206 ms * 433 ms if-15-0.mcore3.LAA-LosAngeles.as6453.net [216.6.
84.25]
10 680 ms 580 ms 609 ms if-3-0-0-926.core1.DTX-Dallas.as6453.net [216.6.
53.21]
11 523 ms 394 ms 682 ms ix-5-0.core1.DTX-Dallas.as6453.net [216.6.53.2]

12 824 ms 783 ms 899 ms ae2-p100.msr1.mud.yahoo.com [216.115.104.105]
13 384 ms 379 ms 377 ms te-9-2.fab1-a-gdc.mud.yahoo.com [209.191.78.151]

14 395 ms 402 ms 387 ms UNKNOWN-209-191-78-175.yahoo.com [209.191.78.175
]
15 379 ms 387 ms 397 ms ir1.fp.vip.mud.yahoo.com [209.191.122.70]

Trace complete.

C:\Documents and Settings\Home>

« SpeedGuide.net TCP Analyzer Results »
Tested on: 04.21.2010 15:25
IP address: 203.87.xxx.xx
Client OS: Windows XP

TCP options string: 020405b401010402
MSS: 1460
MTU: 1500
TCP Window: 17520 (multiple of MSS)
RWIN Scaling: 0 bits
Unscaled RWIN : 17520
Recommended RWINs: 64240, 128480, 256960, 513920, 1027840
BDP limit (200ms): 701kbps (88KBytes/s)
BDP limit (500ms): 280kbps (35KBytes/s)
MTU Discovery: ON
TTL: 107
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)

Rollingstone · Post by **Rollingstone** » Wed Apr 21, 2010 9:26 pm

How to read tracert :

Hop 1 : shows signals between modem & PC, It should be 1ms 1ms 1ms ! Higher or occur * or Request timed out=> not good !

Hop 2: shows signals between modem & ISP It should range from 10 to 40 ms ! Higher or occur * or Request timed out => not good !

From Hop 3 to trace complete : ISP Network Signals, * or Request timed out => Not Good !

How to fix Hop 1 & 2 issue :

+Turn off modem/router for 10 minutes, relocate them to some place that are a few feet away from ALL other electrical devices, including apart from each other.Also, make sure you do not coil up any excess length of signal or power cables.

Then do a tracert again ! Hope this helps !

If not :

Do a full scan for malware/spyware with :

Ad-aware
Spybot Search & Destroy
Superantispyware

Try the following with TCP Optimizer:

General Settings tab:
Custom settings - check
Modify All Network Adapters - check
network adapter selection - your NIC
MTU - 1500
TTL - 64
Windows Scaling - check
TCP Receive Window - 64240
MTU Discovery - Yes
Black Hole Detect - No
Selective Acks - Yes
Max Duplicate ACKs - 2
TCP 1323 Options:
Timestamps - uncheck

Advanced Settings tab:
Max Connections per Server - 10
Max Connections per 1.0 Server - 10
LocalPriority - 5
Host Priority - 6
DNSPriority - 7
NetbtPriority - 8
Lan Browsing speedup - optimized
QoS: NonBestEffortLimit - 0
ToS: DisableUserTOSSetting - 0
ToS: DefaultTOSValue - 0
MaxNegativeCacheTtl - 0
NetFailureCacheTime - 0
NegativeSOACache Time - 0
LAN Request Buffer Size - 32768

MCpoolish · Post by **MCpoolish** » Thu Apr 22, 2010 10:37 pm

1.Sorry but I don't have modem. I'm using a wireless connection w/ Canopy SM. Don't know now but seems that i can't even access by now my Canopy SM settings. Seems that the Base station here is upgrading. Not sure yet. That's why maybe i got a * in hop 1.

2.Done scanning my Comp. using Super Antispyware and Spybot and also Malwarebytes.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:40 AM, on 4/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Pale Moon project\palemoon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5225 bytes

« SpeedGuide.net TCP Analyzer Results »
Tested on: 04.22.2010 22:42
IP address: 203.87.xxx.xx
Client OS: Windows XP

TCP options string: 020405b401010402
MSS: 1460
MTU: 1500
TCP Window: 64240 (multiple of MSS)
RWIN Scaling: 0 bits
Unscaled RWIN : 64240
Recommended RWINs: 64240, 128480, 256960, 513920, 1027840
BDP limit (200ms): 2570kbps (321KBytes/s)
BDP limit (500ms): 1028kbps (128KBytes/s)
MTU Discovery: ON
TTL: 43
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)

Speedtest:
0.05 MB down
0.02 MB up

Seems so strange now. My speed never drops like that before.

Rollingstone · Post by **Rollingstone** » Fri Apr 23, 2010 1:03 am

HJT log looks OK !

Seems so strange now. My speed never drops like that before.

Cuz :

1.Sorry but I don't have modem. I'm using a wireless connection w/ Canopy SM. Don't know now but seems that i can't even access by now my Canopy SM settings. Seems that the Base station here is upgrading. Not sure yet. That's why maybe i got a * in hop 1.

MCpoolish · Post by **MCpoolish** » Fri Apr 23, 2010 5:23 am

well then I'll update this thread when the the upgrade is done. Thanks for the help Rollingstone. such a Great guy and community