3 replies to this topic

[alrt]

Hi, I've had problems for a few months now with downloading large files off the internet (like quicktime, etc.) The thing is that the file either won't even start downloading or it will begin to download, be extremely slow and then stop at something around 95%. I have no idea if its my browser (i doubt it though), internet connection, virus or software problem. I have avast and my scans shows up nothing... I brought my computer to my campus' office of information and technology but they had no ideas, but they are pretty incompetent. Any ideas/ solutions? Thank you!

Edited by alrt, 08 November 2007 - 09:32 PM.

[alrt]

Logfile of HijackThis v1.99.1 Scan saved at 10:31:39 PM, on 11/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\ALBERT~1\LOCALS~1\Temp\zauninst.exe C:\DOCUME~1\ALBERT~1\LOCALS~1\Temp\GLB21.tmp C:\Documents and Settings\Albert Lee\My Documents\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

[Doug]

Hi alrt,

You have at least one torrent client, some temporary file sharing routines, and evidence of some browser helper files that you probably didn't ask for. In short, you have some infection, and are wide-open to be further infected.

You are just as welcome to be a Member and receive assistance here at WTT as any other Member.

However, WTT -- will not -- assist with downloads and file problems associated with peer-to-peer and torrent file exchanges that may be in violation of law and/or contractual copywrite restrictions.

Since we have no way of verifying the the "content" that any one user is participating in, we simply decline to be of assistance in any such situation.

What we do know, is that p2p and torrent clients are hugely popular vectors for the mass communication of malware infection.

Please consider Uninstalling all p2p and torrent client utilities.
Your machine will be healthier if you do.

What you decide to do on the internet and with your machine is your own business.
WTT may help you if you dump your torrent and p2p utilities.
But as soon as you re-install them, you place your machine at risk again.

Slow downloads and downloads that slow towards the end or fail to complete are symptoms of dirty tricks played by contributing sources of torrent clients as well as symptoms of infection. The torrent client itself, may or may not be "innocent" but there is often insufficient attention to the behavior of the contributors to make the process safe for users.

I am surprised that your campus IT didn't simply BAN you from using their ISP.
Many campuses have strict rules agains p2p and torrents.

If you want to clean up your machine, uninstall your torrent and any p2p clients.
Then read and follow the instructions, here:

I wish you the best and am glad you have decided to be a Member at WTT.
I hope you will accept that WTT has specific rules that apply to the entire WTT community for matters of safety and legality.

Best Regards,
Doug

[Blair]

Moved to HJT log forum. Topic closed.