kaiser99
join:2005-09-19
Houston, TX
| HJT Log - Slow internet connection
For the past week or 2, my internet connection has becoming progressively slower to the point where it is almost at a standstill when I try to view/load new webpages.
When I began to notice this problem, I immediately ran hijackthis and found something I thought was weird (the ProtocolDefaults --see log below). I tried to fix it with hijackthis, but they just kept reappearing. I then did a google search (which was painfully slow) on the problem and came across your site. Since then, I have run CWShredder, Spybot S&D, Ad-ware, and TrojanHunter. None of them found anything, except Ad-ware did find some tracking cookies (which I deleted). I am currently running XP SP1. I was running XPlite without SP1 until right before this problem started. I had to install IE in order to run windows update to get SP1 which was required by a program I wanted to use. I still have IE on the computer, but Opera 8.01 is my default browser. Thanks in advance for any help 
Logfile of HijackThis v1.99.1
Scan saved at 3:39:18 PM, on 9/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Opera 8.01\Opera.exe
D:\Download\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] AL CXMNTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone |
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| There is no obvious undetected malware in your HijackThis log.
You said you are using XPlite, I assume you also removed IE with it. I would imagine that is the problem. Trying to put IE back with SP1 has missed something XPlite removed? But obviously trying to put it back has caused the problem with slowdowns since that is when you noticed the problems occur.
HJT has noticed that your defaults are not the normal default settings and probably cannot fix it as using XPlite has made some changes that won't allow it to. If they had been changed by malware there would have been some signs by other scanners or HJT.
That's my best guess since I am not sure what removing you have done with XPlite
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2005
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
