home hardware prices news articles forums photos user reviews
Go Back   Tech Support Forums - TechIMO.com > PC Hardware and Tech > Networking and Internet
Slow connection, Strange NETSTAT logs Slow connection, Strange NETSTAT logs
Reply

Slow connection, Strange NETSTAT logs
 
Thread Tools Search this Thread
Currently Active Users: 2395
Discussions: 208,717, Posts: 2,468,434, Members: 254,427
Get bargains at  »  Dealighted.com
Old March 16th, 2009, 02:46 PM   Digg it!   #1 (permalink)
Junior Member
 
Join Date: Aug 2002
Posts: 8
Slow connection, Strange NETSTAT logs
Hi,
My WinXP Pro (SP3) is connected to the net via cables, bandwidth - 1.5 MB.
Surfing is very slow. I called for my provider and support instructed me to do the following:
1. Start with a clean system, connected to the net, no browser active
2. Adding one IE connection, following one Google run
3. Adding one more IE connection, following two Google runs
4. Adding one more IE connection, following three Google runs

Since my IE connections created many established TCP connections, the tech support concluded that something, maybe spyware, may be causing the slowness of my connection.

I ran a set of spyware checkups, and my system seems to be clean.

Is there a problem with the number of established connections?
If so, what may cause these results?
If so, what should I do?

Enclosed - 4 sets of logs, following the four tests mentioned above:

Net connection. No IE

Active Connections
Proto Local Address Foreign Address State PID
TCP 84.228.167.42:1049 212.47.219.89:80 TIME_WAIT 0
TCP 84.228.167.42:1052 212.199.223.200:80 TIME_WAIT 0
TCP 84.228.167.42:1056 65.55.184.157:80 TIME_WAIT 0
TCP 127.0.0.1:1050 127.0.0.1:1110 TIME_WAIT 0

Net connection. One IE

Active Connections
Proto Local Address Foreign Address State PID
TCP 84.228.167.42:1060 74.125.39.103:80 ESTABLISHED 2008
[System]
TCP 84.228.167.42:1063 74.125.39.99:80 ESTABLISHED 2008
[System]
TCP 84.228.167.42:1066 74.125.39.100:80 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1058 127.0.0.1:1110 ESTABLISHED 4064
[iexplore.exe]
TCP 127.0.0.1:1061 127.0.0.1:1110 ESTABLISHED 4064
[iexplore.exe]
TCP 127.0.0.1:1064 127.0.0.1:1110 ESTABLISHED 4064
[iexplore.exe]
TCP 127.0.0.1:1110 127.0.0.1:1064 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1110 127.0.0.1:1058 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1110 127.0.0.1:1061 ESTABLISHED 2008
[System]
TCP 84.228.167.42:1049 212.47.219.89:80 TIME_WAIT 0
TCP 84.228.167.42:1052 212.199.223.200:80 TIME_WAIT 0
TCP 84.228.167.42:1056 65.55.184.157:80 TIME_WAIT 0
TCP 127.0.0.1:1050 127.0.0.1:1110 TIME_WAIT 0

Net connection. Two IE

Active Connections
Proto Local Address Foreign Address State PID
TCP 84.228.167.42:1060 74.125.39.103:80 ESTABLISHED 2008
[System]
TCP 84.228.167.42:1063 74.125.39.99:80 ESTABLISHED 2008
[System]
TCP 84.228.167.42:1066 74.125.39.100:80 ESTABLISHED 2008
[System]
TCP 84.228.167.42:1070 74.125.39.103:80 ESTABLISHED 2008
[System]
TCP 84.228.167.42:1073 209.85.129.104:80 ESTABLISHED 2008
[System]
TCP 84.228.167.42:1076 74.125.39.102:80 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1058 127.0.0.1:1110 ESTABLISHED 4064
[iexplore.exe]
TCP 127.0.0.1:1061 127.0.0.1:1110 ESTABLISHED 4064
[iexplore.exe]
TCP 127.0.0.1:1064 127.0.0.1:1110 ESTABLISHED 4064
[iexplore.exe]
TCP 127.0.0.1:1068 127.0.0.1:1110 ESTABLISHED 356
[iexplore.exe]
TCP 127.0.0.1:1071 127.0.0.1:1110 ESTABLISHED 356
[iexplore.exe]
TCP 127.0.0.1:1074 127.0.0.1:1110 ESTABLISHED 356
[iexplore.exe]
TCP 127.0.0.1:1110 127.0.0.1:1074 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1110 127.0.0.1:1068 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1110 127.0.0.1:1058 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1110 127.0.0.1:1071 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1110 127.0.0.1:1064 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1110 127.0.0.1:1061 ESTABLISHED 2008
[System]
TCP 84.228.167.42:1056 65.55.184.157:80 TIME_WAIT 0

