Dear All,

For past few days, I am facing some new problems with my internet (broadband connection). It has certainly nothing to do with my ISP.

First problem is that once I am connected to the net through ADSL modem, I am connected perfectly for a while (being not sure for how long this connection will work perfectly). After some time, may be 5 min, 10 min or 30 min, I will lose connectivity. Though in system tray connection icon is present as if I am connected to the net. When click on it to check the status, nothing will happen or status window may flash for a moment & then disappear. If I try to disconnect, nothing will happen. I tried deleting this connection & make a new connection from the control panel thinking this may be happening because of some malaware (virus, spyware, or anything that is anti to healthy networking) but the problem persisted. Certainly, there is some resident malaware which is stopping my system to function properly. While typing this message, I found that something in the background started as if a new program has started. The colour of desktop & this screen changed momentarily & broadband connection started behaving as I explained above. Now before I click on 'Submit this Post' button, I will have to reboot my system to continue.

Second is that For past few months, I am finding that all of a sudden display driver of my system stops functioning & I get a message to reboot the system for this reason. At that moment, display is jumbled up & everything is visible in very large size as if my display card is gone bad. Once I reboot it, it behaves properly again. This may reoccur after many weeks again.

Third problem is related to hibernating the system. At times when I hibernate, system hangs & I have to shut it down forcibly putting my hard drive & OS at risk of corruption.

What could be the reason of these problems? Are they some how interrelated? For your convenience, I am including below Hikackthis file of system scan. Please suggest the causes & advise remedies for the present & future.

