Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Internet disconnects after few minutes

Started by faizan , Jan 18 2010 01:57 PM

  • This topic is locked This topic is locked
7 replies to this topic

#1 faizan

faizan

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 18 January 2010 - 01:57 PM

Hi there, My internet connections gets disconnected after few minutes of usage and does not connects untill i restart the computer again.
Here is the HJTLog file. Please provide me the solution . Thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:45 AM, on 1/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe
C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Documents and Settings\faiz\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe"
O4 - HKCU\..\Run: [cximddl] C:\WINDOWS\system32\ldfrmmd.exe
O4 - HKCU\..\Run: [qaswww] C:\WINDOWS\system32\jdsuml.exe
O4 - HKCU\..\Run: [qscmdll] C:\WINDOWS\system32\ssmcdsw.exe
O4 - HKCU\..\Run: [wiue32] C:\WINDOWS\system32\oissdmmp.exe
O4 - HKCU\..\Run: [aslcomm] C:\WINDOWS\system32\wallmsp.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\faiz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [pcfmssl] C:\WINDOWS\system32\dgcbkm.exe
O4 - HKCU\..\Run: [OpAgent] "C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\faiz\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B313AE1-530B-4DA9-9185-3423B4951FF5}: NameServer = 125.22.47.125,202.56.250.5
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe

--
End of file - 8104 bytes

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 January 2010 - 06:08 PM

Posted Image

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:

O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe"
O4 - HKCU\..\Run: [cximddl] C:\WINDOWS\system32\ldfrmmd.exe
O4 - HKCU\..\Run: [qaswww] C:\WINDOWS\system32\jdsuml.exe
O4 - HKCU\..\Run: [qscmdll] C:\WINDOWS\system32\ssmcdsw.exe
O4 - HKCU\..\Run: [wiue32] C:\WINDOWS\system32\oissdmmp.exe
O4 - HKCU\..\Run: [aslcomm] C:\WINDOWS\system32\wallmsp.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"


Delete these Files if listed:
C:\WINDOWS\system32\ldfrmmd.exe
C:\WINDOWS\system32\jdsuml.exe
C:\WINDOWS\system32\ssmcdsw.exe
C:\WINDOWS\system32\oissdmmp.exe

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Posted Image
  • Then click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste". .

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 faizan

faizan

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 19 January 2010 - 12:30 PM

Here is the scanned log after installing the spyware. I still experience the same problem Inter net gets disconnected soon within few minutes of system restart :-( Please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:58 PM, on 1/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Documents and Settings\faiz\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\faiz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [pcfmssl] C:\WINDOWS\system32\dgcbkm.exe
O4 - HKCU\..\Run: [OpAgent] "C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\faiz\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe

--
End of file - 7561 bytes

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 January 2010 - 03:45 PM

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Note: Combofix will run without the Recovery Console installed.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#5 faizan

faizan

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 20 January 2010 - 10:31 AM

:notworthy: :notworthy: :notworthy: :) My system is working very fine. I am finally able to connect to the internet uninterrupted :D
Here is the HJT Log file after doing all things you said

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:44 PM, on 1/20/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\faiz\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\faiz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OpAgent] "C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\faiz\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe

--
End of file - 7738 bytes

And here is the Combofix log

ComboFix 10-01-19.08 - faiz 01/20/2010 19:55:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1013.677 [GMT 5.5:30]
Running from: k:\internet disconnecting\ComboFix.exe
AV: avast! antivirus 4.7.892 [VPS 100119-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\FBStoolbar.exe
c:\recycler\S-1-5-21-0036413124-2198785251-598009797-1305
c:\recycler\S-1-5-21-0371973873-0134541462-894595050-5826
c:\recycler\S-1-5-21-0756647510-4733497887-985438874-5547
c:\recycler\S-1-5-21-0902717381-6475856964-823116004-9930
c:\recycler\S-1-5-21-1188511224-5765989413-567236655-8397
c:\recycler\S-1-5-21-1475679821-1486090594-349216509-4176
c:\recycler\S-1-5-21-1760146571-7891524893-605015658-8236
c:\recycler\S-1-5-21-1881462721-3171481404-209272556-8314
c:\recycler\S-1-5-21-2388297926-7664233182-316355007-1484
c:\recycler\S-1-5-21-2557095886-2943794936-020468363-0793
c:\recycler\S-1-5-21-2572027967-6524082233-963160664-6278
c:\recycler\S-1-5-21-2660077586-5203408895-512433912-6595
c:\recycler\S-1-5-21-2857270895-7571857465-903648018-6592
c:\recycler\S-1-5-21-3475240922-8809729230-840222013-2746
c:\recycler\S-1-5-21-3515319969-0491809717-058222706-2021
c:\recycler\S-1-5-21-3608913142-5797862186-396205686-4127
c:\recycler\S-1-5-21-3655340648-6887291978-543461993-9932
c:\recycler\S-1-5-21-4287215537-2800438992-248137271-1768
c:\recycler\S-1-5-21-4326104535-2398779745-613503242-4885
c:\recycler\S-1-5-21-4359647232-9706518534-239923114-3621
c:\recycler\S-1-5-21-4553129398-1058612975-663466665-2481
c:\recycler\S-1-5-21-5100398055-7129101052-918929207-6611
c:\recycler\S-1-5-21-5106151677-2564816449-832445556-9578
c:\recycler\S-1-5-21-5823766517-4738516779-829685161-4136
c:\recycler\S-1-5-21-5977349144-6592941356-513336675-2529
c:\recycler\S-1-5-21-6080218680-7489846788-807522780-0328
c:\recycler\S-1-5-21-6104704145-6091510568-538272345-2525
c:\recycler\S-1-5-21-6335501991-2637972747-386738682-6299
c:\recycler\S-1-5-21-6576490533-3726164308-563501468-9089
c:\recycler\S-1-5-21-6742201214-7812722932-375822300-1105
c:\recycler\S-1-5-21-6993537825-7962408319-321476519-2585
c:\recycler\S-1-5-21-7061407110-2370651009-565671451-8831
c:\recycler\S-1-5-21-7343754604-8601582449-553413535-0050
c:\recycler\S-1-5-21-7504024285-0434914668-303923961-8684
c:\recycler\S-1-5-21-7701808423-1234510384-040037747-2130
c:\recycler\S-1-5-21-8043549202-7176186224-563957894-6646
c:\recycler\S-1-5-21-8156550821-8821135870-954747628-8152
c:\recycler\S-1-5-21-8203260310-0410766140-135891233-5313
c:\recycler\S-1-5-21-8229728334-2771205797-930131798-8220
c:\recycler\S-1-5-21-8239232729-3725209508-125090894-0478
c:\recycler\S-1-5-21-8353286837-3342097134-122958329-9018
c:\recycler\S-1-5-21-8389624051-7206003433-920114537-1729
c:\recycler\S-1-5-21-8521862581-1385001106-979331164-1670
c:\recycler\S-1-5-21-8680032245-2382262597-647077466-1808
c:\recycler\S-1-5-21-8801744802-1647989828-001685409-4841
c:\recycler\S-1-5-21-9200036629-1650132648-875802229-4375
c:\recycler\S-1-5-21-9517982550-3687000662-909294747-3165
c:\recycler\S-1-5-21-9575609858-1104921301-370801479-2415
c:\recycler\S-1-5-21-9887058838-0441332138-407509201-1416
c:\recycler\S-1-5-21-9976565724-1984767263-052745165-2807
c:\windows\system32\dgcbkm.exe
c:\windows\system32\ssmcdsw.exe
c:\windows\system32\wallmsp.exe
c:\windows\unsqz.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.

