| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 98241 | 2009-03-16 21:01:00 | Do these netstat result explain my problem? | chermesh (4253) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 757085 | 2009-03-16 21:01:00 | Hi, My WinXP Pro (SP3) is connected to the net via cables, bandwidth - 1.5 MB. Surfing is very slow. I called for my provider and support instructed me to do the following: 1. Start with a clean system, connected to the net, no browser active 2. Adding one IE connection, following one www.google.com run 3. Adding one more IE connection, following two www.google.com runs 4. Adding one more IE connection, following three www.google.com runs Since my IE connections created many established TCP connections, the tech support concluded that something, maybe spyware, may be causing the slowness of my connection. I ran a set of spyware checkups, and my system seems to be clean. Is there a problem with the number of established connections? If so, what may cause these results? If so, what should I do? Enclosed - 4 sets of logs, following the four tests mentioned above: Net connection. No IE Active Connections Proto Local Address Foreign Address State PID TCP 84.228.167.42:1049 212.47.219.89:80 TIME_WAIT 0 TCP 84.228.167.42:1052 212.199.223.200:80 TIME_WAIT 0 TCP 84.228.167.42:1056 65.55.184.157:80 TIME_WAIT 0 TCP 127.0.0.1:1050 127.0.0.1:1110 TIME_WAIT 0 Net connection. One IE Active Connections Proto Local Address Foreign Address State PID TCP 84.228.167.42:1060 74.125.39.103:80 ESTABLISHED 2008 [System] TCP 84.228.167.42:1063 74.125.39.99:80 ESTABLISHED 2008 [System] TCP 84.228.167.42:1066 74.125.39.100:80 ESTABLISHED 2008 [System] TCP 127.0.0.1:1058 127.0.0.1:1110 ESTABLISHED 4064 [iexplore.exe] TCP 127.0.0.1:1061 127.0.0.1:1110 ESTABLISHED 4064 [iexplore.exe] TCP 127.0.0.1:1064 127.0.0.1:1110 ESTABLISHED 4064 [iexplore.exe] TCP 127.0.0.1:1110 127.0.0.1:1064 ESTABLISHED 2008 [System] TCP 127.0.0.1:1110 127.0.0.1:1058 ESTABLISHED 2008 [System] TCP 127.0.0.1:1110 127.0.0.1:1061 ESTABLISHED 2008 [System] TCP 84.228.167.42:1049 212.47.219.89:80 TIME_WAIT 0 TCP 84.228.167.42:1052 212.199.223.200:80 TIME_WAIT 0 TCP 84.228.167.42:1056 65.55.184.157:80 TIME_WAIT 0 TCP 127.0.0.1:1050 127.0.0.1:1110 TIME_WAIT 0 Net connection. Two IE Active Connections Proto Local Address Foreign Address State PID TCP 84.228.167.42:1060 74.125.39.103:80 ESTABLISHED 2008 [System] TCP 84.228.167.42:1063 74.125.39.99:80 ESTABLISHED 2008 [System] TCP 84.228.167.42:1066 74.125.39.100:80 ESTABLISHED 2008 [System] TCP 84.228.167.42:1070 74.125.39.103:80 ESTABLISHED 2008 [System] TCP 84.228.167.42:1073 209.85.129.104:80 ESTABLISHED 2008 [System] TCP 84.228.167.42:1076 74.125.39.102:80 ESTABLISHED 2008 [System] TCP 127.0.0.1:1058 127.0.0.1:1110 ESTABLISHED 4064 [iexplore.exe] TCP 127.0.0.1:1061 127.0.0.1:1110 ESTABLISHED 4064 [iexplore.exe] TCP 127.0.0.1:1064 127.0.0.1:1110 ESTABLISHED 4064 [iexplore.exe] TCP 127.0.0.1:1068 127.0.0.1:1110 ESTABLISHED 356 [iexplore.exe] TCP 127.0.0.1:1071 127.0.0.1:1110 ESTABLISHED 356 [iexplore.exe] TCP 127.0.0.1:1074 127.0.0.1:1110 ESTABLISHED 356 [iexplore.exe] TCP 127.0.0.1:1110 127.0.0.1:1074 ESTABLISHED 2008 [System] TCP 127.0.0.1:1110 127.0.0.1:1068 ESTABLISHED 2008 [System] TCP 127.0.0.1:1110 127.0.0.1:1058 ESTABLISHED 2008 [System] TCP 127.0.0.1:1110 127.0.0.1:1071 ESTABLISHED 2008 [System] TCP 127.0.0.1:1110 127.0.0.1:1064 ESTABLISHED 2008 [System] TCP 127.0.0.1:1110 127.0.0.1:1061 ESTABLISHED 2008 [System] TCP 84.228.167.42:1056 65.55.184.157:80 TIME_WAIT 0 Net connection. Three IE Active Connections Proto Local Address Foreign Address State PID TCP 84.228.167.42:1070 74.125.39.103:80 