Hi All, This is my first query after joining this forum. So,i need all your valuable advise and suggestions for virus and related severe network connectivity issues. Issues:-Explorer hanging and crashing,CPU usage percentage showing about 90-100% always,IE nd MOZILLA also hanging very frequently. System is also significant lagging in performance. **The worst part is during these times-all the settings of the CORPORATE ANTIVIRUS protection,updates are disabled and SET to READ ONLY. And also effects severly network connectivity like loosing domain and workgroup membersips,internet connections,router page not opening at all,etc I am sorry for writing so much mainly because the issues and symptoms were not restricted to only 1 virus but of different combinations for which its been a mess. It has been very bad experiences with viruses that after sometime-- the network & security admin people had to format and clean install 3 times in past 1 month as the OS started giving severe issues and that it would in turn effect the network in general.This has really put me into security issues of my company's policies and also it wasted a huge amount of my work time.I am really frustrated and I really worry that what would happen next as viruses have effected again.Its really a mess. I use my Company's dell laptop which is loaded with Winxp pro + sp2.This is installed as an Image bundled with other customized utilities. Antivirus:- Corporate edition of Trend Office Scan latest 8.0 and its entire suite included with Rootkit,etc Steps I took:-I have been told that Trend Office gives real time protection and hence would never face any issues.But,unluckily i have seen that for some viruses like PAK_GENERIC ,it gives a virus found alert but the quarantine fails. So,next i go to the virus location and do a SHIFT+DELETE of all items reported.But this doesnot solve all problems because I still get Security alert mails for the same virus later on which means its still left out. Next time,i restart and everything is changed.Cant start TREND OFFICE SCAN,nor its related services,all disabled,etc. Once even it removed my USER profile and so couldnt login to any DOMAIN. I did a google of virus removal steps but havent been successful much.I dont install ANY OTHER ANTIVIRUS PROGRAM BECAUSE as far as I know 2 active antivirus progs would usually conflict and also more important is we cant un-install/de-activate/remove corporately provided specified SOFTWARES as per our official policies. Also,i fear that my IP connections has also been HIJACKED as twice i found different MAC adresses other then my PCs in the router configuration and i couldnt remove them. Only option was to do a hard reset and set the router to default settings.(Have both wired and wireless networks at home) The WIRELESS NETWORK is properly encypted with passwords. I have also the Trend Hijackthis log and some screenprints of settings. Thanks -Rohit

Please run the following scans and post their logs. Please download Malwarebytes' Anti-Malware from one of these sites: MalwareBytes1 MalwareBytes2 1. Double Click mbam-setup.exe to install the application. 2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. 3. If an update is found, it will download and install the latest version. 4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. 5. When the scan is complete, click OK, then Show Results to view the results. 6. Make sure that everything found is checked, and click Remove Selected. 7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. 8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. 9. Copy&Paste the entire report in your next reply. Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Hello Thanks for your response. I have downloaded both the above software and below is the log from both of them. ************************************************************************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:30:43 AM, on 12/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ngvpnmgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\Explorer.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\ (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Microsoft Office Communicator\Communicator.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\mmc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\mstsc.exe C:\WINDOWS\system32\mstsc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe C:\WINDOWS\system32\NOTEPAD.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Citrix\ICA Client\pn.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.exe C:\WINDOWS\system32\NOTEPAD.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.exe C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.exe C:\WINDOWS\system32\NOTEPAD.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GRID O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\ (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Communicator] "c:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http:// O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http:/officescan/console/html/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http:officescan/console/html/ClientInstall/setupini.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/h... O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/active... O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http:officescan/console/html/root/AtxEnc.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http:officescan/console/html/ClientInstall/RemoveCtrl.cab O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} (Loader Class v4) - http://qualitycenter.com/qcbin/Spid... O17 - HKLM\System\CCS\Services\Tcpip\Parameters: O17 - HKLM\Software\..\Telephony: O17 - HKLM\System\CS1\Services\Tcpip\Parameters: O17 - HKLM\System\CS2\Services\Tcpip\Parameters: O17 - HKLM\System\CS3\Services\Tcpip\Parameters: O23 - Service: IXJZDFOH - Sysinternals - www.sysinternals.com - C:\DOCUME~1\MP0106~1.WHQ\LOCALS~1\Temp\IXJZDFOH.exe O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe -- End of file - 7944 bytes ************************************* ************************************** Malwarebytes' Anti-Malware 1.31 Database version: 1554 Windows 5.1.2600 Service Pack 2 12/27/2008 12:43:29 AM mbam-log-2008-12-27 (00-43-29).txt Scan type: Quick Scan Objects scanned: 62135 Time elapsed: 4 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ************************

Your java is out of date and may have been exploited. Download the latest version of java from this link Java Click on the JRE 6 Update 11 download button. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version. Please download ComboFix to the desktop from one of the following links: Link1 Link 2 Link 3 Combofix is a powerful tool so follow the instructions exactly or you could damage your computer. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results". Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. In your case to run Combofix do the following: 1. Go offline turn off your Trend Micro antivirus, and any antispyware that you may have. 2. Run Combofix and save its log. 3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned. 4. Post the Combofix log. Remember to re-enable the protection again afterwards before connecting to the Internet. Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running or move the mouse, it will cause your system to hang.) Please post the log it produces.