Net connection. Three IE

Active Connections
Proto Local Address Foreign Address State PID
TCP 84.228.167.42:1070 74.125.39.103:80 ESTABLISHED 2008
[System]
TCP 84.228.167.42:1073 209.85.129.104:80 ESTABLISHED 2008
[System]
TCP 84.228.167.42:1076 74.125.39.102:80 ESTABLISHED 2008
[System]
TCP 84.228.167.42:1080 74.125.39.103:80 ESTABLISHED 2008
[System]
TCP 84.228.167.42:1083 74.125.39.101:80 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1068 127.0.0.1:1110 ESTABLISHED 356
[iexplore.exe]
TCP 127.0.0.1:1071 127.0.0.1:1110 ESTABLISHED 356
[iexplore.exe]
TCP 127.0.0.1:1074 127.0.0.1:1110 ESTABLISHED 356
[iexplore.exe]
TCP 127.0.0.1:1078 127.0.0.1:1110 ESTABLISHED 3200
[iexplore.exe]
TCP 127.0.0.1:1081 127.0.0.1:1110 ESTABLISHED 3200
[iexplore.exe]
TCP 127.0.0.1:1110 127.0.0.1:1068 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1110 127.0.0.1:1074 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1110 127.0.0.1:1081 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1110 127.0.0.1:1078 ESTABLISHED 2008
[System]
TCP 127.0.0.1:1110 127.0.0.1:1071 ESTABLISHED 2008
[System]
chermesh is offline   Reply With Quote
Old March 16th, 2009, 05:57 PM     #2 (permalink)
Member
 
Join Date: Dec 2008
Posts: 159
I don't see anything wrong with that netstat output. I have extablished loopback connections in mine too.

To be sure that the system is clean, download, update and run anti malware from malwarebytes.org

Then, download TCPOptimizer.exe from speedguide.net
It's under broadband tools. Run it and make the suggested changes.

That should do it.
guapo is offline   Reply With Quote
Old March 18th, 2009, 12:17 PM     #3 (permalink)
Junior Member
 
Join Date: Aug 2002
Posts: 8
Thanks.
I ran malwarebyte's antivirus, but it failed to identify any problem.
Here're are my HijackThis logs, first pre-clean and then' post clean:

Pre-Clean
=======

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:31, on 17/03/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\Turtle Beach\AudioAdvantageAmigo\TBAA.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\012Net\012Net-Cable dialer\fwportal.exe
C:\Program Files\012Net\012Net-Cable dialer\fts.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Amigo] "C:\Program Files\Turtle Beach\AudioAdvantageAmigo\TBAA.exe"
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [%FP%012-L2TP FWPortal.exe] "C:\Program Files\012Net\012Net-Cable dialer\fwportal.exe" -no_dialog
O4 - HKLM\..\Run: [%FP%012-L2TP fts.exe] "C:\Program Files\012Net\012Net-Cable dialer\fts.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1219954026359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1220082369750
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C34FD4B1-4D50-4CC2-9E9A-EBD7FC98BABF}: NameServer = 80.179.52.100 80.179.55.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll,C:\PROGRA~1\KASP ER~1\KASPER~1.0\kloehk.dll,C:\PROGRA~1\KASPER~1\KA SPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mz vkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dl l,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 12236 bytes


Post-clean:
========
... [cut in order to fit forum's restrictions]

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\Turtle Beach\AudioAdvantageAmigo\TBAA.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\012Net\012Net-Cable dialer\fwportal.exe
C:\Program Files\012Net\012Net-Cable dialer\fts.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Locate\locate32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program

Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -

C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} -

C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-

4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program

Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910}

- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program

Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program

Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program

Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} -

C:\Program Files\SearchPerks! Perk Counter\Bmbho.dll
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Amigo] "C:\Program Files\Turtle

Beach\AudioAdvantageAmigo\TBAA.exe"
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup

Launcher GUI.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag

2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -

AutoStart
O4 - HKLM\..\Run: [%FP%012-L2TP FWPortal.exe] "C:\Program Files\012Net\012Net-Cable

dialer\fwportal.exe" -no_dialog
O4 - HKLM\..\Run: [%FP%012-L2TP fts.exe] "C:\Program Files\012Net\012Net-Cable

dialer\fts.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security

2009\avp.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe

/autorun
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default

user')
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky

Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program

Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program

Files\Copernic Agent\CopernicAgent.exe
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-

8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-

AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009

\SCIEPlgn.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program

Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-

9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-

A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsu...uweb_site.cab?

1219954026359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsof...uweb_site.cab?

