Explorer has net connection

Status
Not open for further replies.
sujeet2555

sujeet2555

In the zone
I have Xp sp2 and comodo internet security installed.from tomorrow my adsl data link has been blinking all the time(alwaya on).connection manager also shows data transferringeven when i am not doing anything.when i checked comodo firewall ,i find that explorer.exe has tcp out connection with destination like 218.298.255.139 ,41.241.112.104 etc.when i block explorer from firewall i can't access internet.i have run many anti spyware and anti virus.but no solution .so ,please tell me why explorer is connection with internet.


her is hijack log


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:50:41 PM, on 2/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
E:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Updater\2.4.1487.6512\GoogleUpdaterInstallMgr.exe
e:\Program Files\Hide Your IP Address\HideYourIPAddress.exe
C:\WINDOWS\system32\msiexec.exe
E:\Program Files\Opera 9\Opera.exe
E:\Programs\USB\ANTI\HijackThis.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\net1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 60.12.227.246:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - E:\Program Files\DAP\dapbho.dll
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PixGrabberBHO Class - {0FD387DF-5E13-4EAB-BB19-A1F4C2D0B325} - e:\Program Files\PixGrabber Free\PxGIEPlugins.dll (file missing)
O2 - BHO: (no name) - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - (no file)
O2 - BHO: (no name) - {11222041-111B-46E3-BD29-EFB2449479B1} - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: (no name) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - e:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Owlforce - {37E1A9E5-00D4-4203-8E58-B91F383A3809} - e:\PROGRA~1\Globe7\Owlforce\Owlforce.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - e:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\Programs\USB\ANTI\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files\roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {88618A96-6D8A-42E7-B932-9073D5B2080F} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - e:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\Programs\USB\ANTI\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {B5B2C82F-1C63-443F-A342-F76C71791BB7} - (no file)
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {c823d3a1-e771-4e64-a358-62eaabf25d07} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - e:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - E:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - e:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PixGrabber Links Bar - {4A360645-F363-416A-A7A3-54E4804F90ED} - e:\PROGRA~1\PIXGRA~1\PxGIEGUI.dll (file missing)
O3 - Toolbar: PixGrabber Bar - {9377C91E-EB13-4AF4-9B45-42BE835BB548} - e:\PROGRA~1\PIXGRA~1\PxGIEGUI.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files\roboform\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - E:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll
O3 - Toolbar: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - e:\Program Files\Save Flash\SaveFlash.dll (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - E:\PROGRA~1\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [COMODO Internet Security] "E:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1708537768-527237240-1801674531-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &SmElis WebData Extractor - res://e:\Program Files\SmElis\WebData Extractor\SWDECom.dll/220
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://E:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://E:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://E:\Program Files\roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download &Flash Movies - e:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://e:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://e:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://e:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://e:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - e:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://E:\Program Files\roboform\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://E:\Program Files\roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save &image with Flash and Media Capture - res://E:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll/saveimg.htm
O8 - Extra context menu item: Save &media files with Flash and Media Capture - res://E:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll/savemedia.htm
O8 - Extra context menu item: Save Flash - res://e:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Save Forms - file://E:\Program Files\roboform\RoboFormComSavePass.html
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\Sujeet\Application Data\RssBandit\iecontext_subscribebandit.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\Programs\USB\ANTI\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\roboform\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\roboform\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\roboform\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - E:\Program Files\MetaProducts Flash & Media Capture\FMCapt.dll
O9 - Extra button: SmElis WebData Extractor - {29718CC3-6C8E-4908-B546-A80C67C2F146} - res://e:\Program Files\SmElis\WebData Extractor\SWDECom.dll/220 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: SmElis WebData Extractor - {29718CC3-6C8E-4908-B546-A80C67C2F146} - res://e:\Program Files\SmElis\WebData Extractor\SWDECom.dll/220 (file missing) (HKCU)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - e:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - e:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - e:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet5_64.dll' missing
O16 - DPF: {CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} (Java Plug-in 1.3.1_18) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EDB5727-9E18-4BDA-9DAA-FEFE5271C7A7}: NameServer = 218.248.255.162,218.248.255.139
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - e:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\catsrv32.dll C:\WINDOWS\system32\guard32.dll,C:\WINDOWS\System32\catsrv32.dll C:\WINDOWS\system32\cssdll32.dll,C:\WINDOWS\System32\catsrv32.dll
O20 - Winlogon Notify: f420a2e2530 - C:\WINDOWS\System32\catsrv32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ActiveFax-Server-Service (ActiveFaxServiceNT) - Vogler Software - e:\program files\activefax\Server\ActSrvNT.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IXJJHUHILMQ - Unknown owner - C:\DOCUME~1\Sujeet\LOCALS~1\Temp\IXJJHUHILMQ.exe (file missing)
O23 - Service: NBService - Nero AG - E:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - e:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - e:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe

--
End of file - 16059 bytes
 
M

mrintech

Technomancer
You can always analyze hijack this log yourself by using: *www.hijackthis.de/ There are some specific errors in your PC.

Go for a Full Scan and along with updated database definitions using following softwares:

* *www.superantispyware.com/download.html
* *www.emsisoft.com/en/software/free/

Also try removing Comodo. Else you have to fix errors manually referring to Hijackthis log errors
 
G

gaurarpit

Broken In
Scan ur system with a good Antivirus. and restart ur pc


Click the start button >> press Run. type msconfig and press enter.
Select the StartUp tab and uncheck all the irrelevant services and programs that start up on their own during system startup. Also check the Services tab, for any irrelevant services.

Restart ur PC and ur problem is solved.
 
OP
sujeet2555

sujeet2555

In the zone
thanks for suggestions.
i have resolved the problem .i have identified the major cause that are net.exe ,net1.exe and catsrv32.dll files that recreate tself when deleted .but i deleted them in safe mode and the problem gone.These were not detected by spybot,adaware,spyware doctor,avg,doctor alex and others.i uses many anti spywares.
thanks.
 
debsuvra

debsuvra

is NOT a PC/Mac
Using many security solution at once is not a wise way. It just slows down you PC with plethora of resource hogging services and processes as I see in you hijackthis log. Just go through one Anti Virus, one Anti Spyware and one Firewall software. As you use Win XP, a firewall is must.
 
M

mrintech

Technomancer
debsuvra said:
Using many security solution at once is not a wise way. It just slows down you PC with plethora of resource hogging services and processes as I see in you hijackthis log. Just go through one Anti Virus, one Anti Spyware and one Firewall software. As you use Win XP, a firewall is must.
Click to expand...
+100
 
Status
Not open for further replies.
Top Bottom