SG Broadband Community

SG Broadband Community. Everything you'd like to know about Cable Modems, DSL, Satellite, Networking, Security, Wireless, Routers and more.
https://www.speedguide.net/forums/

Plz solve My pro ASAP

https://www.speedguide.net/forums/viewtopic.php?t=241716

Page 1 of 2

Plz solve My pro ASAP

Posted: Fri Jun 06, 2008 9:41 pm
by moksh_rishu
Hi
i m new here , i just read most of the thread related with connection speed
i m facing same prob i never get download speed >17kBps

i tried all of the tips u r showing in multi pal thread ,

plz help me


speed test is showing this :-

http://www.speedguide.net/speedtest/res ... XCP8Y77FEZ




« SpeedGuide.net TCP Analyzer Results »
Tested on: 06.06.2008 21:40
IP address: 60.243.xx.xxx

TCP options string: 020405b40103030301010402
MSS: 1460
MTU: 1500
TCP Window: 513920 (multiple of MSS)
RWIN Scaling: 3
Unscaled RWIN : 64240
Reccomended RWINs: 64240, 128480, 256960, 513920
BDP limit (200ms): 20557kbps (2570KBytes/s)
BDP limit (500ms): 8223kbps (1028KBytes/s)
MTU Discovery: ON
TTL: 47
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)


now told me what i do

Posted: Fri Jun 06, 2008 10:17 pm
by trogers
Which country are you in?

What speed did you pay to get?

Your speedtest result shows download speed at 5.8 mbps.

hi

Posted: Sat Jun 07, 2008 2:19 am
by moksh_rishu
I m from India, i m paying around 40 $ for 512 kbps broadband , i never seen my download speed > 17 , 18 kBps ,

do needfull for me





sorry for my english .... :)

Posted: Sat Jun 07, 2008 2:32 am
by trogers
Try the following with TCP Optimizer:

General Settings tab:
Custom settings - check
Modify All Network Adapters - check
network adapter selection - your NIC
MTU - 1500
TTL - 64
TCP Receive Window - 64240
MTU Discovery - Yes
Black Hole Detect - No
Selective Acks - Yes
Max Duplicate ACKs - 2
TCP 1323 Options:
Windows Scaling - uncheck
Timestamps - uncheck

Advanced Settings tab:
Max Connections per Server - 10
Max Connections per 1.0 Server - 20
LocalPriority - 1
Host Priority - 1
DNSPriority - 1
NetbtPriority - 1
Lan Browsing speedup - optimized
QoS: NonBestEffortLimit - 0
ToS: DisableUserTOSSetting - 0
ToS: DefaultTOSValue - 80
MaxNegativeCacheTtl - 0
NetFailureCacheTime - 0
NegativeSOACache Time - 0
LAN Request Buffer Size - 32768
Then select "Apply Changes" and reboot to take effect

After reboot, download a file from an indian website and note the download speed in kilobytes per second. Multiply it with 8 to get kilobits per second - eg. 50 KB/s = 400 kbps.

Posted: Sat Jun 07, 2008 3:20 am
by moksh_rishu
now,
it is 8 to 10 kB/s
it mens 64 to 80 kbps

Posted: Sat Jun 07, 2008 3:26 am
by trogers
moksh_rishu wrote:it is 8 to 10 kB/s
it mens 64 to 80 kbps
Do a tracert to http://www.yahoo.com and post.

To do a tracert, click 'Start' and then 'Run'. Type "cmd" into the box and click 'ok'.

A DOS black screen will appear. Type after the C:\>

tracert http://www.yahoo.com

and press enter key

When test is completed, move mouse cursor to the DOS black screen, click right and choose 'select all'.

Move mouse cursor to the Quick Reply box of this forum, click right and 'paste'.

Posted: Sat Jun 07, 2008 3:35 am
by moksh_rishu
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Prateek>cd\

C:\>tracer http://www.yahoo.com
'tracer' is not recognized as an internal or external command,
operable program or batch file.

