TechSpot

Need Help..At wits end !!

By Curado Kev
Dec 18, 2003
Topic Status:
Not open for further replies.
  1. My P4 2.6 ghz Dell Dim 8300 w/ 512 ram and ATI 9800np has double the pings when playing COD on a Texas Server and I'm from Michigan. I have Charter Cable with 2mb DL/128 K upload and speed tests and line tests are fine.

    I've cleaned spyware with Spybot and Ad-aware, I've reloaded Call of Duty, did line and speeed tests. Even turned off my firewall and same thing. Everybody pings aroun 70 and I'm at 125-150. Some say I'm lagging (jerking) BUT on my screen everything is some as silk at 60-90 FPS.

    So now I'm looking at my processes and here is list from hijack this.. Any ideas on processes I can turn off right ??

    This had been going on for 2- 3 weeks now. PLEASE HELP ME !!!!


    Thanks again Kev

    Processses here:
    StartupList report, 12/18/2003, 11:13:44 PM
    StartupList version: 1.52
    Started from : C:\Documents and Settings\Kevin\Desktop\Security\HijackThis.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
    C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Documents and Settings\Kevin\Desktop\Security\HijackThis.exe
    C:\WINDOWS\System32\cidaemon.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Kevin\Start Menu\Programs\Startup]
    PowerReg Scheduler.exe

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    hpoddt01.exe.lnk = ?

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ATIModeChange = Ati2mdxx.exe
    DVDSentry = C:\WINDOWS\System32\DSentry.exe
    CTSysVol = C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    CTDVDDet = C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    CTHelper = CTHELPER.EXE
    UpdReg = C:\WINDOWS\UpdReg.EXE
    AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    DwlClient = C:\Program Files\Common Files\Dell\EUSW\Support.exe
    BJCFD = C:\Program Files\BroadJump\Client Foundation\CFD.exe
    WorkFlo = D:\Install\WorkFlow.exe
    MediaFace Integration = C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
    Logitech Utility = Logi_MwX.Exe
    McAfee Guardian = "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
    mmtask = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    HideOutlook = "C:\Program Files\r2 Studios\HideOutlook\HideOutlook.exe"

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    (Default) =
    McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\SSPIPES.SCR
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\WINDOWS\SYSTEM32\ecpkico.dll - {E1C28C1D-035F-4A80-A3EB-A1026C3076E4}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    FRU Task #Hewlett-Packard#hp psc 2170 series#1062025272.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Support.com Configuration Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
    CODEBASE = http://support.charter.com/sdccommon/download/tgctlcm.cab

    [SysProWmi Class]
    InProcServer32 = C:\WINDOWS\System32\Dell\SystemProfiler\SysPro.ocx
    CODEBASE = http://support.dell.com/systemprofiler/SysPro.CAB

    [Microsoft Office Template and Media Control]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
    CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

    [QuickTime Object]
    InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

    [MSSecurityAdvisor Class]
    InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
    CODEBASE = http://protect.microsoft.com/security/protect/WSA/shared/cab/x86/MSSecAdv.cab?1065657548539

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

    [{41F17733-B041-4099-A042-B518BB6A408C}]
    CODEBASE = http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe

    [{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]
    CODEBASE = http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab

    [RdxIE Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll
    CODEBASE = http://207.188.7.150/22d0a16e5c61dcefe201/netzip/RdxIE601.cab

    [GSDACtl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\gsda.dll
    CODEBASE = http://launch.gamespyarcade.com/software/launch/alaunch.cab

    [DmiReader Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\SYSPRO~1.DLL
    CODEBASE = http://ftp.us.dell.com/fixes/PROFILER.CAB

    [InstallShield International Setup Player]
    InProcServer32 = c:\windows\downlo~1\isetup.dll
    CODEBASE = http://www.installengine.com/engine/isetup.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37861.8992013889

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [CTAdjust Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\clearadjust.dll
    CODEBASE = http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

    [Microsoft Office Tools on the Web Control]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\OUTC.DLL
    CODEBASE = http://dgl.microsoft.com/downloads/outc.cab

    [Anark Client ActiveX Control]
    CODEBASE = http://install.anark.com/client/version2/windows-ie/en/AMClient.cab

    [QDiagHUpdateObj Class]
    InProcServer32 = C:\WINDOWS\System32\qdiagh.ocx
    CODEBASE = http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll
  2. Spike

    Spike TS Rookie Posts: 2,371


    After a bit of searching on google. Found this.....

    http://www.liutilities.com/products/wintaskspro/processlibrary/cfd/

    Content is as follows...


    This CFD.exe sends outbound traffic though, So it's probably not causing you to get pinged, but, at a long shot, it may have invited them?

    anyway, two threads that may be of use to you from other forums from google (just type 'cfd.exe virus' for the full list search results)

    http://www.broadbandreports.com/forum/remark,8699383~mode=flat

    http://www.broadbandreports.com/forum/remark,7811883~mode=flat

    Hope this is of some help
  3. Elcarion

    Elcarion TechSpot Paladin Posts: 188

    I assume you're seeing normal Internet lag rather than actually having trouble with your computer. Since you appear to have either Win 2K or Win XP you can do the following:

    1) Reboot your computer. Close any programs that connect over the Internet (IE, AIM, Yahoo Messenger, etc.)
    2) Go to the command prompt
    3) Type "netstat -an" without the quotes. You should see your computer listening on a few ports but no outbound connections. If you see dozens or hundreds of things then you're definitely infected with something.
    4) Determine the IP address of the server you have bad ping times to. Type "tracert <IP ADDRESS>". You can also use a DNS name. The entry would look like "tracert www.techspot.com" This will show your ping times at each router hop.

    NOTE: For the Internet 125-150ms isn't uncommon; especially, if you have a lot of router hops between you and your destination. Lately I'd be happy with that on my broadband connection. Unfortunately, most providers don't guarantee latency just bandwidth.
  4. Spike

    Spike TS Rookie Posts: 2,371

    sorry. Miss-read the original post here, but my little bit of searching still stands.

    It looks like you may have a little bit of spyware on your machine.

    It can't be said for sure, but it could be making a connection that's slowing you down, or inviting/sending traffic that is slowing you down? The advice from Elcarion is good. look at that first.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.