Thanks & regards,

Rahul Dev



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:07, on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
D:\QUICK TIME\iTUNES\iTunesHelper.exe
D:\SYSTEM~2\AVGAV7~1.5FR\avgcc.exe
C:\WINDOWS\Plaxo\2.13.0.12\PlaxoHelper.exe
D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\SYSTEM MAINTENANCE TOOLS\AVG Anti-Spyware 7.5\guard.exe
D:\SYSTEM~2\AVGAV7~1.5FR\avgamsvr.exe
D:\SYSTEM~2\AVGAV7~1.5FR\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Explorer.EXE
E:\SYSTEM MAITENANCE TOOLS\Hijack This v2.0.2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/a/harmonylifecare.com/ServiceLogin?service=ig&passive=true&continue=http://partnerpage.google.com/harmonylifecare.com&followup=http://partnerpage.google.com/harmonylifecare.com&cd=US&hl=en&nui=1&ltmpl=default (https://www.google.com/a/harmonylifecare.com/ServiceLogin?service=ig&passive=true&continue=http://partnerpage.google.com/harmonylifecare.com&followup=http://partnerpage.google.com/harmonylifecare.com&cd=US&hl=en&nui=1&ltmpl=default)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/a/harmonylifecare.com/ServiceLogin?service=ig&passive=true&continue=http://partnerpage.google.com/harmonylifecare.com&followup=http://partnerpage.google.com/harmonylifecare.com&cd=US&hl=en&nui=1&ltmpl=default (https://www.google.com/a/harmonylifecare.com/ServiceLogin?service=ig&passive=true&continue=http://partnerpage.google.com/harmonylifecare.com&followup=http://partnerpage.google.com/harmonylifecare.com&cd=US&hl=en&nui=1&ltmpl=default)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SYSTEM~2\ANTI-S~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [iTunesHelper] "D:\QUICK TIME\iTUNES\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] D:\SYSTEM MAINTENANCE TOOLS\PCPitstop\Optimize\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [AVG7_CC] D:\SYSTEM~2\AVGAV7~1.5FR\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.13.0.12\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\SYSTEM~2\AVGAV7~1.5FR\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\MICROSOFT OFFICE XP\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://D:\MISC (file:///D:/MISC). APPLICATIONS\IE Spell Checker\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://D:\MISC (file:///D:/MISC). APPLICATIONS\IE Spell Checker\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - D:\MISC. APPLICATIONS\IE Spell Checker\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.airtelworld.com (http://www.airtelworld.com/)
O15 - Trusted Zone: http://www.akhilsystems.com (http://www.akhilsystems.com/)
O15 - Trusted Zone: www.audible.co.uk (http://www.audible.co.uk/)
O15 - Trusted Zone: http://www.clearvoicesurveys.com (http://www.clearvoicesurveys.com/)
O15 - Trusted Zone: http://cgi5.ebay.in (http://cgi5.ebay.in/)
O15 - Trusted Zone: www.ebay.in (http://www.ebay.in/)
O15 - Trusted Zone: http://www.ebay.in (http://www.ebay.in/)
O15 - Trusted Zone: www.google.co.in (http://www.google.co.in/)
O15 - Trusted Zone: http://www.grisoft.com (http://www.grisoft.com/)
O15 - Trusted Zone: http://forum.grisoft.cz (http://forum.grisoft.cz/)
O15 - Trusted Zone: http://epaper.hindustantimes.com (http://epaper.hindustantimes.com/)
O15 - Trusted Zone: http://www.irctc.co.in (http://www.irctc.co.in/)
O15 - Trusted Zone: www.jaxtr.com (http://www.jaxtr.com/)
O15 - Trusted Zone: http://epaper.livemint.com (http://epaper.livemint.com/)
O15 - Trusted Zone: www.makemytrip.com (http://www.makemytrip.com/)
O15 - Trusted Zone: http://www.cppri.org.in (http://www.cppri.org.in/)
O15 - Trusted Zone: http://www.rbi.org.in (http://www.rbi.org.in/)
O15 - Trusted Zone: www.plaxo.com (http://www.plaxo.com/)
O15 - Trusted Zone: http://www.sgiquarterly.org (http://www.sgiquarterly.org/)
O15 - Trusted Zone: http://www.signdomains.com (http://www.signdomains.com/)
O15 - Trusted Zone: http://www.silvaindiakolkata.com (http://www.silvaindiakolkata.com/)
O15 - Trusted Zone: http://www.silvamethod.com (http://www.silvamethod.com/)
O15 - Trusted Zone: http://www.silvamethodindia.com (http://www.silvamethodindia.com/)
O15 - Trusted Zone: http://india.takingitglobal.org (http://india.takingitglobal.org/)
O15 - Trusted Zone: http://epaper.timesofindia.com (http://epaper.timesofindia.com/)
O15 - Trusted Zone: http://www.trainenquiry.com (http://www.trainenquiry.com/)
O15 - Trusted Zone: http://*.trivitron.com (http://*.trivitron.com/)
O15 - Trusted Zone: http://www.uastdc.com (http://www.uastdc.com/)
O15 - Trusted IP range: http://10.240.96.195 (http://10.240.96.195/)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab (http://www.worldwinner.com/games/shared/wwlaunch.cab)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab (http://www.worldwinner.com/games/v46/sol/sol.cab)
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -
O16 - DPF: {FDD6CEF8-3C6E-42E0-BC7B-D730085CFABC} (Jaxtr Outlook Importer) - http://www.jaxtr.com/user/activex/JaxtrOutlookImporter.CAB (http://www.jaxtr.com/user/activex/JaxtrOutlookImporter.CAB)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\SYSTEM MAINTENANCE TOOLS\ANTI-SPYWARE\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\SYSTEM MAINTENANCE TOOLS\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\SYSTEM~2\AVGAV7~1.5FR\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\SYSTEM~2\AVGAV7~1.5FR\avgupsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 10830 bytes

Hi Tashi,

Thanks for moving my post to the right place. I am eagerly waiting to hear from anybody in this forum for the solution to my this peculiar problem. I am in a great fix.:eek: Please get me the solution ASAP. My all work has come to a stand still. I am in a major trouble. :buried: PLEASE HELP! PLEASE PLEASE PLEASE

Regards,

Rahul Dev

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

First, I want to apologize for the wait, I have looked at this post before as I am sure others have and I feel we owe you at least a response. First let me point to the instructions I posted which are also pinned to the top of the forum. Please read them and if we proceed adhere to all instuction. To start, copy/paste all logs and read the instructions for turning off "word wrap" under format in Notepad.
The HJT log is showing some junk and I wonder about you allowing all of those sites in your "Trusted Zone" but there is nothing in the HJT log that looks like malware, and this is the "Malware Removal Forum," we do not troubleshoot operating system issues here and we do not troubleshoot internet connection issue other than if the removal of malware turns out to be what is causing the issue.