C:\>tracert http://www.yahoo.com

Tracing route to http://www.yahoo-ht3.akadns.net [87.248.113.14]
over a maximum of 30 hops:

1 * * 7 ms 10.150.0.1
2 45 ms 11 ms 26 ms 210.18.132.249
3 12 ms 27 ms 9 ms 192.168.27.2
4 * 14 ms 32 ms 203.101.94.197
5 51 ms 48 ms 51 ms 125.21.167.29
6 248 ms * * pal2-bharti-2.pal.seabone.net [195.22.197.121]
7 275 ms 284 ms * telia-1-se-decix.fra.seabone.net [195.22.211.110
]
8 223 ms 470 ms 222 ms ffm-bb1-link.telia.net [80.91.249.138]
9 240 ms 243 ms 225 ms prs-bb2-link.telia.net [80.91.248.61]
10 233 ms * * ldn-bb2-link.telia.net [80.91.254.210]
11 289 ms * 240 ms 80.91.250.85
12 267 ms * * yahoo-115023-dln-b1.c.telia.net [213.155.141.182
]
13 254 ms 278 ms 236 ms ge-1-1.bas-b1.ird.yahoo.com [87.248.101.1]
14 * 277 ms * f1.us.http://www.vip.ird.yahoo.com [87.248.113.14]
15 229 ms 250 ms * f1.us.http://www.vip.ird.yahoo.com [87.248.113.14]
16 230 ms * 254 ms f1.us.http://www.vip.ird.yahoo.com [87.248.113.14]

Trace complete.

C:\>

Posted: Sat Jun 07, 2008 3:37 am
by moksh_rishu
i m doing this again







C:\>tracert http://www.yahoo.com

Tracing route to http://www.yahoo-ht3.akadns.net [87.248.113.14]
over a maximum of 30 hops:

1 7 ms 27 ms 25 ms 10.150.0.1
2 53 ms 39 ms 10 ms 210.18.132.249
3 28 ms 32 ms 26 ms 192.168.27.2
4 42 ms 16 ms 12 ms 203.101.94.197
5 47 ms 64 ms 75 ms 125.21.167.29
6 231 ms 254 ms 228 ms pal2-bharti-2.pal.seabone.net [195.22.197.121]
7 243 ms 253 ms 238 ms telia-1-se-decix.fra.seabone.net [195.22.211.110
]
8 229 ms 237 ms 222 ms ffm-bb2-link.telia.net [80.91.249.142]
9 232 ms 231 ms 225 ms prs-bb1-link.telia.net [80.91.249.45]
10 229 ms 247 ms 232 ms ldn-bb2-pos7-0-0.telia.net [213.248.65.113]
11 222 ms 232 ms 245 ms dln-b1-link.telia.net [80.91.250.85]
12 243 ms 233 ms 235 ms yahoo-115023-dln-b1.c.telia.net [213.155.141.182
]
13 265 ms 254 ms * ge-1-1.bas-b2.ird.yahoo.com [87.248.101.3]
14 255 ms 238 ms 234 ms f1.us.http://www.vip.ird.yahoo.com [87.248.113.14]

Trace complete.

C:\>

Posted: Sat Jun 07, 2008 3:45 am
by trogers
Packet losses at the modem in hop 1.

Turn off power to the modem for 10 mins and place it in a location a few feet away from ALL other electrical devices, under the comp table if that is the only place.

Then reconnect and do another tracert.

Posted: Sat Jun 07, 2008 4:03 am
by moksh_rishu
now it is



C:\>tracert http://www.yahoo.com

Tracing route to http://www.yahoo-ht3.akadns.net [87.248.113.14]
over a maximum of 30 hops:

