Slow Internet Speed - Suspected Trojan

I have 128/64 ADSL and have been getting speeds from 32-112 depending upon the test. The phone company sent a technician with his laptop and he is able to get a 132 speed from his machine using my modem consistently and has indicated that I may have malware causing my problem. I have two computers on LAN. When I connect either computer individually directly through modem I have same speed problem on each computer which indicates both machines have same problem. I have run/installed Spybot S&D, Ad-Aware SE, Spysubtract, Spywareblaster, Nod32, Zone Alarm Pro.

When I run Ad-Aware, Nod 32 displayes the following warnings:
File: C:\DOCUME~1\.....\Mein.class
Threat: Java/Exploit.Bytverify.I trojan
File: C:\DOCUME~1...\ProbeLoader.class
Threat: Java/Exploit.Bytverify.I trojan
File: C:\DOCUME~1...\Dummy.class
Threat: Java/Exploit.Bytverify.I trojan
File: C:\DOCUME~1...\Beyond.class
Threat: Java/TrojanDownloader.Beyond.D trojan
File: C:\DOCUME~1...\GetAccess.class
Threat: Java/Exploit.Bytverify.F trojan
File: C:\DOCUME~1...\InsecureClassLoader.class trojan
Threat: Java/Exploit.Bytverify.F trojan
File: C:\DOCUME~1...\Dummy.class
Threat: JS/IEStart trojan
File: C:\DOCUME~1...\Installer.class
Threat: Java/OpenConnection.F trojan

Event occured on a new file created by Ad-Aware.exe
The file has been moved to quarantine.

Please advise!

Edit by chaslang: Unrequested inline log removed

 

chaslang, thank you for helping me.

System Restore is disabled.

None of these services were running, so no action taken: Network Security, Workstation Netlogon Services & Remote Procedure Call (RPC) Helper

Hidden files are set to view

I was able to download all the tools, install and update when directed.

After Boot to Safe Mode

Trend Virus Scan detected two virus and fixed.
HTML_MHTREDIR.AP C:\RECYCLERS
JAVA_BYTEVER.A C:\RECYCLERS

I could not get Symantic Security Check to run. Only a blank screen would open when the scan was initated. I tried several times. Sometimes, after 5-10 min a message would be displayed saying that ZoneAlrarm had shut down my internet activity because of a security threat. This is in safe mode, and zonealarm should not be loaded. Also, after each attempt I would have to reboot because the internet would stop working.

Ran McAfee Avert Stinger, no virus found.

I ran all the other tools
hsremove said it found 8 and removed.
Spybot found a toolbar item and one other and fixed them.
Ad-Aware and others indicated nothing found.
CC Cleaner was run.

Closed open programs and also ended non-essential processes.
Ran HiJack this from root folder, attacked log.


Hope I haven't missed anything.

After reboot, I ran internet speed test and was able to get 101-124 speed which may be some improvement. This is the test the telephone company pulled 132 consistently on yesterday.

In the other test I have been running, I am getting 30-80 which may be a little improvement also.

 

I was able to do the Symantic Security Check and found no threats. I did not run it in Safe Mode, and I used a different address than the one in your link.

http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=23&pkj=VKWSYNBRFNJSVSTIVVB

For some reason, the one in you link still will not run.

Also, I did a virus scan and found no threats.

 

chaslang,
Again thank you for helping me.

I followed your suggestions for fixing and removing programs.

I did a speed test and am still getting 80-112. I needed your help to rule out that it is not a virus causing my speed problems. It seemed odd to me that both computers on the LAN would have the same speed problems. There has been some improvement. I do not have to click my email more than once to get it now and I can watch a small video on a news site, so maybe I did get some small viri and I can live with it like it is if I have to.

I will call the telephone technician and direct him to this thread and see what they have to say. I had told them Friday that I would do this and the technician thought this was a good step. They said they are willing to work with me to get the problem solved.

If you would like, I could post a follow-up if I am able to get a solution. This could be useful to you for similar problems.

Again, thanks for helping.

Jazper

 

Today, I am able to get the proper speed. The two tests I have been running have been giving me 132/134 consistently. This is the first time this has occured since I started checking two weeks ago.

I can not explain why I did not see these results yesterday. Perhaps there is some healing windows does on its own that occured overnight.

I know there is some variation in the internet, but I doubt this can account for the improvement.

I did try disabling Zonealarm and my antivirus and noted no difference.

This is good news, and I thought you would like to know.