2010-01-19 15:03 . 2010-01-19 15:03 -------- d-----w- c:\documents and settings\faiz\Application Data\Malwarebytes
2010-01-19 15:03 . 2010-01-07 10:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 15:03 . 2010-01-19 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 15:03 . 2010-01-19 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-19 15:03 . 2010-01-07 10:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 13:48 . 2010-01-19 14:01 -------- d-----w- c:\program files\Revit Architecture 2009
2010-01-18 19:37 . 2010-01-18 19:37 -------- d-----w- c:\program files\Trend Micro
2010-01-17 13:17 . 2010-01-05 18:02 85504 --sh--r- c:\documents and settings\Administrator\Application Data\phugna.exe
2010-01-16 14:27 . 2010-01-16 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-01-16 14:27 . 2010-01-16 14:27 -------- d-----w- c:\program files\Airtel
2010-01-16 14:14 . 2010-01-16 14:14 -------- d-----w- c:\windows\Sun
2010-01-16 14:12 . 2010-01-16 14:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-16 14:12 . 2010-01-16 14:12 -------- d-----w- c:\program files\Java
2010-01-12 15:02 . 2006-09-25 15:39 16352 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-12 15:02 . 2006-09-25 15:39 36176 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-12 15:02 . 2006-09-25 15:37 24560 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-12 15:02 . 2006-09-25 15:40 85952 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-12 15:02 . 2006-09-25 15:40 87424 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-12 15:02 . 2006-09-25 15:45 666240 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-12 15:02 . 2006-09-25 15:37 90112 ----a-w- c:\windows\system32\AVASTSS.scr
2010-01-12 15:02 . 2010-01-12 15:02 -------- d-----w- c:\program files\Alwil Software
2010-01-10 14:28 . 2010-01-10 14:28 -------- d-----w- c:\documents and settings\faiz\Application Data\Zeon
2010-01-10 13:35 . 2010-01-10 13:35 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\Architecture2010\9.0\1033\ResourceCache.dll
2010-01-10 13:32 . 2010-01-19 13:54 -------- d-----w- c:\program files\Autodesk Revit Architecture 2010
2010-01-10 13:18 . 2010-01-10 13:18 -------- d-----w- C:\Autodesk
2010-01-09 02:09 . 2010-01-19 18:17 514496 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-08 17:10 . 2010-01-19 17:19 -------- d-----w- c:\documents and settings\faiz\Application Data\Autodesk
2010-01-08 17:06 . 2010-01-19 17:19 -------- d-----w- c:\documents and settings\faiz\Local Settings\Application Data\Autodesk
2010-01-08 17:04 . 2010-01-19 14:00 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-08 17:02 . 2010-01-19 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-01-08 17:01 . 2010-01-10 13:24 -------- d-----w- c:\program files\Autodesk
2010-01-08 17:00 . 2008-07-31 05:11 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-01-08 17:00 . 2008-07-31 05:11 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-01-08 17:00 . 2008-07-31 05:10 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-01-08 17:00 . 2008-07-12 02:48 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-01-08 17:00 . 2008-07-12 02:48 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-01-08 17:00 . 2008-07-12 02:48 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-01-08 17:00 . 2007-05-16 11:15 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-01-08 17:00 . 2007-05-16 11:15 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-01-08 16:59 . 2010-01-08 16:59 -------- d-----w- c:\windows\Logs
2010-01-07 02:40 . 2010-01-07 02:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
2010-01-07 02:27 . 2010-01-07 02:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-05 18:02 . 2010-01-05 18:02 85504 --sh--r- c:\documents and settings\faiz\Application Data\phugna.exe
2010-01-01 19:25 . 2010-01-01 19:25 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-01 19:24 . 2010-01-01 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\zeon
2010-01-01 19:24 . 2010-01-01 19:24 -------- d-----w- c:\windows\system32\DocucomRes6
2010-01-01 19:23 . 2010-01-01 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-01-01 19:23 . 2010-01-01 19:23 -------- d-----w- c:\documents and settings\faiz\Application Data\ScanSoft
2010-01-01 19:23 . 2010-01-01 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-01-01 19:23 . 2010-01-01 19:23 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-01-01 19:22 . 2010-01-01 19:24 -------- d-----w- c:\program files\ScanSoft
2009-12-29 05:10 . 2009-12-29 05:10 -------- d-----w- C:\Mp3 Output
2009-12-29 05:10 . 2009-12-29 05:10 -------- d-----w- c:\program files\Smallvideosoft
2009-12-29 05:10 . 2009-06-08 10:03 8676883 ----a-w- c:\windows\system32\mp3Media2.dll
2009-12-29 04:43 . 2009-12-29 06:18 -------- d---a-w- C:\xampplite
