Free Malware Removal Forum

[chettyharish]

Am I Infected? My Comodo is blocking the following things and my net is not working good
And I AM getting A Blue Screen Which I cant read cause the computer restarts after that this is the first time in 2yrs with this pc I believe this happened after windows update or my nvidia graphics update plz help

203.94.243.70 this ip is my internet service provider
192.168.1.3 no info about this ip

COMODO Internet Security Logs

5/14/2009 4:45:37 AM Windows Operating System Blocked 203.94.243.70 53 192.168.1.3 52274 UDP
5/14/2009 12:05:37 PM Windows Operating System Blocked 203.94.227.70 53 192.168.1.3 51693 UDP
5/14/2009 12:06:13 PM Windows Operating System Blocked 203.94.227.70 53 192.168.1.3 57852 UDP
End of The Report



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:34 AM, on 5/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AllToTray\ALLTOTRAY.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\downloads\office2007sp2-kb953195-fullfile-en-us.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AllToTray] C:\Program Files\AllToTray\ALLTOTRAY.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan ... stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9336993935
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAAF050B-00F5-4CA8-B89A-8D2BC30F951F}: NameServer = 203.94.227.70,203.94.243.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5624540-57CD-4D16-B87F-7463683FBE3F}: NameServer = 203.94.227.70,203.94.243.70
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O20 - AppInit_DLLs:
O23 - Service: McAfee Application Installer Cleanup (0211191237283274) (0211191237283274mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\0211191237283274mcinst.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c985e895f2fcaa) (gupdate1c985e895f2fcaa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9803 bytes

[Odd dude]

Welcome back, chettyharish.

Do you use a router?

Open hijackthis, click do a system scan only, put a check next to O20 - AppInit_DLLs:, click fix checked. Allow the prompt from TeaTimer if it pops up.

Log looks OK. The IP address 192.168.1.3 is in the 192.168.x.x range, this range is most commonly used by routers.

The blue screen error may be hardware related. We can do some more scans, but if it turns out to be unrelated to malware, I can refer you to a forum which offers general computer troubleshooting.

[chettyharish]

Firest Thanks For Welcoming I am gonna try to appeal for training again
Yes I Got Dlink ADSL router
I solved the blue screen problem it was problem with nvidia graphics driver due to update
Its just my net its not too good it sometimes disconnects suddenly and again reconnects and its also not as good as it used to be I believe this specifically happens when Fallout 3 is running but now it happens all the time Hope you can help

[Odd dude]

The IP address was from the router - the entries Comodo had been blocking are fine.

Good luck with reappealing for training.

For the other issues, I don't think they're malware related. If you disagree with me on that, we can run some more scans, otherwise I can give you some tips to prevent malware infections and send you off to a forum which offers general computer troubleshooting.

[chettyharish]

hmmm even i accept it doesnt seem malware something related with the game ima try to see whats the problem ty for help
what abut comodo blocking shud i turn it on?

[chettyharish]

Here is the comodo thing should i allow it if yes then plz tell how i cant search due to stupid net

COMODO Internet Security Logs

Table

:

Firewall Logs

Date Created

:

5/22/2009 3:21:46 PM

Log Scope

:

Last 30 Days

Records count

:

24
Date/Time Application Action Source IP Source Port Destination IP Destination Port Protocol
5/1/2009 4:28:40 PM Windows Operating System Blocked 92.143.121.93 3074 192.168.1.3 3074 UDP
5/6/2009 2:23:27 PM Windows Operating System Blocked 203.94.227.70 53 192.168.1.3 57400 UDP
5/7/2009 1:20:59 PM Windows Operating System Blocked 65.55.42.130 3074 192.168.1.3 3074 UDP
5/7/2009 1:21:06 PM Windows Operating System Blocked 206.16.224.171 3074 192.168.1.3 3074 UDP
5/12/2009 8:59:53 PM Windows Operating System Blocked 65.55.42.130 3074 192.168.1.3 3074 UDP
5/12/2009 9:00:14 PM Windows Operating System Blocked 206.16.224.172 3074 192.168.1.3 3074 UDP
5/12/2009 9:00:23 PM Windows Operating System Blocked 65.55.42.130 3074 192.168.1.3 3074 UDP
5/12/2009 9:00:45 PM Windows Operating System Blocked 206.16.224.172 3074 192.168.1.3 3074 UDP
5/12/2009 9:00:52 PM Windows Operating System Blocked 206.16.224.172 3074 192.168.1.3 3074 UDP
5/12/2009 9:00:54 PM Windows Operating System Blocked 65.55.42.130 3074 192.168.1.3 3074 UDP
5/12/2009 9:01:15 PM Windows Operating System Blocked 206.16.224.172 3074 192.168.1.3 3074 UDP
5/12/2009 9:01:24 PM Windows Operating System Blocked 65.55.42.130 3074 192.168.1.3 3074 UDP
5/12/2009 9:01:45 PM Windows Operating System Blocked 206.16.224.172 3074 192.168.1.3 3074 UDP
5/13/2009 1:20:33 AM Windows Operating System Blocked 203.94.243.70 53 192.168.1.3 60882 UDP
5/13/2009 3:57:41 AM Windows Operating System Blocked 203.94.227.70 53 192.168.1.3 63807 UDP
5/14/2009 4:45:37 AM Windows Operating System Blocked 203.94.243.70 53 192.168.1.3 52274 UDP
5/14/2009 12:05:37 PM Windows Operating System Blocked 203.94.227.70 53 192.168.1.3 51693 UDP
5/14/2009 12:06:13 PM Windows Operating System Blocked 203.94.227.70 53 192.168.1.3 57852 UDP
5/16/2009 2:10:05 PM Windows Operating System Blocked 203.94.227.70 53 192.168.1.3 59237 UDP
5/21/2009 3:25:02 PM Windows Operating System Blocked 203.94.227.70 53 192.168.1.3 53117 UDP
5/21/2009 6:53:52 PM Windows Operating System Blocked 203.94.243.70 53 192.168.1.3 59857 UDP
5/22/2009 2:27:23 PM Windows Operating System Blocked 203.94.227.70 53 192.168.1.3 57426 UDP
5/22/2009 2:52:45 PM Windows Operating System Blocked 203.94.227.70 53 192.168.1.3 62085 UDP
5/22/2009 3:06:00 PM Windows Operating System Blocked 203.94.227.70 53 192.168.1.3 58370 UDP
End of The Report

[Odd dude]

The ones which come from your own ISP are fine to allow. I cannot vouch for the others.

I suggest that you consult the Comodo manual to find out how to allow the entries. I don't use the program myself, so I cannot help you with that.

[chettyharish]

ah i found the problem it was dumb old microsoft creating problems there was contradiction between comodo firewall and office suite update 2 i guess the problem is solved thanks for checking for malware

[Odd dude]

You're welcome.

Would you like tips to prevent malware infections in the future?

[chettyharish]

i wasnt malwared so nty i already read all threads during training lol so TY for help :"P

[Odd dude]

True

I will arrange for the topic to be closed.

[NonSuch]

As this issue appears to be resolved, this topic is now closed.