ESTABLISHED 2008 [System] TCP 84.228.167.42:1073 209.85.129.104:80 ESTABLISHED 2008 [System] TCP 84.228.167.42:1076 74.125.39.102:80 ESTABLISHED 2008 [System] TCP 84.228.167.42:1080 74.125.39.103:80 ESTABLISHED 2008 [System] TCP 84.228.167.42:1083 74.125.39.101:80 ESTABLISHED 2008 [System] TCP 127.0.0.1:1068 127.0.0.1:1110 ESTABLISHED 356 [iexplore.exe] TCP 127.0.0.1:1071 127.0.0.1:1110 ESTABLISHED 356 [iexplore.exe] TCP 127.0.0.1:1074 127.0.0.1:1110 ESTABLISHED 356 [iexplore.exe] TCP 127.0.0.1:1078 127.0.0.1:1110 ESTABLISHED 3200 [iexplore.exe] TCP 127.0.0.1:1081 127.0.0.1:1110 ESTABLISHED 3200 [iexplore.exe] TCP 127.0.0.1:1110 127.0.0.1:1068 ESTABLISHED 2008 [System] TCP 127.0.0.1:1110 127.0.0.1:1074 ESTABLISHED 2008 [System] TCP 127.0.0.1:1110 127.0.0.1:1081 ESTABLISHED 2008 [System] TCP 127.0.0.1:1110 127.0.0.1:1078 ESTABLISHED 2008 [System] TCP 127.0.0.1:1110 127.0.0.1:1071 ESTABLISHED 2008 [System] |
chermesh (4253) | ||
| 757086 | 2009-03-16 22:58:00 | For any person that would like to help then read this first. pressf1.co.nz Looks like it's now SP3 |
Sweep (90) | ||
| 757087 | 2009-03-17 00:00:00 | For any person that would like to help then read this first. pressf1.co.nz Looks like it's now SP3 Although worth noting that thread is over three years old, so it may or may not be the same system. |
Erayd (23) | ||
| 757088 | 2009-03-17 02:56:00 | Yep. So your helpful advice is? |
Sweep (90) | ||
| 757089 | 2009-03-17 03:44:00 | chermesh: What tools have you used so far for "spyware checkups"? Cheers :) |
Renmoo (66) | ||
| 757090 | 2009-03-17 07:03:00 | chermesh: What tools have you used so far for "spyware checkups"? Cheers :) One, commercial - malwarebyte's antimalware and one free - hitman pro 2. The second invokes the following seven free services: prevx csi free, trend micro cwshredder 2.19, lavasoft ad-aware se personal 6.2, spybot search & destroy 1.6, webroot spy-sweeper, ewido antispyware micro, and sunbelt counterspy. |
chermesh (4253) | ||
| 757091 | 2009-03-17 07:06:00 | Post a hijackthis log, we'll see what thats got in it It's below, install it run it, then click on scan the system and save a log. Copy and paste the log here |
Speedy Gonzales (78) | ||
| 757092 | 2009-03-17 09:33:00 | Post a hijackthis log, we'll see what thats got in it It's below, install it run it, then click on scan the system and save a log. Copy and paste the log here Thanks. Ran Trojan Remover, which found nothing. Here're my HijackThis logs, first prior to Trojan Remover, the after cleaning: Pre-Clean Report ============= Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:12:31, on 17/03/2009 Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe C:\Program Files\Turtle Beach\AudioAdvantageAmigo\TBAA.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe C:\Program Files\cFosSpeed\cFosSpeed.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\012Net\012Net-Cable dialer\fwportal.exe C:\Program Files\012Net\012Net-Cable dialer\fts.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\ SearchPerks! Perk Counter\Bmbho.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\ SearchPerks! Perk Counter\Bmbho.dll O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Amigo] "C:\Program Files\Turtle Beach\AudioAdvantageAmigo\TBAA.exe" O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [%FP%012-L2TP FWPortal.exe] "C:\Program Files\012Net\012Net-Cable dialer\fwportal.exe" -no_dialog O4 - HKLM\..\Run: [%FP%012-L2TP fts.exe] "C:\Program Files\012Net\012Net-Cable dialer\fts.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - www.pcpitstop.com O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O17 - HKLM\System\CCS\Services\Tcpip\..