Edited by alrt, 08 November 2007 - 09:32 PM.

Problems Downloading Larger Files
Started by
alrt
, Nov 08 2007 09:32 PM
3 replies to this topic
#1
Posted 08 November 2007 - 09:32 PM
Register to Remove
#2
Posted 08 November 2007 - 09:36 PM
Logfile of HijackThis v1.99.1
Scan saved at 10:31:39 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\ALBERT~1\LOCALS~1\Temp\zauninst.exe
C:\DOCUME~1\ALBERT~1\LOCALS~1\Temp\GLB21.tmp
C:\Documents and Settings\Albert Lee\My Documents\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
#3
Posted 08 November 2007 - 11:55 PM
Hi alrt,
You have at least one torrent client, some temporary file sharing routines, and evidence of some browser helper files that you probably didn't ask for. In short, you have some infection, and are wide-open to be further infected.
You are just as welcome to be a Member and receive assistance here at WTT as any other Member.
However, WTT -- will not -- assist with downloads and file problems associated with peer-to-peer and torrent file exchanges that may be in violation of law and/or contractual copywrite restrictions.
Since we have no way of verifying the the "content" that any one user is participating in, we simply decline to be of assistance in any such situation.
What we do know, is that p2p and torrent clients are hugely popular vectors for the mass communication of malware infection.
Please consider Uninstalling all p2p and torrent client utilities.
Your machine will be healthier if you do.
What you decide to do on the internet and with your machine is your own business.
WTT may help you if you dump your torrent and p2p utilities.
But as soon as you re-install them, you place your machine at risk again.
Slow downloads and downloads that slow towards the end or fail to complete are symptoms of dirty tricks played by contributing sources of torrent clients as well as symptoms of infection. The torrent client itself, may or may not be "innocent" but there is often insufficient attention to the behavior of the contributors to make the process safe for users.
I am surprised that your campus IT didn't simply BAN you from using their ISP.
Many campuses have strict rules agains p2p and torrents.
If you want to clean up your machine, uninstall your torrent and any p2p clients.
Then read and follow the instructions, here:
I wish you the best and am glad you have decided to be a Member at WTT.
I hope you will accept that WTT has specific rules that apply to the entire WTT community for matters of safety and legality.
Best Regards,
Doug
You have at least one torrent client, some temporary file sharing routines, and evidence of some browser helper files that you probably didn't ask for. In short, you have some infection, and are wide-open to be further infected.
You are just as welcome to be a Member and receive assistance here at WTT as any other Member.
However, WTT -- will not -- assist with downloads and file problems associated with peer-to-peer and torrent file exchanges that may be in violation of law and/or contractual copywrite restrictions.
Since we have no way of verifying the the "content" that any one user is participating in, we simply decline to be of assistance in any such situation.
What we do know, is that p2p and torrent clients are hugely popular vectors for the mass communication of malware infection.
Please consider Uninstalling all p2p and torrent client utilities.
Your machine will be healthier if you do.
What you decide to do on the internet and with your machine is your own business.
WTT may help you if you dump your torrent and p2p utilities.
But as soon as you re-install them, you place your machine at risk again.
Slow downloads and downloads that slow towards the end or fail to complete are symptoms of dirty tricks played by contributing sources of torrent clients as well as symptoms of infection. The torrent client itself, may or may not be "innocent" but there is often insufficient attention to the behavior of the contributors to make the process safe for users.
I am surprised that your campus IT didn't simply BAN you from using their ISP.
Many campuses have strict rules agains p2p and torrents.
If you want to clean up your machine, uninstall your torrent and any p2p clients.
Then read and follow the instructions, here:
I wish you the best and am glad you have decided to be a Member at WTT.
I hope you will accept that WTT has specific rules that apply to the entire WTT community for matters of safety and legality.
Best Regards,
Doug
The help you receive here is free.
If you wish, you may Donate to help keep us online.
If you wish, you may Donate to help keep us online.
#4
Posted 09 November 2007 - 12:19 AM
Moved to HJT log forum.
Topic closed.

0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users