2009-12-22 15:37 . 2009-12-22 15:37 -------- d-----w- c:\documents and settings\faiz\Application Data\Thinstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 18:48 . 2009-05-10 02:17 -------- d-----w- c:\documents and settings\faiz\Application Data\uTorrent
2010-01-18 18:41 . 2009-05-10 02:58 -------- d-----w- c:\program files\uTorrent
2010-01-18 16:52 . 2009-05-10 03:18 54872 ----a-w- c:\documents and settings\faiz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 14:27 . 2009-12-08 15:48 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-01-12 15:31 . 2009-06-09 15:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-10 13:30 . 2009-12-09 15:18 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-01-10 13:30 . 2009-12-09 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-10 13:29 . 2009-12-09 15:20 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-01-10 13:28 . 2009-12-09 15:20 -------- d-----w- c:\program files\Microsoft.NET
2010-01-10 12:56 . 2009-05-15 14:09 -------- d-----w- c:\program files\Valve
2010-01-10 12:49 . 2009-12-09 15:34 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-10 12:40 . 2009-12-09 15:16 -------- d-----w- c:\program files\MSBuild
2010-01-08 17:08 . 2009-12-20 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-07 18:11 . 2009-06-24 18:35 41 ----a-w- C:\shtdown.bat
2010-01-01 19:23 . 2009-05-10 04:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-23 15:27 . 2009-12-14 09:45 20512 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-20 14:22 . 2009-12-20 14:22 -------- d-----w- c:\program files\QuickTime
2009-12-20 14:22 . 2009-12-20 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-20 14:21 . 2009-12-20 14:21 -------- d-----w- c:\program files\Common Files\Apple
2009-12-20 14:21 . 2009-12-20 14:21 -------- d-----w- c:\program files\Apple Software Update
2009-12-20 14:21 . 2009-12-20 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-20 13:23 . 2009-05-10 06:10 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-20 13:14 . 2009-12-20 13:14 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-20 10:56 . 2009-12-20 10:56 -------- d-----w- c:\program files\Adobe Media Player
2009-12-20 10:53 . 2009-12-20 10:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-18 19:35 . 2009-05-10 01:22 -------- d-----w- c:\program files\Google
2009-12-18 14:33 . 2009-12-18 14:33 1078 ----a-r- c:\documents and settings\faiz\Application Data\Microsoft\Installer\{6624A46E-1215-4525-A7BB-237B6C877EA9}\_235022ee.exe
2009-12-18 14:33 . 2009-12-18 14:33 1078 ----a-r- c:\documents and settings\faiz\Application Data\Microsoft\Installer\{6624A46E-1215-4525-A7BB-237B6C877EA9}\_120759a.exe
2009-12-18 14:33 . 2009-12-18 14:32 -------- d-----w- c:\program files\e-Speaking
2009-12-17 01:22 . 2009-12-17 01:22 10240 ----a-w- c:\documents and settings\faiz\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-12-12 19:19 . 2009-12-12 19:19 44544 --sh--r- c:\windows\system32\oissdmmp.exe
2009-12-09 15:44 . 2009-12-09 15:29 2060128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-12-09 15:33 . 2009-12-09 15:33 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-12-09 15:32 . 2009-12-09 15:32 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-12-09 15:32 . 2009-12-09 15:32 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-09 15:29 . 2009-12-09 15:29 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-12-09 15:20 . 2009-12-09 15:20 -------- d-----w- c:\program files\Microsoft SDKs
2009-12-09 15:18 . 2009-12-09 15:18 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-12-09 15:16 . 2009-12-09 15:16 -------- d-----w- c:\program files\Reference Assemblies
2009-11-24 16:42 . 2009-11-24 16:42 -------- d-----w- c:\documents and settings\faiz\Application Data\Resource Tuner
2009-11-24 16:42 . 2009-11-24 16:41 -------- d-----w- c:\program files\Resource Tuner
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-10 39408]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 3810544]
"Google Update"="c:\documents and settings\faiz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-17 135664]
"OpAgent"="c:\program files\ScanSoft\OmniPage15.0\OpAgent.exe" [2005-09-26 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nxpclient"="c:\program files\Airtel\NetXpert\bin\sprtcmd.exe" [2009-09-09 202016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-01 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\faiz\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Google Talk, Labs Edition.lnk - c:\documents and settings\faiz\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-6-24 94704]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Scheduler for OEM.lnk - c:\program files\honestech\honestech TVR\scheduleTV.exe [2009-6-5 307200]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\faiz\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=