\{C34FD4B1-4D50-4CC2-9E9A-EBD7FC98BABF}: NameServer = 80.179.52.100 80.179.55.100 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll,C:\PROGRA~1\KASP ER~1\KASPER~1.0\kloehk.dll,C:\PROGRA~1\KASPER~1\KA SPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mz vkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dl l,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 12236 bytes Post-Clean Report ============= Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:26:21, on 17/03/2009 Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe C:\Program Files\Turtle Beach\AudioAdvantageAmigo\TBAA.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe C:\Program Files\cFosSpeed\cFosSpeed.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\012Net\012Net-Cable dialer\fwportal.exe C:\Program Files\012Net\012Net-Cable dialer\fts.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Launchy\Launchy.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Locate\locate32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\ SearchPerks! Perk Counter\Bmbho.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461- 4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\ SearchPerks! Perk Counter\Bmbho.dll O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Amigo] "C:\Program Files\Turtle Beach\AudioAdvantageAmigo\TBAA.exe" O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe - AutoStart O4 - HKLM\..\Run: [%FP%012-L2TP FWPortal.exe] "C:\Program Files\012Net\012Net-Cable dialer\fwportal.exe" -no_dialog O4 - HKLM\..\Run: [%FP%012-L2TP fts.exe] "C:\Program Files\012Net\012Net-Cable dialer\fts.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB- 8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3- AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009 \SCIEPlgn.dll O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9- 9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1 \MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1 \SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4- A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - www.pcpitstop.com O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com 1219954026359 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com 1220082369750 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O17 - HKLM\System\CCS\Services\Tcpip\..\{C34FD4B1-4D50-4CC2-9E9A-EBD7FC98BABF}: NameServer = 80.179.52.100 80.179.55.100 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1 \COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll,C:\PROGRA~1\KASP ER~1 \KASPER~1.0\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER ~1 \mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3. dll,C:\PROGRA~1 \KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~ 1\KASPER~1\kloehk.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti -Malware\mbamservice.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 12359 bytes |
chermesh (4253) | ||
| 757093 | 2009-03-17 09:46:00 | Looks ok to me, but you can tick these entries, then tick fix checked Close browsers O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe If you dont use the language bar, you can tick these O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe If you didnt add these entries, tick them O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present Since you've installed trojan remover, select all options under the utilities menu as well Then reboot see if its any better |
Speedy Gonzales (78) | ||
| 757094 | 2009-03-17 12:14:00 | O3 - Toolbar: SearchPerks! Perk Counter - {2787EA8E-8D87-48af-88AD-B30246C917AB} - C:\Program Files\ SearchPerks! Perk Counter\Bmbho.dll |
apsattv (7406) | ||
| 1 2 | |||||