0

I am having problems with my computer; my internet is almost at a stand still. I was downloading at 40KB/sec (which is pretty pathetic) and now I am 15KB/sec. I dont know if it is something on my computer or just my computer itself. Anyways here is my hijack log and Malwarebyte's log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:36 AM, on 3/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60282
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Shortcut to Reader SpeedUp.lnk = C:\Documents and Settings\Ana@\Desktop\Reader SpeedUp.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142800852734
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7179 bytes

And the Malwarebyte log:

Malwarebytes' Anti-Malware 1.34
Database version: 1820
Windows 5.1.2600 Service Pack 2

3/5/2009 5:48:29 AM
mbam-log-2009-03-05 (05-48-29).txt

Scan type: Full Scan (A:\|C:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 149842
Time elapsed: 44 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

The Microsoft Malware and ESET Online Scanner came up with nothing. Also, I had a couple of programs that wouldn't come off in the Add/Remove; a Yahoo toolbar and Dogz 5 (?) its something I downloaded a looooong time ago. Is there a program that can take those off? Thanks a bunch!

2
Contributors
8
Replies
9
Views
8 Years
Discussion Span
Last Post by jholland1964
0

I was just wondering if anyone had a chance to look at my log or if it is ok... Let me know!

0

Are you on dial up? I see you are running Avira antivirus which is good and you are also running McAfee Site Advisor. Good program basically but it does come with some slow down issues as it has to retrieve information about every webpage you access, or every link in the search results on your Google, MSN, AOL searches. If you have a fast PC and a very fast Internet connection, 4Mbits or faster, then it won't be too noticeable. But if you connection is normally a slow this will slow surfing more. if your PC is not fast enough and/or your broadband connection is also not fast enough, or you are on a dialup connection, then Site Advisor could be the cause. You might try disabling it and see if it makes a difference.

0

Well I am on a DSL line and I have noticed it pauses for a few seconds when I am searching something, which is fine, but that wouldnt affect my downloading ability would it? I did a bandwith test and it says my DL speed is 448K and upload is 212K. I also think that issue might have been the wireless router we were using; I disabled that and cut off my boyfriend's net to his laptop and it boosted up to where it used to run at. Also, his was running at 250K/sec when mine was shut down. He is on his way to take it back, but what can I do to boost my downloading time? Is there something I can upgrade in my computer? I thought 40-50 was ok, until I saw his running at 400K on his friend's wireless. Anyways, I know I know wrong forum, but trying to get some extra info while I wait for my hijack log to be looked at :)

0

No, you are in the right forum if you want your log read, I will do that, just needed answers to those questions.

0

I really see nothing in your HJT log that indicates infection. Though your MBA-M did find Vundo Trojan and removed it.
I would advise that you also run ESET Online Scanner.
* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us.

0

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3916 (20090307)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=9c4bd34cd5cafb4c831364bb2e9b9b7a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-07 08:07:17
# local_time=2009-03-07 02:07:17 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=284314
# found=0

0

Ok, looks like the computer is clean. You came here because your computer was running slow and wondered if you began in the right place, yes you did. The right thing to do first is be sure the computer is clean and now it appears by your logs that it is.

That said, first thing I have to say is you really cannot assume because another computer on your connection is very fast that all computers on that hook up will be fast, because they won't be, UNLESS they are absolutely IDENTICAL computers..with all hardware identical, all software identical and all set to run exactly the same way, all security programs identical, all internet surfing and program use is identical, exactly same hours online identical. Occasionally this will be the case, if both are purchased together and set up that way, but most of the time this just won't be the case. Identical twins have some differences even if they cannot be seen.
Now let's see if we can speed this up. You have all ready discovered there were some problems with the router, that would have been my next suggestion for checking, and you have done that and things have improved some. So on to the next thing;
I mentioned the McAfee Site Advisor as a possibility of slow downs, yes it could even slow your downloads. This program is really unnecessary because both IE and also Firefox browsers check sites for you today. So I would advise you uninstall this. I would also say you should really think about trying Firefox. It is a more secure browser and tends to be somewhat faster, it is for me anyway.

What TIME of day are you downloading? Attempting downloads during peak hours of use can definitely slow downloads, because everybody else is online and also downloading. Try to download during "off hours" if possible. Generally peak hours are the evenings when everyone is home. If you can, try early morning to mid-afternoon or late at night and see if this helps.

One thing about slow downloading...what ELSE are you doing when downloading something? This alone can certainly slow downloads. If you are downloading something, then just download, don't be checking mail, surfing around, typing a letter, editing photos, etc. All this can slow the downloads.

Check out your computer specs.

Check the properties of the hard drive drive. Double Click My Computer. Right Click "C" drive and choose properties. See how full it is. Your hard drive should really have a minimum of 15 to 20% free space, anything less and the computer slows because it has no "working space" left. You know yourself it is very hard to work in small room with a crowd of people. Same way with the hard drive. If it is getting too full then you should remove things to make more space. If you have music or pictures on there and want to keep them, move them off to a cd or dvd and then delete them from the hard drive. Get rid of programs you don't use at all.
Check out how much RAM you have on the computer. XP really needs 256 MB of RAM to run easily. But that is just the operating system. You need more to run all the other programs without a slow down. At least 1GB of RAM is ideal, and a bit more if you can add it. Adding RAM is an inexpensive way to speed the computer.
XP swaps information from RAM to this temporary file and then pulls it back as needed. This can slow down your system. Having a large module of RAM will minimize the use of a paging file.

Next would be do a thorough clean up
. There is the built in Disk Cleanup on the computer, either use that or use a 3rd party program, ATFCleaner is an execellent one as is CCleaner.

Defrag your disk. As the computer is used files are opened and closed often. These files can be left in the wrong places to put it simply so when the computer needs to use a file again and it is not in the right place then it will have to look for it to use it and slow the computer. Keeping the computer low on fragmentation will help speed the computer. Now this need not be done often, every couple of months or so is usually enough. Use the built in defrag or use something like Auslogics Disk Defrag. Very small program, and defrags quickly. It is also a free program.

If none of this works then I would check with your ISP there may be something that they can tell you which would also speed things up.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.