Looking at your log, you indicate connection issues, this is something you should take up with your internet provider or perhaps here:
http://www.google.com/search?hl=en&q=troubleshoot+connection+issues&btnG=Google+Search

The other two issues you report, it is very unlikely they are malware related. I suggest you locate a good forum where they can help with display and hibernating issues. Here is one that I know:
http://www.bleepingcomputer.com/forums/forum56.html
http://www.bleepingcomputer.com/forums/forum65.html
If I have not sent you to the correct forum, they will redirect you.

I will also suggest you run this free diagnostic, it may find something to help you:
http://www.pcpitstop.com/pcpitstop/

To recap, I really believe the "Malware Removal Forum" is not where you belong. If you can suggest a reason or describe malware you believe exists, then read the directions, post a new unformatted HJT log and the results of the required Kaspersky scan and I will be glad to take another look.

Thanks

Dear pskelley,

Thanks a ton for your reply. At least & at last you took trouble to reply to my post, even though it was quite delayed. Anyhow, thank you very much once again.

First I must reassure you that I have read once again the post "*BEFORE you POST*" (READ this Procedure before Requesting Assistance).

Next, I have all the reasons to believe that my system is infected. Before, I proceed with my reasons, I request you to please tell me about the junk in “Trusted Zone” you have referred to in your reply. It may be that these were added impromptu. Once I know, I will delete them from the “Trusted Zone”.

Now coming to the reasons of my belief. After waiting & waiting for any reply from this forum, I started taking some action of my own to resolve the problem. To cut short, I first scanned my system with Kaspersky which is considered to be the BEST. Regrettably, it could detect only TWO defective objects. Actually, it was one embedded in another making total to two. It was an old email in outlook.pst file that was infected and thus outlook.pst was also termed as infected. Once I deleted this mail, Kaspersky labelled my system infection free. Though I still believed my system to be full of infection.

Then a friend suggested me to download eScan (one month free trial copy) of Micro World (http://www.mwti.net (http://www.mwti.net/)). They also claimed that their anti virus is based on Kaspersky engine. Regrettably, it also could not detect anything malicious. I approached these guys & they suggested to download their Anti Virus Toolkit Utility MWAV. And hurray! It detected 7 critical objects & 20 errors on my C drive itself. I had selected only to scan in normal mode. Though they had advised me to run this toolkit in safe mode & select scan & clean. Though I forgot in anxiety to run the utility in safe mode but I intentionally selected scan option to ensure that some important data file may not be deleted (this was from the experience of outlook.pst). You may not believe but these 7 critical objects were none other than Trojans. As I was confident that none of my data files are infected & this toolkit is able to detect something malicious, I stopped it in between. Ran it again (in normal mode only) with scan & clean option. But to my utter surprise, this time it could detect only 5 Trojans & 8 errors & deleted all 13 (though second run was immediate without going to net or restarting my system). Then, I run this toolkit in safe mode & it deleted one more Trojan. Just to remind you, this toolkit is also based on Kaspersky. My question: “where has the 7th Trojan disappeared?” remains unanswered till now. In other words, even if I ignore rest of 12 errors that were also detected in first scan, I cannot ignore one (who knows, there could be more that could not be detected) Trojan is hidden in my system & playing nuisance for me. No anti-virus utility or toolkit is able to detect it. Why? How can I detect & delete it?

I have more reasons for my belief. As I mentioned in my post, colour of my desk top changes for a moment & is restored instantly. I think you have overlooked this statement. This happens only after I lose net connectivity. If my net is working fine or I am not connected to the net, nothing happens to my display. Can anybody answer to this?

Next, I reloaded Windows & all drivers assuming that some files might be corrupted but problem persisted. In spite of my not so good experience with Kaspersky, I have ordered for a complete Kaspersky Internet Security Suite (ISS). But for sure, no matter what any developer claims, all are far cry from reality of fighting malware community. They are no match to the speed of malware growth.

With all these efforts, I am at loss what to do next? Should I reformat my hard discs & reload everything again? (I dread this the most. As a last resort, I will have to do this). As you suggested, I will try to look at the website of troubleshooting connection & also will try to post on the forums you suggested. But the problem is 99% related to malware. That is my belief. Can you further help me please? Right now I am not in a position to give you scan of log of Kaspersky run in safe mode. Reason for this is that I have a serial mouse which does not work in safe mode. With this limited functionality, it is not practical for me to run Online Kaspersky scanner in safe mode. I can get you Kaspersky log once I have its CD of ISS.