R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [6/5/2009 5:53 PM 279552]
R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);c:\program files\Airtel\NetXpert\bin\sprtsvc.exe [1/16/2010 7:57 PM 202800]
R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [6/5/2009 5:53 PM 25984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 12:40 AM 135664]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 5:36 PM 86016]
S2 UDisk Monitor;UDisk Monitor;c:\program files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe [5/10/2009 11:29 AM 266240]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\ztemtusbser.sys [5/10/2009 11:29 AM 104320]
.
Contents of the 'Scheduled Tasks' folder

2010-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 19:10]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 19:10]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2139871995-682003330-1003Core.job
- c:\documents and settings\faiz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-17 14:26]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2139871995-682003330-1003UA.job
- c:\documents and settings\faiz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-17 14:26]

2010-01-19 c:\windows\Tasks\rasdial.job
- e:\softwares\new Software\rasdial.bat [2008-06-26 22:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.in/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
FF - ProfilePath - c:\documents and settings\faiz\Application Data\Mozilla\Firefox\Profiles\rvom20zc.default\
FF - plugin: c:\documents and settings\faiz\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\faiz\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-pcfmssl - c:\windows\system32\dgcbkm.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{368FD2A3-584B-67DE-D328-4C6AA06802C4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nafageojmifadojckifphfjpnlma"=hex:6a,61,65,6e,61,69,66,64,62,6d,6c,70,6d,64,
67,6b,63,63,6f,6f,00,f9
"mapgjdjnmoolmhdpjcefdboknd"=hex:6a,61,65,6e,61,69,66,64,62,6d,6c,70,6d,64,67,
6b,63,63,6f,6f,00,f9
.
Completion time: 2010-01-20 19:59:30
ComboFix-quarantined-files.txt 2010-01-20 14:29

Pre-Run: 4,361,060,352 bytes free
Post-Run: 4,641,046,528 bytes free

- - End Of File - - B6B39A4C8EC11D056BB1EC3C75DF75FE

Combofix was unable to download the Windows Recovery software as the internet was not connecting. However it continued to fix and after leaving comp for about 20 minutes when i returned to see there was no window open. Then i tried to connect and it was working fine :-) :woot:

Could you please tell me the exact reason for my connection not working? What was the exact virus which was causing the issue ???


:)
Thanks for the excellent help from you :)

#6 faizan

faizan

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 20 January 2010 - 10:35 AM

Also please suggest me a good freeware antivirus to install. :) Thanks in advance :-)

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 January 2010 - 03:11 PM

I have no idea what the exact infection was.

You had Avast4 installed at one time. That's as good as any other anti-virus. You need some malware/spyware protection though.
SpyBot would be a good start.

If you want a different free anti-virus program:



Use an AntiVirus Software - Choose only one - More than one will conflict. It is very important that your computer has anti-virus software running to protect against viruses. Update Antivirus prior to manual scans as necessary or as used. Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down.



Good job :thumbup:

The following will implement some cleanup procedures as well as reset System Restore points:

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • Posted Image


    To be on the safe side, I would also change all my passwords.


    Here's my usual all clean post

    Log looks good :D


    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      • From within Internet Explorer click on the Tools menu and then click on Options.
      • Click once on the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.


I would suggest you read How to Prevent Malware:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 23 January 2010 - 07:05 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·