1 7 ms 27 ms 25 ms 10.150.0.1
2 53 ms 39 ms 10 ms 210.18.132.249
3 28 ms 32 ms 26 ms 192.168.27.2
4 42 ms 16 ms 12 ms 203.101.94.197
5 47 ms 64 ms 75 ms 125.21.167.29
6 231 ms 254 ms 228 ms pal2-bharti-2.pal.seabone.net [195.22.197.121]
7 243 ms 253 ms 238 ms telia-1-se-decix.fra.seabone.net [195.22.211.110
]
8 229 ms 237 ms 222 ms ffm-bb2-link.telia.net [80.91.249.142]
9 232 ms 231 ms 225 ms prs-bb1-link.telia.net [80.91.249.45]
10 229 ms 247 ms 232 ms ldn-bb2-pos7-0-0.telia.net [213.248.65.113]
11 222 ms 232 ms 245 ms dln-b1-link.telia.net [80.91.250.85]
12 243 ms 233 ms 235 ms yahoo-115023-dln-b1.c.telia.net [213.155.141.182
]
13 265 ms 254 ms * ge-1-1.bas-b2.ird.yahoo.com [87.248.101.3]
14 255 ms 238 ms 234 ms f1.us.http://www.vip.ird.yahoo.com [87.248.113.14]

Trace complete.

C:\>

Posted: Sat Jun 07, 2008 4:10 am
by trogers
Make sure you did not coil up any signal or power cables.

Download and use the following:

CCleaner - to clean your comp and registry
SpyBot, Ad-Aware 2008 and Super antispyware to scan and remove malware.

When done. reboot comp and post a new tracert.

Posted: Sat Jun 07, 2008 4:40 am
by moksh_rishu
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Prateek>cd\

C:\>tracert http://www.yahoo.com

Tracing route to http://www.yahoo-ht3.akadns.net [87.248.113.14]
over a maximum of 30 hops:

1 28 ms 9 ms 26 ms 10.150.0.1
2 17 ms 40 ms 18 ms 210.18.132.249
3 20 ms 29 ms 34 ms 192.168.27.2
4 47 ms 29 ms 27 ms 203.101.94.197
5 56 ms 73 ms 57 ms 125.21.167.29
6 218 ms 233 ms 244 ms pal2-bharti-2.pal.seabone.net [195.22.197.121]
7 217 ms 220 ms 235 ms telia-1-se-decix.fra.seabone.net [195.22.211.110
]
8 230 ms 230 ms 220 ms ffm-bb1-link.telia.net [80.91.249.138]
9 274 ms 232 ms 247 ms prs-bb2-link.telia.net [80.91.248.61]
10 249 ms 236 ms 221 ms ldn-bb2-link.telia.net [80.91.254.210]
11 256 ms 231 ms 231 ms dln-b1-link.telia.net [80.91.250.85]
12 231 ms 264 ms 233 ms yahoo-115023-dln-b1.c.telia.net [213.155.141.182
]
13 261 ms 266 ms 259 ms ge-1-1.bas-b1.ird.yahoo.com [87.248.101.1]
14 280 ms 234 ms 243 ms f1.us.http://www.vip.ird.yahoo.com [87.248.113.14]

Trace complete.

C:\>
C:\>

Posted: Sat Jun 07, 2008 5:00 am
by Rollingstone
Tracert looks better ! How is your speed now ! Test speed at http://speedtest.net

Posted: Sat Jun 07, 2008 5:26 am
by trogers
I think he need to do deep scans with Ad-Aware and super antispyware. There may still be some hidden devils.

Posted: Sat Jun 07, 2008 10:36 am
by moksh_rishu
sorry i m not here for log time becz network is not responding

now my speed

Image

Posted: Sat Jun 07, 2008 10:43 am
by moksh_rishu
i m doing tracert again after complete scan with ad-aware 2008 , it's

C:\>tracert http://www.yahoo.com

Tracing route to http://www.yahoo-ht3.akadns.net [87.248.113.14]
over a maximum of 30 hops:

1 8 ms 27 ms 9 ms 10.150.0.1
2 21 ms 10 ms 11 ms 210.18.132.249
3 29 ms 40 ms 17 ms 192.168.27.2
4 14 ms 15 ms 37 ms 203.101.94.197
5 60 ms 54 ms 53 ms 125.21.167.29
6 238 ms 217 ms 244 ms pal2-bharti-2.pal.seabone.net [195.22.197.121]
7 225 ms 209 ms 220 ms telia-1-se-decix.fra.seabone.net [195.22.211.110
]
8 215 ms * 225 ms ffm-bb2-link.telia.net [80.91.249.142]
9 220 ms 234 ms 220 ms prs-bb1-link.telia.net [80.91.254.205]
10 210 ms 235 ms 231 ms ldn-bb1-link.telia.net [80.91.254.208]
11 223 ms 225 ms 222 ms dln-b1-link.telia.net [80.91.251.50]
12 228 ms 295 ms 248 ms yahoo-115023-dln-b1.c.telia.net [213.155.141.182
]
13 235 ms 232 ms 261 ms ge-1-1.bas-b2.ird.yahoo.com [87.248.101.3]
14 228 ms 261 ms 239 ms f1.us.http://www.vip.ird.yahoo.com [87.248.113.14]

Trace complete.

Posted: Sat Jun 07, 2008 12:21 pm
by trogers
Post a Hijackthis log. Google for Hijackthis, download and run it to obtain the log.

Posted: Sat Jun 07, 2008 4:16 pm
by moksh_rishu
Logfile of HijackThis v1.99.1
Scan saved at 2:07:26 AM, on 6/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {E2AB7040-4DF6-418C-8B7B-0DDB88FB8D92} - (no file)
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{14FF6E59-8750-441B-9ADF-7BED5DD8152E}: NameServer = 202.88.130.15,202.88.130.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{14FF6E59-8750-441B-9ADF-7BED5DD8152E}: NameServer = 202.88.130.15,202.88.130.67
O17 - HKLM\System\CS2\Services\Tcpip\..\{14FF6E59-8750-441B-9ADF-7BED5DD8152E}: NameServer = 202.88.130.15,202.88.130.67
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

Posted: Sat Jun 07, 2008 9:05 pm
by trogers
McAfee can slow down your comp as it is heavyweight and draws too much CPU resources. Uninstall and remove McAfee. Clean comp with CCleaner.

Download and use AVG free 8.0 antivirus instead.

Posted: Sun Jun 08, 2008 6:22 am
by moksh_rishu
when i uninstall McAfee my explorer.exe is restarting continue

Posted: Sun Jun 08, 2008 6:52 am
by trogers
moksh_rishu wrote:when i uninstall McAfee my explorer.exe is restarting continue
Use this removal tool:

http://www.softpedia.com/get/Tweak/Unin ... Tool.shtml

Posted: Sun Jun 08, 2008 7:12 am
by moksh_rishu
prob is still there

Posted: Sun Jun 08, 2008 7:14 am
by trogers
moksh_rishu wrote:prob is still there
Insert your Windows CD and run repair.

Posted: Sun Jun 08, 2008 7:38 am
by moksh_rishu
I m posting log file..




