zinjin
10-06-05, 10:58 PM
I have spent a total of 2 weeks dabbling at trying to fix a problem:
I average 14,000ms pings on 3 different online games. My internet speed
is severely slow, averaging 800kbs. I am currently using the 5mb download service from Charter.
Upon doing a netstat -a in my cmd screen, I found a listing for 23 ports open,
12 of which are active. It is established that this is my problem. No one can come up with a fix that I havn't tried, so I humbly offer my problem to this forum in hopes I can end this nightmare.
I have ran 4 types of spyware programs, 2 anti-virus programs but to no avail. My computer scans as clean everytime. I upgraded ZoneAlarm firewall to enable blocking some of the ports, but they are still active.
Here is the netstat -a screen: (My local address has been x'd out btw)
=========================================================
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Ryan>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP xxx:epmap xxx :0 LISTENING
TCP xxx:microsoft-ds xxx:0 LISTENING
TCP xxx:netbios-ssn xxx:0 LISTENING
TCP xxx:1025 xxx:0 LISTENING
TCP xxx:1025 localhost:1035 ESTABLISHED
TCP xxx:1026 xxx:0 LISTENING
TCP xxx:1026 localhost:1033 ESTABLISHED
TCP xxx:1026 localhost:1034 ESTABLISHED
TCP xxx:1031 xxx:0 LISTENING
TCP xxx:1033 localhost:1026 ESTABLISHED
TCP xxx:1034 localhost:1026 ESTABLISHED
TCP xxx:1035 localhost:1025 ESTABLISHED
UDP xxx:microsoft-ds *:*
UDP xxx:isakmp *:*
UDP xxx:1027 *:*
UDP xxx:1205 *:*
UDP xxx:1534 *:*
UDP xxx:4500 *:*
UDP xxx:ntp *:*
UDP xxx:netbios-ns *:*
UDP xxx:netbios-dgm *:*
UDP xxx:ntp *:*
UDP xxx:1377 *:*
C:\Documents and Settings\Ryan>
==========================================================
So, is this a spyware problem? Am I being attacked by a hacker? I don't know enough about computers to take this information and find a fix for it on my own. I have included a log of HIJACKTHIS at the bottom of this post if it might come in helpful.
For the love of GOD, someone who possesses the wisdom to fix this PLEASE impart it upon me!
Thanks guys,
-Ryan
==========================================================
Logfile of HijackThis v1.99.1
Scan saved at 10:55:01 PM, on 10/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Drivers\Audigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Microsoft Anti-Spyware\gcasServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\AVG\avgcc.exe
D:\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\Drivers\Creative MediaSource\Go\CTCMSGo.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\Drivers\Logitech\SetPoint\SetPoint.exe
D:\WinZip\WZQKPICK.EXE
D:\Microsoft Anti-Spyware\gcasDtServ.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\AVG\avgamsvr.exe
D:\AVG\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
D:\ZoneAlarm\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Drivers\Audigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [gcasServ] "D:\Microsoft Anti-Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] D:\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] D:\ZoneAlarm\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Drivers\Creative MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Drivers\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125615833375
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\AVG\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
==========================================================
I average 14,000ms pings on 3 different online games. My internet speed
is severely slow, averaging 800kbs. I am currently using the 5mb download service from Charter.
Upon doing a netstat -a in my cmd screen, I found a listing for 23 ports open,
12 of which are active. It is established that this is my problem. No one can come up with a fix that I havn't tried, so I humbly offer my problem to this forum in hopes I can end this nightmare.
I have ran 4 types of spyware programs, 2 anti-virus programs but to no avail. My computer scans as clean everytime. I upgraded ZoneAlarm firewall to enable blocking some of the ports, but they are still active.
Here is the netstat -a screen: (My local address has been x'd out btw)
=========================================================
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Ryan>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP xxx:epmap xxx :0 LISTENING
TCP xxx:microsoft-ds xxx:0 LISTENING
TCP xxx:netbios-ssn xxx:0 LISTENING
TCP xxx:1025 xxx:0 LISTENING
TCP xxx:1025 localhost:1035 ESTABLISHED
TCP xxx:1026 xxx:0 LISTENING
TCP xxx:1026 localhost:1033 ESTABLISHED
TCP xxx:1026 localhost:1034 ESTABLISHED
TCP xxx:1031 xxx:0 LISTENING
TCP xxx:1033 localhost:1026 ESTABLISHED
TCP xxx:1034 localhost:1026 ESTABLISHED
TCP xxx:1035 localhost:1025 ESTABLISHED
UDP xxx:microsoft-ds *:*
UDP xxx:isakmp *:*
UDP xxx:1027 *:*
UDP xxx:1205 *:*
UDP xxx:1534 *:*
UDP xxx:4500 *:*
UDP xxx:ntp *:*
UDP xxx:netbios-ns *:*
UDP xxx:netbios-dgm *:*
UDP xxx:ntp *:*
UDP xxx:1377 *:*
C:\Documents and Settings\Ryan>
==========================================================
So, is this a spyware problem? Am I being attacked by a hacker? I don't know enough about computers to take this information and find a fix for it on my own. I have included a log of HIJACKTHIS at the bottom of this post if it might come in helpful.
For the love of GOD, someone who possesses the wisdom to fix this PLEASE impart it upon me!
Thanks guys,
-Ryan
==========================================================
Logfile of HijackThis v1.99.1
Scan saved at 10:55:01 PM, on 10/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Drivers\Audigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Microsoft Anti-Spyware\gcasServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\AVG\avgcc.exe
D:\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\Drivers\Creative MediaSource\Go\CTCMSGo.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\Drivers\Logitech\SetPoint\SetPoint.exe
D:\WinZip\WZQKPICK.EXE
D:\Microsoft Anti-Spyware\gcasDtServ.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\AVG\avgamsvr.exe
D:\AVG\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
D:\ZoneAlarm\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Drivers\Audigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [gcasServ] "D:\Microsoft Anti-Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] D:\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] D:\ZoneAlarm\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Drivers\Creative MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Drivers\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125615833375
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\AVG\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
==========================================================