1220082369750
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -

http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C34FD4B1-4D50-4CC2-9E9A-EBD7FC98BABF}:

NameServer = 80.179.52.100 80.179.55.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1

\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll,C:\PROGRA~1\KASP ER~1

\KASPER~1.0\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER ~1

\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3. dll,C:\PROGRA~1

\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~ 1\KASPER~1\kloehk.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common

Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program

Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky

Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother

Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program

Files\cFosSpeed\spd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti

-Malware\mbamservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies -

C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program

Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program

Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner -

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 12359 bytes
chermesh is offline   Reply With Quote
Old March 19th, 2009, 08:10 PM     #4 (permalink)
Member
 
Join Date: Dec 2008
Posts: 159
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Did you set restrictions on IE?

O17 - HKLM\System\CCS\Services\Tcpip\..\{C34FD4B1-4D50-4CC2-9E9A-EBD7FC98BABF}: NameServer = 80.179.52.100 80.179.55.100

Do those name servers belong to your ISP? ^^ . If not, delete them.

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

Did you install the sniffer ^^ or did someone else install it?

Also, you are using P2P sharing, which I wouldn't trust. I would uninstall the toolbars and I would run msconfig and uncheck the large amount of programs you have loading into memory at boot time.
guapo is offline   Reply With Quote
Old March 20th, 2009, 12:13 AM     #5 (permalink)
Junior Member
 
Join Date: Aug 2002
Posts: 8
The nameserver
Thanks.
I didn't set the policy restriction, and thus followed your suggestion.
Same with the nameserver. Really strange! Where did it come from?!
I did install WinPcap, even though I don't remeber why and whatfor.

I've restricted the number of running programs and it did have an immediate impact on the speed of my system.

Thanks again.

Ran
chermesh is offline   Reply With Quote
Old March 20th, 2009, 10:04 AM     #6 (permalink)
Member
 
Join Date: Dec 2008
Posts: 159
Probably some malicious web page ran a script to change your name servers.
guapo is offline   Reply With Quote
Old March 21st, 2009, 04:07 AM     #7 (permalink)
Junior Member
 
Join Date: Aug 2002
Posts: 8
Looks like the system works now smoother. Thanks.
chermesh is offline   Reply With Quote
Old March 21st, 2009, 09:21 AM     #8 (permalink)
Member
 
Join Date: Dec 2008
Posts: 159
Glad to hear it.
guapo is offline   Reply With Quote
Ask a Tech Question (free)!
Most Active Discussions
You Drinking Fluoridated Water? (17)
Is It Just Me? (2926)
Glenn Beck Cultists: The New Obamit.. (82)
can i upgrade my processor (17)
VPN and Mapped Drives (10)
Cat5 Troubleshooting (pictures prov.. (10)
Problems with Hotmail (5)
[F@H SPAM Aug 10, 2010] A New Begi.. (128)
Heatsink came off? (12)
Is lycos mail working ? (28)
Security Suite Virus (5)
iPhone/iTouch video cable (6)
Recent Discussions
I have finally experiencing (0)
high speed disc sound at times (4)
Windows Live Friends List no longer p.. (1)
processor upgrade (13)
HDMI PC to TV sound issue (1)
Blocking Excel for Certain Group of u.. (0)
Dvi sound? (2)
can i upgrade my processor (17)
TP-Link WN722N: Disconect only on mul.. (1)
Network card problem i think? (2)
MESSAGE FROM WEBPAGE (1)
[F@H SPAM Aug 10, 2010] A New Beginn.. (128)
FASTEST download speed ever (31)
[F@H SPAM 23MAY10Su] MY E-PEEN IS BIG.. (418)
An Error Guys (3)
Fried graphics card ????????? (3)
Going to school for Networking Specia.. (0)
ADUC (1)
I got to go this route from DOS up (7)
Cat5 Troubleshooting (pictures provid.. (10)
Notebook suddenly crashing (2)
Problems with Hotmail (5)
Was it worth $800 ? (1)
Optimum online tweaking (8)
Will this graphic card work for me? (20)
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hard drive slow for strange reasons CoonDawg Storage Related 2 March 11th, 2007 01:38 PM
It very strange with Dell GX270 it very slow Milwaukee Applications and Operating Systems 15 February 17th, 2007 01:40 PM
Strange remote TCP connection-Please help!!! nettizen Security and Privacy Issues 1 July 4th, 2005 12:09 PM
Windows XP Logs in and Immediatly logs out sciboy Technical Support 3 October 16th, 2003 11:16 PM
any logs to detail my crappy connection? stant093 Networking and Internet 6 July 16th, 2003 12:58 PM


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 

All times are GMT -4. The time now is 11:38 AM.
TechIMO Copyright 2010 All Enthusiast, Inc.

Contact Us - Tech Support Forums - TechIMO.com - Archive - Privacy Statement - Terms of Use -
Coupons and Deals and Dealighted - Store Ratings, Avoid Scam Businesses - Geek News - Tech News for the Geek In You- Web Business Blog - Top


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28