ComboFix 08-06-07.3 - Prateek 2008-06-08 16:54:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1619 [GMT 5.5:30]
Running from: C:\Documents and Settings\Prateek\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dKnpWyay.ini
C:\WINDOWS\system32\dKnpWyay.ini2
C:\WINDOWS\system32\hbhcbmsp.dll
C:\WINDOWS\system32\iiffDUkH.dll
C:\WINDOWS\system32\psmbchbh.ini
C:\WINDOWS\system32\urqOEtSl.dll
C:\WINDOWS\system32\yayWpnKd.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-08 15:32 . 2008-06-08 15:45 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-08 15:32 . 2008-06-08 15:33 <DIR> d-------- C:\Program Files\CCleaner
2008-06-08 15:08 . 2008-06-08 15:30 <DIR> d-------- C:\Documents and Settings\Prateek\Application Data\IDM
2008-06-08 15:07 . 2008-06-08 16:41 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-06-08 14:44 . 2008-06-08 14:44 1,169 --a------ C:\WINDOWS\mozver.dat
2008-06-08 13:16 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-08 13:15 . 2008-06-08 13:16 <DIR> d-------- C:\Program Files\Java
2008-06-08 13:07 . 2008-06-08 13:07 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-08 13:00 . 2008-06-08 13:00 <DIR> d-------- C:\Program Files\filehippo.com
2008-06-08 12:26 . 2008-06-08 12:26 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-06-08 12:26 . 2006-11-17 03:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2008-06-08 12:26 . 2006-11-17 03:06 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-08 12:26 . 2006-11-17 03:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2008-06-08 12:23 . 2008-06-08 12:23 <DIR> d-------- C:\Program Files\uTorrent
2008-06-08 12:23 . 2008-06-08 12:42 <DIR> d-------- C:\Documents and Settings\Prateek\Application Data\uTorrent
2008-06-08 12:21 . 2008-06-08 15:47 <DIR> d-------- C:\Documents and Settings\Prateek\Application Data\DMCache
2008-06-08 12:19 . 2008-06-08 12:19 <DIR> d-------- C:\Documents and Settings\Prateek\Application Data\Talkback
2008-06-08 12:18 . 2008-06-08 12:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-08 12:14 . 2008-06-08 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-05-12 18:26 . 2008-02-15 20:42 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 11:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-08 06:16 --------- d-----w C:\Documents and Settings\Prateek\Application Data\Uniblue
2008-06-08 06:15 --------- d-----w C:\Program Files\Uniblue
2008-06-08 06:14 --------- d-----w C:\Documents and Settings\Prateek\Application Data\ATI
2008-06-08 06:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-08 06:12 --------- d-----w C:\Program Files\ATI Technologies
2008-06-08 06:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 06:06 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-06-08 06:01 --------- d-----w C:\Program Files\Realtek
2008-06-08 05:59 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-08 05:58 --------- d-----w C:\Program Files\AMD
2008-06-08 05:58 --------- d-----w C:\Documents and Settings\Prateek\Application Data\InstallShield
2008-04-28 19:29 990,208 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-28 19:29 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-28 19:29 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-28 19:29 140,288 ----a-w C:\WINDOWS\system32\sfc_os.dll
2008-04-14 10:42 74,752 ----a-w C:\WINDOWS\system32\storprop.dll
2008-04-14 10:42 74,240 ----a-w C:\WINDOWS\system32\usbui.dll
2008-04-14 10:42 29,184 ----a-w C:\WINDOWS\system32\sdhcinst.dll
2008-04-14 10:41 30,208 ----a-w C:\WINDOWS\system32\bthserv.dll
2008-04-14 10:41 20,992 ----a-w C:\WINDOWS\system32\bthci.dll
2008-04-14 05:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 05:12 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
2008-04-14 05:11 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
2008-04-14 05:10 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 05:06 8,832 ----a-w C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-04-14 03:55 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin
2008-04-14 03:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 03:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 03:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 03:43 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 03:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 03:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 03:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 03:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 03:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 03:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 03:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 03:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 03:40 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 03:39 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 03:39 7,168 ----a-w C:\WINDOWS\system32\kbdukx.dll
2008-04-14 03:39 566,784 ----a-w C:\WINDOWS\system32\gpedit.dll
2008-04-14 03:39 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 03:39 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 03:39 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 03:39 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 03:39 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 03:39 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 00:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 00:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 00:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 00:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 23:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 23:45 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-13 23:45 56,576 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-13 23:45 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-13 23:45 49,408 ----a-w C:\WINDOWS\system32\drivers\stream.sys
2008-04-13 23:45 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-13 23:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-13 23:32 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
2008-04-13 23:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 22:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 22:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 22:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 22:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 22:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 22:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 22:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 22:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 22:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 22:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 22:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 22:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 22:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 22:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 22:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 22:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 22:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 22:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 22:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 22:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 22:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 22:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 22:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 22:25 202,624 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-04-13 22:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 22:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 22:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 22:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
.

------- Sigcheck -------

2008-04-29 00:59 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 09:50 1424648]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-08-16 09:02 1877272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 14:17 16860672 C:\WINDOWS\RTHDCPL.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"GEST"="=" []
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [ ]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 09:11 99840 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 01:07:30 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

S3 ATICDSDr;ATICDSDr;H:\BIN\atiicdxx.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-06-08 11:36]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-08 07:00:10 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 17:05:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-06-08 17:06:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-08 11:36:07

Pre-Run: 39,074,598,912 bytes free
Post-Run: 39,042,699,264 bytes free

216

Posted: Sun Jun 08, 2008 9:39 am
by trogers
Has the comp been repaired?

