0

Hello,

I am greatful to this forum for always providing help.
A few days before my computer was affected with some virus or worm.
I scanned it from AVG. All the affected files were applications(programs in my computer) and had extension .exe
So I deleted all applications which were lying in backup. I deleted AVG(Its exe was also affected),Adobe etc.All the applicatons installed like office exe were also affected.

I scanned computer from Panda online scan(2 viruses found). Previously Avg gave much better result.
I then again scanned my computer from Panda online more viruses were found. I lost the file which had virus details on it. I am sorry I was careless. All I remember is virus or worm name began with "pr"

After one day I again scanned from Panda but it said my system was clean.
Well I suspect result of panda because AVG detected more viruses when panda was underestimating them.
I didn't scanned again from AVG because I deleted it as it was infected.
The problem is that my system is not clean because something is happening from a few days which has never happened before with my system

Whenever I am using Internet my Internet connection terminates. Sometimes after I have connected for 5 minutes, sometimes after 20 minutes, sometimes after 50 minutes

I again reinstall windows from ghost. The situation gets better for one day and after that same problem starts again.

So I thought it would be better to ask some wise guy.
I use Windowxp media edition
Internet explorer 6

I am giving below my hijack. As soon as I post this problem plus hijack I am again going to install new windows from ghost

Logfile of HijackThis v1.99.1
Scan saved at 11:38:17 PM, on 5/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wpabaln.exe
C:\DOCUME~1\awais\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe


O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB20F8D4-553D-4929-9D13-4A5C22A08538}: NameServer = 202.163.96.3 202.163.96.4

Thank you
awaz

Edited by happygeek: fixed formatting

2
Contributors
3
Replies
4
Views
12 Years
Discussion Span
Last Post by dlh6213
0

I again reinstall windows from ghost. The situation gets better for one day and after that same problem starts again.

Perhaps your system isn't protected well enough; I don't see an antivirus program running.

You can download AVG Antivirus for free

Kerio Personal Firewall is also free

And if you have a broadband connection (DSL, cable, etc), I would recommend getting a hardware-type firewall as well, such as those available from SMC, Linksys, or Netgear.

A few more things to help keep your system clean (all free):

Ad-Aware SE

Spybot Search and Destroy

SpywareBlaster

Naturally, you need to keep everything updated in order for it to be effective.

You may find this thread somewhat informative:
http://www.daniweb.com/techtalkforums/thread16365.html

0

Thank you very much for replying.
I would be greatful if someone examine the highjack log above and tell whether it is clean or unclean.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.