Frequently Disconnecting Internet. [Solved]

DO NOT use any TOOLS such as Combofix, MBAM, SmitfraudFix, Vundofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer if needed.


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.



Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download Combofix from any of the links below but rename it to ABCD.exe before saving it to your desktop.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Link 1
Link 2


Double click on the ABCD.exe ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt so we can continue cleaning the system.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

• Drag the setup package onto ComboFix.exe and drop it.
  
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
  
  
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt in your next reply using Copy/Paste.


Notes:

Give it atleast 20-30 minutes to finish if needed.

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Also please describe how your computer behaves in your next reply.

hello ldtate concerning the step on going on the microsoft website you lead me to a xp windows recovery console site which worries me since I cannot find my appropriate download for my system due to I'm currently running vista?
and even if vista and xp are the same I can't seem to understand which one to download please help me

Vista has it's own so don't install it, just move on to the next part.

Combofix Log.

ComboFix 10-01-21.08 - plaiigirl07_2 01/23/2010 13:49:27.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.61.1033.18.959.376 [GMT 11:00]
Running from: c:\users\plaiigirl07_2\Desktop\ABCD.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-3455584381-3838395006-1544371613-1000
c:\$recycle.bin\S-1-5-21-3455584381-3838395006-1544371613-1001
c:\$recycle.bin\S-1-5-21-3455584381-3838395006-1544371613-1002
c:\$recycle.bin\S-1-5-21-3455584381-3838395006-1544371613-1003
c:\$recycle.bin\S-1-5-21-3455584381-3838395006-1544371613-1007
c:\program files\TENCENT\SSPlus\SAddr.dll
c:\program files\TENCENT\SSPlus\SData.dat
c:\program files\TENCENT\SSPlus\SPlus.dll
c:\program files\TENCENT\SSPlus\stdtbh.dat
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-23 03:01 . 2010-01-23 03:01 -------- dc----w- c:\users\Michael\AppData\Local\temp
2010-01-23 03:01 . 2010-01-23 03:06 -------- dc----w- c:\users\plaiigirl07_2\AppData\Local\temp
2010-01-23 03:01 . 2010-01-23 03:01 -------- dc----w- c:\users\Default\AppData\Local\temp
2010-01-23 03:01 . 2010-01-23 03:01 -------- dc----w- c:\users\2566\AppData\Local\temp
2010-01-23 03:01 . 2010-01-23 03:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-01-12 23:13 . 2009-10-19 13:38 156672 -c--a-w- c:\windows\system32\t2embed.dll
2010-01-12 23:13 . 2009-10-19 13:35 72704 -c--a-w- c:\windows\system32\fontsub.dll
2010-01-09 01:45 . 2010-01-09 01:49 -------- dc----w- c:\windows\system32\ca-ES
2010-01-09 01:45 . 2010-01-09 01:49 -------- dc----w- c:\windows\system32\eu-ES
2010-01-09 01:45 . 2010-01-09 01:49 -------- dc----w- c:\windows\system32\vi-VN
2010-01-09 01:00 . 2010-01-09 01:00 -------- dc----w- c:\windows\system32\EventProviders
2010-01-07 03:29 . 2009-08-24 11:36 377344 -c--a-w- c:\windows\system32\winhttp.dll
2010-01-07 03:26 . 2009-11-03 19:41 411648 -c--a-w- c:\windows\system32\drivers\http.sys
2010-01-07 03:26 . 2009-11-03 21:43 24064 -c--a-w- c:\windows\system32\nshhttp.dll
2010-01-07 03:26 . 2009-11-03 21:42 30720 -c--a-w- c:\windows\system32\httpapi.dll
2010-01-07 03:25 . 2009-10-07 11:36 243712 -c--a-w- c:\windows\system32\rastls.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 03:04 . 2007-06-25 10:40 1356 -c--a-w- c:\users\plaiigirl07_2\AppData\Local\d3d9caps.dat
2010-01-23 03:04 . 2009-03-16 02:24 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-22 05:11 . 2007-10-18 10:12 680 -c--a-w- c:\users\2566\AppData\Local\d3d9caps.dat
2010-01-21 04:37 . 2007-09-21 10:56 -------- dc----w- c:\program files\Java
2010-01-21 04:23 . 2009-03-16 02:18 -------- dc----w- c:\program files\Logitech
2010-01-21 04:09 . 2008-10-07 07:15 -------- dc----w- c:\programdata\avg8
2010-01-21 03:15 . 2007-03-02 03:05 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-01-20 11:31 . 2007-03-05 09:50 -------- dc----w- c:\program files\Ubi Soft
2010-01-16 09:39 . 2007-09-19 11:51 -------- dc----w- c:\programdata\Skype
2010-01-15 21:59 . 2009-07-24 09:46 -------- dc----w- c:\program files\a-squared Anti-Malware
2010-01-15 08:39 . 2008-10-03 12:25 -------- dc----w- c:\users\plaiigirl07_2\AppData\Roaming\FrostWire
2010-01-14 00:12 . 2009-10-02 23:51 181120 -c----w- c:\windows\system32\MpSigStub.exe
2010-01-09 01:51 . 2006-11-02 12:35 -------- dc----w- c:\program files\Windows Calendar
2010-01-09 01:51 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2010-01-09 01:51 . 2006-11-02 12:35 -------- dc----w- c:\program files\Windows Sidebar
2010-01-09 01:51 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-01-09 01:51 . 2006-11-02 12:35 -------- dc----w- c:\program files\Windows Photo Gallery
2010-01-09 01:50 . 2006-11-02 12:35 -------- dc----w- c:\program files\Windows Defender
2010-01-07 06:44 . 2009-03-16 02:18 -------- dc----w- c:\programdata\Logishrd
2010-01-07 06:44 . 2009-03-16 02:18 -------- dc----w- c:\program files\Common Files\LogiShrd
2010-01-07 06:17 . 2007-12-06 07:48 -------- dc----w- c:\programdata\Microsoft Help
2010-01-02 06:38 . 2010-01-21 23:17 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 23:17 109056 -c--a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 23:17 71680 -c--a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 23:17 133632 -c--a-w- c:\windows\system32\ieUnatt.exe
2009-11-30 21:18 . 2009-11-30 21:18 -------- dc----w- c:\program files\MSXML 4.0
2009-11-29 02:54 . 2008-02-02 02:19 -------- dc----w- c:\users\plaiigirl07_2\AppData\Roaming\Apple Computer
2009-11-29 02:51 . 2008-03-22 08:38 -------- dc----w- c:\programdata\Apple
2009-11-12 04:03 . 2007-10-18 10:12 103312 -c--a-w- c:\users\2566\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-11 04:27 . 2007-06-25 10:40 103312 -c--a-w- c:\users\plaiigirl07_2\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-10 07:21 . 2009-11-10 07:21 79144 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 09:17 . 2009-11-26 04:15 2048 -c--a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2006-09-29 720896]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"S3Trayp"="S3trayp.exe" [2006-07-10 176128]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-03 413696]
"a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2010-01-07 3280712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]

c:\users\plaiigirl07_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-2 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2008-11-27 20:51 1261336 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):ad,76,b6,76,cf,90,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/7/2008 6:15 PM 97928]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [1/29/2009 11:07 AM 76040]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [7/24/2009 8:46 PM 1858144]
R2 LxrSII1d;Secure II Driver;c:\windows\System32\drivers\LxrSII1d.sys [8/18/2008 6:15 PM 72672]
R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\S3gIGPm.sys [3/3/2007 12:56 PM 654848]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\w300mgmt.sys [4/15/2007 8:50 PM 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\System32\drivers\w300obex.sys [4/15/2007 8:49 PM 85696]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/7/2008 6:15 PM 875288]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/7/2008 6:15 PM 231704]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NTSIM

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-23 c:\windows\Tasks\User_Feed_Synchronization-{1BE17D10-3E69-416A-A67C-5F70CE01E6D2}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]

2010-01-23 c:\windows\Tasks\User_Feed_Synchronization-{27F217E0-B380-46E5-B9B7-5809358DB400}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]

2010-01-23 c:\windows\Tasks\User_Feed_Synchronization-{3678D954-1923-4F3C-A8A4-BEACDBC12ACA}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]

2010-01-23 c:\windows\Tasks\User_Feed_Synchronization-{7102341C-7230-43DF-B5F5-EBCE294B63FF}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]

2010-01-23 c:\windows\Tasks\User_Feed_Synchronization-{A3910F83-ADDF-4E03-8B4E-48142855ECF4}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.iprimus.com.au
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE: Add to QQ Customized Emoticons - c:\program files\Tencent\QQ\AddEmotion.htm
IE: Add to QQ Customized Panel - c:\program files\Tencent\QQ\AddPanel.htm
IE: Add to QQ Emotions - c:\program files\Tencent\QQ\AddEmotion.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send picture by MMS - c:\program files\Tencent\QQ\SendMMS.htm
IE: Send Picture with QQ MMS - c:\program files\Tencent\QQ\SendMMS.htm
IE: Upload to QQ Network Hard Disk - c:\program files\Tencent\QQ\AddToNetDisk.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\Tencent\QQ\QQ.EXE
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\plaiigirl07_2\AppData\Roaming\Mozilla\Firefox\Profiles\jg2l682t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 14:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(9968)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-01-23 14:15:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-23 03:15

Pre-Run: 163,278,028,800 bytes free
Post-Run: 166,747,205,632 bytes free

- - End Of File - - 5E5D7137D69E452198AF0F17B517859D

How's it running now?

I'm still experiencing disconnecting from the internet do you still have any other advice?

do this first.

The following will implement some cleanup procedures as well as reset System Restore points:

• Click START then RUN
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  [list]
• 

To be on the safe side, I would also change all my passwords.


After the above you could try:
Unplug the power from any devices like a router / modem and wait 10 minutes. Plug the power back in and restart the computer.

I have uninstalled the Combofix as you advised but I still getting disconnecting from the internet every now and then. Please advise what to do next.

I suggest you start a new topic in our windows forum for the Tech Team.
http://www.geekstogo...2003-NT-f5.html

In your topic, add a link to this topic so they will see what we've done.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.