Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

internet sluggish, please check my HJT log


  • Please log in to reply

#1
Helen DC

Helen DC

    New Member

  • Member
  • Pip
  • 1 posts
Dear all,

I have experienced sluggish internet browsing for the past week, although my computer is fast for the rest.I went through a whole battery of malware and spyware removal programs, but the problem persists. Yet, the programs found over 30 malware and spyware programs.
Below I past the HJT log, and also the panda online antivirus scan report (which pointed out aports as a possible threat). I also have the super anti-spyware log, which I paste underneath, which might also be useful.

Thank you in advance,
Helen

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:59, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\jvdsmedt\Desktop\kevin\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.UGent.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.UGent.be
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = UGent.be
O17 - HKLM\Software\..\Telephony: DomainName = UGent.be
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = UGent.be
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = UGent.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = UGent.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = UGent.be
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = UGent.be
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe

--
End of file - 7527 bytes
Here's what I got from Panda:
Export to:
Threats with free disinfection (0)
Only available for registered users.
Register free - I'm registered
Threats disinfected with the paid version (1)
Low danger level (1)
Application/Ni... Tracking Application
Latent
Hide + Info
1. C:\WINDOWS\system32\nircmdc.exe
Only available in paid version.
Buy - I am a client
Suspicious files (1)
C:\WINDOWS\system32\aports.exe

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/05/2008 at 10:58 AM
Application Version : 4.15.1000
Core Rules Database Version : 3497
Trace Rules Database Version: 1488
Scan type : Complete Scan
Total Scan Time : 00:23:21
Memory items scanned : 364
Memory threats detected : 0
Registry items scanned : 5341
Registry threats detected : 0
File items scanned : 20707
File threats detected : 0
Adwar.Tracking Cookie
.tribalfusion.com [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP