sawant_vinay04
New Member
Dear Sir,
Can you please help me to remove the Internet speed monitor virus which pop up frequently.
The Hijackthis logs are as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:48 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\hjavaw.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Documents and Settings\vsawant\Application Data\gadcom\gadcom.exe
C:\Program Files\GetModule\GetModule31.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ford.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ford.com/portal/mypage/mypage.asp?UserID=1413843&PageID=76908&
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://browsers.ford.com/coe/browsers/ie/en/configmgr.ins
O4 - HKLM\..\Run: [SgeEcView] "C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe"
O4 - HKLM\..\Run: [EdWizard] "C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe" as
O4 - HKLM\..\Run: [EnChk] C:\Program Files\Utimaco\SafeGuard Easy\EnChk.vbs
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\vsawant\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [GetModule31] C:\Program Files\GetModule\GetModule31.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ciscosales.webex.com/client/T26L10NSP49EP9/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ecc.ford.com
O17 - HKLM\Software\..\Telephony: DomainName = ecc.ford.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED36E921-472A-4AFD-819B-BF7ACFE9290A}: Domain = nls.ford.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ecc.ford.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nls.ford.com,nlse.ford.com,dearborn.ford.com,ecc.ford.com,fmcc.ford.com,pd3.ford.com,pd7.ford.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ecc.ford.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = nls.ford.com,nlse.ford.com,dearborn.ford.com,ecc.ford.com,fmcc.ford.com,pd3.ford.com,pd7.ford.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nls.ford.com,nlse.ford.com,dearborn.ford.com,ecc.ford.com,fmcc.ford.com,pd3.ford.com,pd7.ford.com
O20 - AppInit_DLLs: yzarsa.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\System32\drivers\trcboot.exe (file missing)
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 6976 bytes
Can you please help me to remove the Internet speed monitor virus which pop up frequently.
The Hijackthis logs are as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:48 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\hjavaw.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Documents and Settings\vsawant\Application Data\gadcom\gadcom.exe
C:\Program Files\GetModule\GetModule31.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ford.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ford.com/portal/mypage/mypage.asp?UserID=1413843&PageID=76908&
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://browsers.ford.com/coe/browsers/ie/en/configmgr.ins
O4 - HKLM\..\Run: [SgeEcView] "C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe"
O4 - HKLM\..\Run: [EdWizard] "C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe" as
O4 - HKLM\..\Run: [EnChk] C:\Program Files\Utimaco\SafeGuard Easy\EnChk.vbs
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\vsawant\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [GetModule31] C:\Program Files\GetModule\GetModule31.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ciscosales.webex.com/client/T26L10NSP49EP9/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ecc.ford.com
O17 - HKLM\Software\..\Telephony: DomainName = ecc.ford.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED36E921-472A-4AFD-819B-BF7ACFE9290A}: Domain = nls.ford.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ecc.ford.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nls.ford.com,nlse.ford.com,dearborn.ford.com,ecc.ford.com,fmcc.ford.com,pd3.ford.com,pd7.ford.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ecc.ford.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = nls.ford.com,nlse.ford.com,dearborn.ford.com,ecc.ford.com,fmcc.ford.com,pd3.ford.com,pd7.ford.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nls.ford.com,nlse.ford.com,dearborn.ford.com,ecc.ford.com,fmcc.ford.com,pd3.ford.com,pd7.ford.com
O20 - AppInit_DLLs: yzarsa.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\System32\drivers\trcboot.exe (file missing)
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 6976 bytes