Posted: Sun Jun 08, 2008 1:34 pm
by moksh_rishu
yes my comp is now ok after reinstall windows

now tell me what i do

Posted: Sun Jun 08, 2008 1:42 pm
by moksh_rishu
now i used setting as u told me before

General Settings tab:
Custom settings - check
Modify All Network Adapters - check
network adapter selection - your NIC
MTU - 1500
TTL - 64
TCP Receive Window - 64240
MTU Discovery - Yes
Black Hole Detect - No
Selective Acks - Yes
Max Duplicate ACKs - 2
TCP 1323 Options:
Windows Scaling - uncheck
Timestamps - uncheck

Advanced Settings tab:
Max Connections per Server - 10
Max Connections per 1.0 Server - 20
LocalPriority - 1
Host Priority - 1
DNSPriority - 1
NetbtPriority - 1
Lan Browsing speedup - optimized
QoS: NonBestEffortLimit - 0
ToS: DisableUserTOSSetting - 0
ToS: DefaultTOSValue - 80
MaxNegativeCacheTtl - 0
NetFailureCacheTime - 0
NegativeSOACache Time - 0
LAN Request Buffer Size - 32768

Posted: Sun Jun 08, 2008 1:45 pm
by moksh_rishu
now speed is

Image

Posted: Sun Jun 08, 2008 1:53 pm
by moksh_rishu
nowtracert is showing this

C:\>tracert http://www.yahoo.com

Tracing route to http://www.yahoo-ht3.akadns.net [87.248.113.14]
over a maximum of 30 hops:

1 66 ms 38 ms 52 ms 10.150.0.1
2 25 ms 36 ms 47 ms 210.18.132.249
3 35 ms 56 ms * 192.168.27.2
4 * 21 ms 26 ms 203.101.94.197
5 46 ms 61 ms 66 ms 125.21.167.29
6 232 ms 241 ms 240 ms pal2-bharti-2.pal.seabone.net [195.22.197.121]
7 217 ms 259 ms * telia-1-se-decix.fra.seabone.net [195.22.211.110
]
8 211 ms 237 ms 234 ms ffm-bb1-link.telia.net [80.91.249.138]
9 264 ms * 288 ms prs-bb1-link.telia.net [80.91.248.69]
10 227 ms 252 ms 229 ms ldn-bb1-link.telia.net [80.91.254.208]
11 236 ms 244 ms 255 ms dln-b1-link.telia.net [80.91.251.50]
12 235 ms 265 ms 233 ms yahoo-115023-dln-b1.c.telia.net [213.155.141.182
]
13 229 ms 262 ms 275 ms ge-1-3.bas-b1.ird.yahoo.com [87.248.101.5]
14 275 ms 285 ms 265 ms f1.us.http://www.vip.ird.yahoo.com [87.248.113.14]

Trace complete.

C:\>

Posted: Mon Jun 09, 2008 1:19 am
by trogers
It could be that your comp is being affected by electrical interference given out by some devices.

Turn off power to all other devices in the room except your comp, monitor, keyboard and modem. Then do another tracert to see if ping times at hop 1 are high. Make sure you do not coil up any signal or power cables.

Posted: Mon Jun 09, 2008 3:14 am
by moksh_rishu
C:\>tracert http://www.yahoo.com

Tracing route to http://www.yahoo-ht3.akadns.net [87.248.113.14]
over a maximum of 30 hops:

