Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Slow Internet Speed

  • 15-06-2005 7:23am
    #1
    Chucky
    Closed Accounts Posts: 528 ✭✭✭


    Hey,

    I consider myself to be quite handy when it comes to a computer. Indeed I have battled many virus and spyware attacks on my PC in the past and have won. This time however, I am lost. My processor is running smoothly, but when i connect to the Internet the download rate is severely depleated. The only other difference I can notice is the dialup box that appears when you open IE. It takes much longer than usual to appear, as if something else is running in the meantime.


    Also, I am a very neat person and that's no different with my PC. I can confidently say that I know every directory on my PC and have a rough idea what it's for. I can find nothing out of the ordinary though in this case. I even did a search to find files created within the past few days that the problem has arisen and there is nothing malicious looking. The computer isn't downloading anything in the background according to the standard Windows download meter that appears on the bottom-right when connected.


    I use Éircom wireless broadband. I have updated virus checkers and anti-spyware programs and none can detect anything.


    I have pasted a copy of a Hijack-This log. i can't see anything unusual in it - Can anyone else?


    Logfile of HijackThis v1.99.0
    Scan saved at 07:16:41, on 15/06/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\WINDOWS\system32\cba\pds.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\system32\ams_ii\iao.exe
    C:\WINDOWS\system32\cba\xfr.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\bcmwltry.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijack This\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/kev_blighe/
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112887839638
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KB
    O17 - HKLM\Software\..\Telephony: DomainName = KB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B910DE65-1A1A-4C7F-A4FD-A95C9DB02877}: NameServer = 159.134.237.6 159.134.248.17
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KB
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
    O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
    O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
    O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\system32\IomegaAccess.exe
    O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) - Unknown - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe


Comments

  • #2
    odie
    Closed Accounts Posts: 364 ✭✭odie


    Download & Run Ewido security suite (14 day trial).....Update signature file before running

    Run it in Safe mode - It found everything that spyware and AV Progs could not on my PC and some others friends had issues with.

    Ewido can be found here - http://download.ewido.net/ewido-setup.exe

    Sig file here - http://download.ewido.net/ewido-signatures-full-20050615.exe


  • #3
    IDUBasher
    Closed Accounts Posts: 31 IDUBasher


    First suggestion, get firefox www.getfirefox.com is small, only 4.5mb if I recall and imo much better than IE.

    if you don't wanna do that,

    check under IE connection settings for the option "automatically discover proxy settings". I've seen this option add 20+ seconds to connecting to websites.


  • #4
    Chalk
    Registered Users, Registered Users 2 Posts: 3,317 ✭✭✭Chalk


    Chucky wrote:
    Logfile of HijackThis v1.99.0
    Scan saved at 07:16:41, on 15/06/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\system32\cba\pds.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    C:\WINDOWS\system32\ams_ii\iao.exe
    C:\WINDOWS\system32\cba\xfr.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\bcmwltry.exe

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KB
    O17 - HKLM\Software\..\Telephony: DomainName = KB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B910DE65-1A1A-4C7F-A4FD-A95C9DB02877}: NameServer = 159.134.237.6 159.134.248.17
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KB

    some of those i dont recognise,
    so id check them out if i were you,

    mainly what i see here is something thats changing your tcp/ip setup.
    id remove the ones in bold, unless they are specific network settings your supposed to use.
    and check your tcp/ip stack to make sure theres nothing unusual


  • #5
    Chucky
    Closed Accounts Posts: 528 ✭✭✭Chucky


    Chalk wrote:
    some of those i dont recognise,
    so id check them out if i were you,

    mainly what i see here is something thats changing your tcp/ip setup.
    id remove the ones in bold, unless they are specific network settings your supposed to use.
    and check your tcp/ip stack to make sure theres nothing unusual


    I was worried about them too but if I delete them they return at next startup. I looked up on the WWW about the registry path that they exist at and all forums say that they're normal. It's used by the ISP. However, I was slightly worried that...ok, you know the way I said that when I open IE the dial-up box takes a while to load? I was worried that something was altering where i was actually dialing to....


    ...ye all remember that case a while ago in England about the guy whose connection was hijacked and each time he dialed in he was connecting to some African nation.


    Firefox - I downloaded it and never liked it. I've been using IE all my life. But believe me, if Firefox sorted my problem I'd be using it :)


    I'll try the Ewido Security Suite later tonight because right now, i'm late for work :)


    Thanks guys, really appreciate the responses.


  • #6
    Cabaal
    Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 28,501 Mod ✭✭✭✭Cabaal


    Chucky wrote:
    Firefox - I downloaded it and never liked it. I've been using IE all my life. But believe me, if Firefox sorted my problem I'd be using it :)

    The chances of your pc having spyware/adware installed while browsing would be far less if you used a better browser,


  • Advertisement
  • #7
    lampsie
    Registered Users, Registered Users 2 Posts: 336 ✭✭lampsie


    you've probably done is already, tried firing up 'msconfig' and looking for odd startup programs?

    - lampsie


  • #8
    dark_prince
    Registered Users Posts: 15 dark_prince


    You said you were using eircom broadband, so modem hijacking would not be an issue as this only happens on dial-up where you physically dial a number to connect and the programs were changing this number to premium numbers in random countries


  • #9
    AdMMM
    Registered Users, Registered Users 2 Posts: 9,472 ✭✭✭AdMMM


    In your internet options check the option "Never Dial A Default Connection". This means you won't have your dial up prompt popping up. Might not be fixing the problem, more like sweeping it under the carpet...


  • #10
    Chucky
    Closed Accounts Posts: 528 ✭✭✭Chucky


    I got the problem sorted. I'm not sure what fixed it exactly. I was running Ewido and it was finding some viruses in the Windows directories but at the same time I was fiddling with the firewall settings. I'm not sure which improved the Internet speed but in any case it's back to normal.

    Case closed.

    Thanks lads :)


Advertisement