sudhakar_karnati Posted July 14, 2008 Report Share Posted July 14, 2008 Hi,When i try to download something using utorrent the indicator in the below goes to red saying that 'Not connectable A firewall/router is limiting your network traffic.You need to open up a port so others can connect to you.' So i logged in to my router(DI-524) and followed the steps mentioned in http://www.portforward.com to open a port but still the message is displayed as port number 59538 is not open...I dont know if i am using any firewall or not..How do i know that..Please help me..Thanks & Regards,Sudhakar Karnati Link to comment Share on other sites More sharing options...
Firon Posted July 14, 2008 Report Share Posted July 14, 2008 Please post a HijackThis log. Link to comment Share on other sites More sharing options...
sudhakar_karnati Posted July 16, 2008 Author Report Share Posted July 16, 2008 This is the log of Hijackthis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:30:05 PM, on 7/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\wscript.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Java\jre1.5.0_13\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\uTorrent\uTorrent.exeC:\WINDOWS\system32\ping.exeC:\Documents and Settings\RAMESH ALE\Desktop\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Dipak BhattaraiF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusGuard.vbsO1 - Hosts: 202.165.102.205 972.aksjd11.comO1 - Hosts: 202.165.102.205 w3og.cnO1 - Hosts: 203.208.35.100 qazc.fourtw.cnO1 - Hosts: 203.208.35.100 www.aujoy.cnO1 - Hosts: 203.208.35.101 www.hao601.cnO1 - Hosts: 203.208.35.101 www.psp476.cnO1 - Hosts: 72.14.235.99 222.1212l112.netO1 - Hosts: 72.14.235.99 444.1212l112.netnO1 - Hosts: 72.14.235.99 555.1212l112.netO1 - Hosts: 72.14.235.99 111.1212l112.netO1 - Hosts: 65.55.21.250 111.3243l24.comO1 - Hosts: 65.55.21.250 222.3243l24.comO1 - Hosts: 65.55.21.250 333.3243l24.comO1 - Hosts: 125.64.8.112 kao2.gmwo03.comO1 - Hosts: 125.64.8.112 kao.gmwo06.comO1 - Hosts: 125.64.8.112 444.gmwo07.comO1 - Hosts: 116.252.185.15 ru.update365.usO1 - Hosts: 116.252.185.15 ad.update365.usO1 - Hosts: 207.46.232.182 popmails.netO1 - Hosts: 203.208.37.99 3.goodhh.comO1 - Hosts: 220.181.37.55 down.rwixr.comO1 - Hosts: 160.79.42.52 www.xdj2008.comO1 - Hosts: 63.175.76.152 www.revtr.cnO1 - Hosts: 219.133.40.91 qq.ljsll.comO1 - Hosts: 203.208.35.102 www.aassccwe.cnO1 - Hosts: 209.132.177.50 973.aksjd11.comO1 - Hosts: 209.132.177.50 974.aksjd11.comO1 - Hosts: 209.132.177.50 971.aksjd11.comO1 - Hosts: 209.132.177.50 975.aksjd11.comO1 - Hosts: 72.14.235.104 user1.12-39.netO1 - Hosts: 72.14.235.147 www.infomt.netO1 - Hosts: 192.150.18.101 ata1.sysions.netO1 - Hosts: 192.150.18.101 ata2.sysions.netO1 - Hosts: 192.150.18.101 ata3.sysions.netO1 - Hosts: 192.150.18.101 ata4.sysions.netO1 - Hosts: 193.120.42.226 8nnnnn99.cnO1 - Hosts: 24.39.54.34 www.haoaoao.cnO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostartO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{D039F071-0A9B-48B5-B6E5-926FFD8541F9}: NameServer = 202.54.12.164,202.54.29.5O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exePlease advice me if anything is wrong. Link to comment Share on other sites More sharing options...
jewelisheaven Posted July 16, 2008 Report Share Posted July 16, 2008 ... virusguard.vbs on the userinit?? Did you do that? If not, you're infected. Link to comment Share on other sites More sharing options...
Switeck Posted July 16, 2008 Report Share Posted July 16, 2008 The rerouted Hosts ips are troubling too. Link to comment Share on other sites More sharing options...
sudhakar_karnati Posted July 17, 2008 Author Report Share Posted July 17, 2008 ... virusguard.vbs on the userinit?? Did you do that? If not, you're infected.I think i am infected please tell me some tool to remove that..When i opened my internet explorer title is showing as 'Deepak Bhattaraj' and i could not find the virusguard.vbs under this directory C:\windows\System32 though it is shown by Hijackthis tool..The rerouted Hosts ips are troubling too.How do i resolve this problem..Please help me..Thanks & Regards,Sudhakar Karnati Link to comment Share on other sites More sharing options...
Firon Posted July 17, 2008 Report Share Posted July 17, 2008 Go get an antivirus app, such as AVG. Or reinstall Windows (and get an AV anyway). Link to comment Share on other sites More sharing options...
Switeck Posted July 17, 2008 Report Share Posted July 17, 2008 Cleaning a probable infection "by hand" can even be hard for the experts.Best to get good anti-virus/anti-spyware software or just reinstall windows. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.