1 11 ms 27 ms 11 ms 10.150.0.1
2 50 ms 62 ms 11 ms 210.18.132.249
3 23 ms 52 ms 22 ms 192.168.27.2
4 13 ms 43 ms 23 ms 203.101.94.197
5 54 ms 38 ms 40 ms 125.21.167.29
6 292 ms 317 ms 310 ms pal2-bharti-2.pal.seabone.net [195.22.197.121]
7 225 ms 263 ms 239 ms telia-1-se-decix.fra.seabone.net [195.22.211.110
]
8 316 ms 290 ms 306 ms ffm-bb2-link.telia.net [80.91.254.42]
9 293 ms 304 ms 334 ms prs-bb1-link.telia.net [80.91.249.45]
10 224 ms 236 ms 242 ms ldn-bb2-pos7-0-0.telia.net [213.248.65.113]
11 258 ms 233 ms 226 ms dln-b1-link.telia.net [80.91.250.85]
12 255 ms 268 ms 237 ms yahoo-115023-dln-b1.c.telia.net [213.155.141.182
]
13 258 ms 271 ms 247 ms ge-1-1.bas-b2.ird.yahoo.com [87.248.101.3]
14 265 ms 247 ms 262 ms f1.us.http://www.vip.ird.yahoo.com [87.248.113.14]

Trace complete.

C:\>

Posted: Mon Jun 09, 2008 9:56 am
by trogers
moksh_rishu wrote:C:\>tracert http://www.yahoo.com

Tracing route to http://www.yahoo-ht3.akadns.net [87.248.113.14]
over a maximum of 30 hops:

1 11 ms 27 ms 11 ms 10.150.0.1
2 50 ms 62 ms 11 ms 210.18.132.249
3 23 ms 52 ms 22 ms 192.168.27.2
4 13 ms 43 ms 23 ms 203.101.94.197
5 54 ms 38 ms 40 ms 125.21.167.29
6 292 ms 317 ms 310 ms pal2-bharti-2.pal.seabone.net [195.22.197.121]
7 225 ms 263 ms 239 ms telia-1-se-decix.fra.seabone.net [195.22.211.110
]
8 316 ms 290 ms 306 ms ffm-bb2-link.telia.net [80.91.254.42]
9 293 ms 304 ms 334 ms prs-bb1-link.telia.net [80.91.249.45]
10 224 ms 236 ms 242 ms ldn-bb2-pos7-0-0.telia.net [213.248.65.113]
11 258 ms 233 ms 226 ms dln-b1-link.telia.net [80.91.250.85]
12 255 ms 268 ms 237 ms yahoo-115023-dln-b1.c.telia.net [213.155.141.182
]
13 258 ms 271 ms 247 ms ge-1-1.bas-b2.ird.yahoo.com [87.248.101.3]
14 265 ms 247 ms 262 ms f1.us.http://www.vip.ird.yahoo.com [87.248.113.14]

Trace complete.

C:\>
If you comp near to a window air-con unit or a refridgerator?

Posted: Mon Jun 09, 2008 11:06 am
by moksh_rishu
nop

Posted: Mon Jun 09, 2008 11:37 am
by trogers
Download and run Hijackthis and post the log.

Posted: Mon Jun 09, 2008 12:07 pm
by moksh_rishu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:13 PM, on 6/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Backup\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6008F8AD-D468-403C-89B7-91D8B0ED4072}: NameServer = 202.88.130.15,202.88.130.67
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 5903 bytes

Posted: Mon Jun 09, 2008 1:03 pm
by trogers
moksh_rishu wrote: O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 5903 bytes
Use Hijackthis to fix the items with (file missing). Then clean comp with CCleaner and reboot and do another Hijackthis log.

Posted: Tue Jun 10, 2008 1:08 am
by moksh_rishu
tell me how to clean this files

using Hijakthis, i followed these steps

Hijakthis ---> do the system scan & save log file ----->check the check box all those showing file missing ---> Fix checked

clean registry using cleaner ----> Restart my com


After then Hijackthis is showing those fill is still missing , i a posting New Hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:51 AM, on 6/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Backup\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6008F8AD-D468-403C-89B7-91D8B0ED4072}: NameServer = 202.88.130.15,202.88.130.67
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 6334 bytes

Posted: Tue Jun 10, 2008 1:11 am
by moksh_rishu
i dont have Ups,
in the last line this is showing File missing

Posted: Tue Jun 10, 2008 1:24 am
by moksh_rishu
now speed test is showing


Image

Posted: Tue Jun 10, 2008 1:42 am
by Rollingstone
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
Uninstall Uniblue.
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited