TechSpot

Computer sending out far more packets than receiving...Please help

By bvsh
Mar 5, 2005
  1. Hello Friends,

    My computer sends out more packets than it receives. As a result, sites load very slowly in the begining and after a while they do not load at all.

    Also, I cannot run Norton Personal Firewall. When I click on it, it does not open.

    I am posting my HijackThis log file.

    Please help me!!!!!!!!!!!!

    Logfile of HijackThis v1.99.1
    Scan saved at 10:29:07 PM, on 3/5/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\iexplorerrs.exe
    C:\WINDOWS\System32\aevjex.exe
    C:\WINDOWS\System32\PELMICED.EXE
    C:\WINDOWS\System32\winmedplay.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\soundmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\gearsec.exe
    C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\System32\navupdaters.exe
    C:\WINDOWS\System32\navprotect.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\WINDOWS\System32\mcafeshield.exe
    C:\download\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: Shell=Explorer.exe soundmon.exe
    N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\Bhavesh Shah\Application Data\Mozilla\Profiles\default\bwz8e8z8.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Bhavesh Shah\Application Data\Mozilla\Profiles\default\bwz8e8z8.slt\prefs.js)
    O1 - Hosts: 194.162.4.16 aserver.dechema.de
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKLM\..\Run: [Windows Updater] iexplorerrs.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [rhshud] C:\WINDOWS\System32\aevjex.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
    O4 - HKLM\..\Run: [Microsofts MediaScope] winmedplay.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [NAV Auto Protect] navprotect.exe
    O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe
    O4 - HKLM\..\RunServices: [Windows Monitor] winmon.exe
    O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe
    O4 - HKLM\..\RunServices: [Microsofts MediaScope] winmedplay.exe
    O4 - HKLM\..\RunServices: [Windows Updater] iexplorerrs.exe
    O4 - HKLM\..\RunServices: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaters.exe
    O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe
    O4 - HKCU\..\Run: [Windows Monitor] winmon.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Windows Updater] iexplorerrs.exe
    O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe
    O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe
    O4 - HKCU\..\RunServices: [Windows Updater] iexplorerrs.exe
    O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\IntroWiz.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: messenger.hotmail.com
    O15 - Trusted Zone: loginnet.passport.com
    O15 - Trusted Zone: login.passport.net
    O15 - Trusted Zone: memberservicesnet.passport.net
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://www.aspentech.com/ica/wficat.cab
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
    O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
    O16 - DPF: {C9BEF1E9-21F6-486F-80A2-32D61DE86E5E} - http://www.directxtras.com/speaksforits...s_sapi.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne...tector.cab
    O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksforits...plugin.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe
    O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    O23 - Service: wmp - Unknown owner - C:\Program Files\Windows Media Player\wmp.exe" "C:\Program Files\Windows Media Player\wmp.cfg (file missing)
     
  2. olefarte

    olefarte TechSpot Ambassador Posts: 1,343   +6

    I think you are on the right track. Go here and here, and follow all the instructions exactly. Then post your HijackThis log back here.

    I see some things that I think are problems, but I'll defer to someone who knows more than me. But this is what you need to do first, before any advice.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...