I have experienced sluggish internet browsing for the past week, although my computer is fast for the rest.I went through a whole battery of malware and spyware removal programs, but the problem persists. Yet, the programs found over 30 malware and spyware programs.
Below I past the HJT log, and also the panda online antivirus scan report (which pointed out aports as a possible threat). I also have the super anti-spyware log, which I paste underneath, which might also be useful.
Thank you in advance,
Helen
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:59, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\jvdsmedt\Desktop\kevin\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.UGent.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.UGent.be
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = UGent.be
O17 - HKLM\Software\..\Telephony: DomainName = UGent.be
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = UGent.be
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = UGent.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = UGent.be
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = UGent.be
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = UGent.be
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
--
End of file - 7527 bytes
Here's what I got from Panda:
Export to:
Threats with free disinfection (0)
Only available for registered users.
Register free - I'm registered
Threats disinfected with the paid version (1)
Low danger level (1)
Application/Ni... Tracking Application
Latent
Hide + Info
1. C:\WINDOWS\system32\nircmdc.exe
Only available in paid version.
Buy - I am a client
Suspicious files (1)
C:\WINDOWS\system32\aports.exe
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/05/2008 at 10:58 AM
Application Version : 4.15.1000
Core Rules Database Version : 3497
Trace Rules Database Version: 1488
Scan type : Complete Scan
Total Scan Time : 00:23:21
Memory items scanned : 364
Memory threats detected : 0
Registry items scanned : 5341
Registry threats detected : 0
File items scanned : 20707
File threats detected : 0
Adwar.Tracking Cookie
.tribalfusion.com [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\jvdsmedt\Application Data\Mozilla\Firefox\Profiles\ndccuxwl.default\cookies.txt ]