In the last & not the least, I have a suggestion. Rather I should call it an appeal to all software developers who are in the business of developing anti-virus (AV) software. (I do not know where to post this appeal, so I am putting it here with request that you please put it in the right forum/banner where it attracts the greatest attention.). “Please unite to fight malware. When developing any AV package, please allow other AV to be installed on the same system & update the latest signature files from the website. New AV might not be allowed to run this new installed AV till earlier AV package is uninstalled.”

This I am saying from my own experience. Recently I tried to migrate from AVG Free version to Computer Associates ISS (Download version). But I could not install & update latest signature files till I uninstalled AVG from my system, leaving my system in the hands of all sorts of malware. Since then only I have started facing all these problems. (Unfortunately, even I could not use CA’s ISS due to some dispute over rebate offer).

I am not posting HJT log for a reason. Main is that nothing major has changed since my last post. If you believe that a fresh log may detect something, I will post it next time. Also, I hope you (& others too who read my earlier post but preferred to ignore it) will be able to give some more solutions to my problem (except the solution of reformatting my HDDs).

Thanks once again for your reply & having patience to read this long post.

Warm regards,

Rahul Dev (aredev)

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

First, I want to apologize for the wait, I have looked at this post before as I am sure others have and I feel we owe you at least a response. First let me point to the instructions I posted which are also pinned to the top of the forum. Please read them and if we proceed adhere to all instuction. To start, copy/paste all logs and read the instructions for turning off "word wrap" under format in Notepad.
The HJT log is showing some junk and I wonder about you allowing all of those sites in your "Trusted Zone" but there is nothing in the HJT log that looks like malware, and this is the "Malware Removal Forum," we do not troubleshoot operating system issues here and we do not troubleshoot internet connection issue other than if the removal of malware turns out to be what is causing the issue.

Looking at your log, you indicate connection issues, this is something you should take up with your internet provider or perhaps here:
http://www.google.com/search?hl=en&q=troubleshoot+connection+issues&btnG=Google+Search

The other two issues you report, it is very unlikely they are malware related. I suggest you locate a good forum where they can help with display and hibernating issues. Here is one that I know:
http://www.bleepingcomputer.com/forums/forum56.html
http://www.bleepingcomputer.com/forums/forum65.html
If I have not sent you to the correct forum, they will redirect you.

I will also suggest you run this free diagnostic, it may find something to help you:
http://www.pcpitstop.com/pcpitstop/

To recap, I really believe the "Malware Removal Forum" is not where you belong. If you can suggest a reason or describe malware you believe exists, then read the directions, post a new unformatted HJT log and the results of the required Kaspersky scan and I will be glad to take another look.

Thanks

Please do not quote my instructions, waste of space when you can scroll back to see them.

Keep in mind, I am a lowly footsoldier (warrior) and I do not write the software, only (thanksfully) have access to use it to help others. It sounds like you have gone far beyond tools I would use and I don't knowthat I can help you more. I use MWAV from time to time with especially hard infections and would look at the scan results if you wish to post them.
If you wish to run the scan and post the results, this is all I need to see:

select all local drives, scan all files, press 'scan' and when it is completed, anything found will be displayed in the lower pane. Highlight it, CTRL C and paste it in your next reply.

The "Trusted Zone" items I mentioned are the 015 items in the HJT log. You should be sure you wish to trust those websites with that much access to your computer. I personally allow no one in my "Trusted Zone" but this is your call.

There is always the possibility of a Rootki infection:
http://en.wikipedia.org/wiki/Rootkit

Let Blacklight take a look to see what it finds:

Please download F-Secure Blacklight:
ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
(fsbl.exe) and save to your C:\ drive.
Open a command window by going to Start > Run and typing: cmd
Copy/paste or type the following in the command window: C:\fsbl.exe /expert
Hit "Enter" to start the program and then close the cmd box.
Accept the user agreement and click "Next".
Click "Scan".
After the scan is complete, click "Next", then "Exit".
BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan). Post that log here.
The log will have a list of all items found. Do not remove anything, most if not all items will be valid.

Thanks

This topic is closed due to lack of a response.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks