Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page MS Windows XP will not load when connected to internet
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 8 of 9 « First 567 8 9
 
LinkBack Thread Tools
Old 04-09-2007, 06:40 AM   #141 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
I was not able to get any good information off of the virusscan.jotti.org site. Every file I tried to upload came back like the others, The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

I uploaded the cab file to spykiller and noticed a fix on the site, I will print that out later today to follow if you think preventing any network possibility between my two pc's is the right thing to do.

Results of SREng log

Code:
2007-04-08,23:13:45

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 1 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
    <Microsoft Works Update Detection><c:\Program Files\Microsoft Works\WkDetect.exe>  [Microsoft® Corporation]
    <Weather><C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1>  [N/A]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
    <userinit><C:\WINDOWS\System32\ntos.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [N/A]
    <SSC_UserPrompt><C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe>  [(Verified)Symantec Corporation]
    <Ulead AutoDetector><C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe>  [Ulead Systems, Inc.]
    <HPDJ Taskbar Utility><C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HP Component Manager><"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe">  [Hewlett-Packard Company]
    <HP Software Update><"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe">  [Hewlett-Packard Company]
    <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [N/A]
    <Picasa Media Detector><C:\Program Files\Picasa2\PicasaMediaDetector.exe>  [Google Inc.]
    <iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [Apple Computer, Inc.]
    <AVG7_CC><C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP>  [GRISOFT, s.r.o.]
    <OFFICEKB><C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE>  []
    <FLMOFFICE4DMOUSE><C:\Program Files\Micro Innovations\Mouse\mouse32a.exe>  []
    <PC Pitstop Optimize Scheduler><C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot>  [(Verified)P.C. Pitstop LLC]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0\bin\jusched.exe">  [Sun Microsystems, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]

==================================
Startup Folders
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[BigFix]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk --> C:\PROGRA~1\BigFix\BigFix.exe [BigFix Inc.]><N>
[Ulead Photo Express 4.0 SE Calendar Checker ]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk --> C:\PROGRA~1\ULEADS~1\ULEADP~1.0SE\CalCheck.exe [Ulead Systems, Inc.]><N>

==================================
Services
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[AVG7 Alert Manager Server / Avg7Alrt][Running/Auto Start]
  <C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc][Running/Auto Start]
  <C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe><GRISOFT, s.r.o.>
[AVG E-mail Scanner / AVGEMS][Running/Auto Start]
  <C:\PROGRA~1\Grisoft\AVG7\avgemc.exe><GRISOFT, s.r.o.>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService][Running/Manual Start]
  <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[SymWMI Service / SymWSC][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"><Symantec Corporation>
[WAN Miniport (ATW) Service / WANMiniportService][Running/Auto Start]
  <"C:\WINDOWS\wanmpsvc.exe"><America Online, Inc.>
[Microsoft Windows Distributed Transaction Coordinator / Windows Distributed Transaction Process Coordinator][Running/Auto Start]
  <"C:\WINDOWS\msdtc.exe"><N/A>

==================================
Drivers
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG7 Kernel / Avg7Core][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
[AVG7 Wrap Driver / Avg7RsW][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
[AVG7 Resident Driver XP / Avg7RsXP][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[AVG7 Clean Driver / AvgClean][Running/System Start]
  <\SystemRoot\System32\Drivers\avgclean.sys><GRISOFT, s.r.o.>
[AVG Network Redirector / AvgTdi][Running/Auto Start]
  <\SystemRoot\System32\Drivers\avgtdi.sys><GRISOFT, s.r.o.>
[Belarc SMBios Access / BANTExt][Running/System Start]
  <\SystemRoot\System32\Drivers\BANTExt.sys><N/A>
[DV 4100M(Video) / Ca536av][Stopped/Auto Start]
  <System32\Drivers\Ca536av.sys><Digital Camera>
[Agfa ePhoto CL18 Camera Stream Driver / DILUSBCamera][Stopped/Auto Start]
  <System32\DRIVERS\stream18.sys><Sound Vision Inc.>
[drvmcdb / drvmcdb][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\drvmcdb.sys><Sonic Solutions>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[gmer / gmer][Stopped/Manual Start]
  <System32\DRIVERS\gmer.sys><GMER>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
  <System32\DRIVERS\HSFHWBS2.sys><Conexant Systems>
[HSF_DP / HSF_DP][Running/Manual Start]
  <System32\DRIVERS\HSF_DP.sys><Conexant Systems>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <System32\DRIVERS\mdmxsdk.sys><Conexant>
[VSO Software pcouffin / pcouffin][Running/Manual Start]
  <System32\Drivers\pcouffin.sys><VSO Software>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[DV 4100M(Still) / USBCamera][Stopped/Manual Start]
  <System32\Drivers\Bulk536.sys><USB BULK>
[WAN Miniport (ATW) / wanatw][Running/Manual Start]
  <System32\DRIVERS\wanatw4.sys><America Online, Inc.>
[winachsf / winachsf][Running/Manual Start]
  <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
Browser Add-ons
[Yahoo! Companion BHO]
  {02478D38-C3F9-4efb-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
  {243B17DE-77C7-46BF-B94B-0B5F309A0E64} <C:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation>
[]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0\bin\ssv.dll, Sun Microsystems, Inc.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[EpsonToolBandKicker Class]
  {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[Java Plug-in 1.6.0]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0\bin\ssv.dll, Sun Microsystems, Inc.>
[ICQ]
  {6224f700-cba3-4071-b251-47cb894244cd} <C:\Program Files\ICQ\ICQ.exe, >
[Real.com]
  {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\System32\Shdocvw.dll, Microsoft Corporation>
[]
  {E023F504-0C5A-4750-A1E7-A9046DEA8A21} <C:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[EPSON Web-To-Page]
  {EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[Yahoo! Companion]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll, Yahoo! Inc.>
[&Radio]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, >
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Support.com Configuration Class]
  {01113300-3E00-11D2-8470-0060089874ED} <C:\WINDOWS\Downloaded Program Files\tgctlcm.dll, N/A>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[iPIX ActiveX Control]
  {11260943-421B-11D0-8EAC-0000C07D88CF} <C:\WINDOWS\DOWNLO~1\ipixx.ocx, N/A>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
[SurferNETWORK Plugin]
  {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} <C:\WINDOWS\DOWNLO~1\SURFER~1.OCX, N/A>
[Autodesk MapGuide ActiveX Control]
  {62789780-B744-11D0-986B-00609731A21D} <C:\WINDOWS\Downloaded Program Files\MgAxCtrl.dll, N/A>
[Maid Control]
  {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} <C:\WINDOWS\DOWNLO~1\CMAIDCTL.OCX, N/A>
[Java Plug-in 1.6.0]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0\bin\ssv.dll, Sun Microsystems, Inc.>
[ActiveScan Installer Class]
  {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Java Plug-in 1.6.0]
  {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll, Sun Microsystems, Inc.>
[Live365Player Class]
  {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} <C:\WINDOWS\Downloaded Program Files\Play365.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[TikGames Online Control]
  {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} <C:\WINDOWS\Downloaded Program Files\gpcontrol.dll, N/A>
[PopCapLoader Object]
  {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} <C:\WINDOWS\Downloaded Program Files\popcaploader.dll, N/A>

==================================
Running Processes
[PID: 416][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 472][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1288][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Micro Innovations\Mouse\MOUDL32A.DLL]  [, 4, 0, 0, 0]
    [C:\Program Files\Micro Innovations\Keyboard\KBDDL32A.DLL]  [, 4, 0, 0, 0]
    [C:\Program Files\Grisoft\AVG7\avgse.dll]  [GRISOFT, s.r.o., 7.5.0.409]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [C:\WINDOWS\System32\msjava.dll]  [Microsoft Corporation, 5.00.3810]
    [C:\WINDOWS\System32\VMHELPER.DLL]  [Microsoft Corporation, 5.00.3810]
[PID: 1508][C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe]  [Ulead Systems, Inc., 8.0.0.0]
    [C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\u32Comm.dll]  [Ulead Systems, Inc., 8.0.0.0]
[PID: 1524][C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe]  [HP, 2.323.0.0]
    [C:\WINDOWS\System32\spool\drivers\w32x86\3\HPZR3210.dll]  [HP, 2.323.0.0]
[PID: 1544][C:\Program Files\HP\hpcoretech\hpcmpmgr.exe]  [Hewlett-Packard Company, 2.1.1.0]
    [C:\Program Files\HP\hpcoretech\HPVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\WINDOWS\System32\MSXML4.dll]  [Microsoft Corporation, 4.10.9404.0]
[PID: 1560][C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe]  [Hewlett-Packard Company, 3, 0, 38, 1]
[PID: 1588][C:\Program Files\Picasa2\PicasaMediaDetector.exe]  [Google Inc., 2.1.0]
[PID: 1616][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Computer, Inc., 6.0.1.3]
    [C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL]  [Apple Computer, Inc., 6.0.1.3]
    [C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Computer, Inc., 6.0.1.3]
[PID: 1644][C:\PROGRA~1\Grisoft\AVG7\avgcc.exe]  [GRISOFT, s.r.o., 7.5.0.438]
    [C:\PROGRA~1\Grisoft\AVG7\AvgTMgr.dll]  [GRISOFT, s.r.o., 7.5.0.430]
    [C:\PROGRA~1\Grisoft\AVG7\AvgCtrl.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\Grisoft\AVG7\AvgAbout.dll]  [GRISOFT, s.r.o., 7.5.0.434]
    [C:\PROGRA~1\Grisoft\AVG7\AvgTest.dll]  [GRISOFT, s.r.o., 7.5.0.443]
    [C:\PROGRA~1\Grisoft\AVG7\AvgTRes.dll]  [GRISOFT, s.r.o., 7.5.0.437]
    [C:\PROGRA~1\Grisoft\AVG7\AvgSet.dll]  [, ]
    [C:\PROGRA~1\Grisoft\AVG7\avglog.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [C:\Program Files\Grisoft\AVG7\avgcfg.dll]  [GRISOFT, s.r.o., 7.5.0.442]
    [C:\Program Files\Grisoft\AVG7\avgklib.dll]  [GRISOFT, s.r.o., 7.5.0.434]
    [C:\Program Files\Grisoft\AVG7\avglng.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [C:\Program Files\Grisoft\AVG7\avgf.dll]  [N/A, ]
    [C:\Program Files\Grisoft\AVG7\AVGRES.DLL]  [N/A, ]
    [C:\Program Files\Grisoft\AVG7\avgcckrn.dll]  [GRISOFT, s.r.o., 7.5.0.445]
    [C:\Program Files\Grisoft\AVG7\avgvault.dll]  [GRISOFT, s.r.o., 7.5.0.439]
    [C:\Program Files\Grisoft\AVG7\avgrep.dll]  [GRISOFT, s.r.o., 7.5.0.407]
    [C:\Program Files\Grisoft\AVG7\avgunarc.dll]  [GRISOFT, s.r.o., 7.5.0.443]
    [C:\PROGRA~1\Grisoft\AVG7\avgemsui.dll]  [GRISOFT, s.r.o., 7.5.0.434]
    [C:\PROGRA~1\Grisoft\AVG7\avgemcps.dll]  [GRISOFT, s.r.o., 7.5.0.420]
[PID: 1668][C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE]  [, 4.0.0.0]
    [C:\Program Files\Micro Innovations\Keyboard\KBDDL32A.DLL]  [, 4, 0, 0, 0]
    [C:\Program Files\Micro Innovations\Keyboard\KBD32S.DLL]  [N/A, ]
    [C:\Program Files\Micro Innovations\Keyboard\KBD32G.DLL]  [N/A, ]
[PID: 1716][C:\Program Files\Micro Innovations\Mouse\mouse32a.exe]  [, 4.0.0.0]
    [C:\Program Files\Micro Innovations\Mouse\MOUDL32A.DLL]  [, 4, 0, 0, 0]
[PID: 1848][C:\Program Files\Java\jre1.6.0\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.0.105]
    [C:\Program Files\Java\jre1.6.0\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1888][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.2010]
    [C:\WINDOWS\System32\quartz.dll]  [, ]
    [C:\WINDOWS\System32\devenum.dll]  [, ]
    [C:\WINDOWS\System32\msdmo.dll]  [, ]
[PID: 2044][C:\PROGRA~1\AWS\WEATHE~1\Weather.exe]  [AWS Convergence Technologies, Inc., 6, 5, 0, 15]
    [C:\PROGRA~1\AWS\WEATHE~1\LTDIS10N.dll]  [LEAD Technologies, Inc., 10.0.0.013]
    [C:\PROGRA~1\AWS\WEATHE~1\LTKRN10N.dll]  [LEAD Technologies, Inc., 10.0.0.013]
    [C:\PROGRA~1\AWS\WEATHE~1\LTFIL10N.DLL]  [LEAD Technologies, Inc., 10.0.0.013]
    [C:\PROGRA~1\AWS\WEATHE~1\WxDist.dll]  [WeatherBug, 1.0.0.7]
    [C:\PROGRA~1\AWS\WEATHE~1\LFCMP10N.DLL]  [LEAD Technologies, Inc., 10.0.0.013]
    [C:\PROGRA~1\AWS\WEATHE~1\LFBMP10N.DLL]  [LEAD Technologies, Inc., 10.0.0.013]
    [C:\PROGRA~1\AWS\WEATHE~1\LFIMG10N.DLL]  [LEAD Technologies, Inc., 10.0.0.009]
    [C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
    [C:\WINDOWS\System32\Macromed\Common\SwSupport.dll]  [Macromedia, Inc., 10.1r11]
    [C:\Program Files\Micro Innovations\Mouse\MOUDL32A.DLL]  [, 4, 0, 0, 0]
[PID: 316][C:\Program Files\BigFix\BigFix.exe]  [BigFix Inc., 1, 7, 6, 0]
    [C:\Program Files\BigFix\Lib\Engine.dll]  [BigFix, 1, 7, 6, 0]
    [C:\Program Files\BigFix\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\BigFix\Lib\Inspectors\Inspect.dll]  [BigFix, 1, 7, 6, 0]
[PID: 328][C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe]  [Ulead Systems, Inc., 4, 0, 0, 0]
    [C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\u32Cfg.dll]  [Ulead Systems, Inc., 4, 0, 0, 0]
    [C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\u32sn.dll]  [Ulead Systems, Inc., 7.0.0.0]
    [C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\u32Prod.dll]  [Ulead Systems, Inc., 4.0]
    [C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\u32Comm.dll]  [Ulead Systems, Inc., 7.0.0.0]
    [C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalRemi.dll]  [Ulead Systems, Inc., 4, 0, 0, 0]
    [C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\PEBase.dll]  [Ulead Systems, Inc., 4, 0, 0, 0]
    [C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\ipeConst.dll]  [Ulead Systems, Inc., 4, 0, 0, 0]
[PID: 1100][C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe]  [Hewlett-Packard Company, 2.1.4]
    [C:\WINDOWS\System32\HPVAUT32.dll]  [Microsoft Corporation, 2.40.4517]
    [C:\WINDOWS\System32\HPVCP70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\WINDOWS\System32\HPVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\Program Files\HP\hpcoretech\HPCmpMgr.dll]  [Hewlett-Packard Company, 2.1.4]
    [C:\WINDOWS\System32\MSXML4.dll]  [Microsoft Corporation, 4.10.9404.0]
    [C:\Program Files\HP\hpcoretech\comp\hpschedr.dll]  [Hewlett-Packard Company, 2.1.4]
[PID: 2356][C:\Documents and Settings\Duane\Desktop\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Micro Innovations\Mouse\MOUDL32A.DLL]  [, 4, 0, 0, 0]
[PID: 2184][C:\WINDOWS\system32\notepad.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Micro Innovations\Mouse\MOUDL32A.DLL]  [, 4, 0, 0, 0]
    [C:\Program Files\Micro Innovations\Keyboard\KBDDL32A.DLL]  [, 4, 0, 0, 0]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"] 
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
API HOOK
RVA Error:  NtCreateThread (Dangerous Level: Generic,  Hooked by Module: Dest Addr: 0x00135924)

==================================
Hidden Process
N/A

==================================
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-09-2007, 10:38 AM   #142 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,946
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
Ok Duane, Andy contacted me and this is what we're going to try if for no other reason than to rule out that another machine is bringing this in to your system everytime you go online.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Go to C:\SDFix and click the RunThis.bat. Select 'U' to download the latest updates to the tool.

Once it has completed, disconnect this PC from the internet.

------------------------------------------------------------------

Reboot into Safe Mode.

------------------------------------------------------------------

Delete the following files:

C:\lcpift.exe
C:\xiuex.exe

------------------------------------------------------------------

Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.
--------------------------------------------------------------------

Remain disconnected from the internet....

Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000

Goto File on the top bar and choose Save As... , Name it Fixshares.reg then change the save as type to all files and save it to your desktop, double click Fixshares.reg and allow it to be merged into the registry.

--------------------------------------------------------------------

Next goto Start > Settings > Control Panel > Administrative Tools > Computer Management

Expand Shared Folders by clicking the [+] beside it then click Shares

Right click all the shares listed and choose Stop Sharing then OK at the prompt

--------------------------------------------------------------------

Finally goto Start > Run > and type

services.msc

Press OK and the services screen will open, scroll down to the Server service then double click it to open the properties pane (or right click and choose properties) , on the Service Status area click Stop then click Yes at the prompt for also stopping the Computer Browser service.

Then on the Server service that you stopped change the Startup type from Automatic to Disabled then click Apply and OK.

--------------------------------------------------------------------

Reboot your system and reconnect to the internet.

--------------------------------------------------------------------

Run an online scan at Panda and save the results to post here.

--------------------------------------------------------------------

Run dss.exe on Molly's account.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\SDFix\Report.txt
Panda results
main.txt

We'll wait and see if those setup*****.exe or the i file returns.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-11-2007, 06:43 AM   #143 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
I checked and the i file and the setup_##### files are not currently present. I do see three files that are questionable - bohxe.exe, pudl.exe, and tjfdf.exe.

Results from scans

SDFix: Version 1.75

Run by Molly - Tue 04/10/2007 - 19:29:48.65

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:




Killing PID 128 'smss.exe'
Killing PID 204 'winlogon.exe'

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\msdtc.exe - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\setup_10343.exe - Deleted
C:\WINDOWS\system32\setup_12856.exe - Deleted
C:\WINDOWS\system32\setup_53344.exe - Deleted
C:\WINDOWS\system32\setup_66868.exe - Deleted
C:\WINDOWS\system32\setup_67613.exe - Deleted
C:\WINDOWS\system32\setup_83375.exe - Deleted
C:\WINDOWS\system32\setup_88026.exe - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted


Folder C:\WINDOWS\system32\wsnpoem - Removed

ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\Program Files\Common Files\aolshare\shell\us\shellext.dll
C:\Program Files\Common Files\csshare\shell\us\shellext.dll
C:\My Games\Action Ball\actionball.exe
C:\My Games\Adventure Ball\AdventureBall.exe
C:\My Games\Aqua Pearls\pearls.exe
C:\My Games\Cactus Bruce and the Corporate Monkeys\RealCB12.exe
C:\My Games\Clash 'N Slash\Clash N Slash.exe
C:\My Games\Flying Leo\FlyingLeo.exe
C:\My Games\Icy Spell\IcySpell.exe
C:\My Games\Impact\Impact.exe
C:\My Games\Inspheration\Inspheration.exe
C:\My Games\Jewel of Atlantis\Jewel of Atlantis.exe
C:\My Games\Mirror Magic\mirrormagic.exe
C:\My Games\Mosaic - Tomb of Mystery\Mosaic.exe
C:\My Games\Phlinx to Go\PhlinxToGo.exe
C:\My Games\Rainbow Web\RainbowWeb.exe
C:\My Games\Snowy - Space Trip\SpaceTrip.exe
C:\My Games\Turtle Odyssey\Game.exe
C:\My Games\Wheel of Fortune\Wheel of Fortune.exe
C:\Program Files\America Online 8.0\aolphx.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\America Online 8.0\RBM.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\COMIT\cswitch.exe
C:\Program Files\CompuServe 7.0\csphx.exe
C:\Program Files\CompuServe 7.0\cstray.exe
C:\Program Files\CompuServe 7.0\RBM.exe
C:\Program Files\CompuServe 7.0\wcs2000.exe
C:\Program Files\CompuServe 7.0\COMIT\cswitch.exe
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished

88888888888888888888
Panda Scan


Incident Status Location

Potentially unwanted tool:application/bestoffer Not disinfected C:\Documents and Settings\Molly\Desktop\Click To Find and Fix Errors.lnk
Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\Documents and Settings\Molly\Application Data\WinAntiVirus Pro 2006
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch
Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\FunWebProducts.ShellViewControl
Adware:adware/wupd Not disinfected Windows Registry
Virus:Trj/Agent.EHT Disinfected C:\bohxe.exe
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\o4r7omoo.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\o4r7omoo.default\cookies.txt[www.systemdoctor.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cody\Cookies\cody@ad.yieldmanager[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cody\Cookies\cody@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Cody\Cookies\cody@apmebf[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cody\Cookies\cody@doubleclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cody\Cookies\cody@mediaplex[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt[.systemdoctor.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Duane\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\VirtumundoBeGone.exe[²ƒÇ]
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DWFYZOJ\iblyvij[1].htm
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DWFYZOJ\npvsftpq[1].txt
Virus:Trj/WinOpts.AK Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DWFYZOJ\zwvvfftt[1].htm
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6X0DW705\iblyvij[1].htm
Virus:Trj/Agent.EHT Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6X0DW705\uawkhuhrby[2].htm
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KRMHM32V\iblyvij[1].htm
Virus:Trj/Agent.EHT Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KRMHM32V\uawkhuhrby[1].htm
Virus:Trj/Agent.EHT Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KRMHM32V\uawkhuhrby[3].htm
Virus:Trj/WinOpts.AK Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KRMHM32V\zwvvfftt[2].htm
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YNCP89MT\iblyvij[1].htm
Virus:Trj/Agent.EHT Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YNCP89MT\uawkhuhrby[1].htm
Virus:Trj/Agent.EHT Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YNCP89MT\uawkhuhrby[2].htm
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Molly\Cookies\molly@ads.pointroll[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Molly\Cookies\molly@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Molly\Cookies\molly@bs.serving-sys[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Molly\Cookies\molly@doubleclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Molly\Cookies\molly@mediaplex[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Molly\Cookies\molly@serving-sys[1].txt
Virus:W32/Sdbot.ftp.worm Not disinfected C:\Documents and Settings\Molly\Desktop\requested-files[2007-04-06_22_59].cab[C:\windows\system32\i]
Virus:W32/Sdbot.ftp.worm Not disinfected C:\Documents and Settings\Molly\Desktop\requested-files[2007-04-06_23_10].cab[C:\windows\system32\i]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Molly\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Molly\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1005\Dc1.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1005\Dc2.exe
Virus:Trj/WinOpts.AK Disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1006\Dc3.exe
Adware:Adware/SpySheriff Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1006\Dc4.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Virus:W32/Sdbot.ftp.worm Disinfected C:\SDFix\backups\backups.zip[backups/i]
Virus:W32/Sdbot.KEW.worm Disinfected C:\SDFix\backups\backups.zip[backups/msdtc.exe]
Virus:W32/Sdbot.KEW.worm Disinfected C:\SDFix\backups\backups.zip[backups/setup_10343.exe]
Virus:W32/Sdbot.KEW.worm Disinfected C:\SDFix\backups\backups.zip[backups/setup_67613.exe]
Virus:W32/Sdbot.KEW.worm Disinfected C:\SDFix\backups\backups.zip[backups/setup_83375.exe]
Virus:W32/Sdbot.KEW.worm Disinfected C:\SDFix\backups\backups.zip[backups/setup_88026.exe]
Virus:W32/Sdbot.ftp.worm Disinfected C:\SDFix\backups_old1\backups.zip[backups/i]
Virus:W32/Sdbot.KEW.worm Disinfected C:\SDFix\backups_old1\backups.zip[backups/msdtc.exe]
Virus:W32/Sdbot.KEW.worm Disinfected C:\SDFix\backups_old1\backups.zip[backups/setup_03471.exe]
Virus:W32/Sdbot.KEW.worm Disinfected C:\SDFix\backups_old1\backups.zip[backups/setup_23164.exe]
Virus:W32/Sdbot.ftp.worm Disinfected C:\SDFix\backups_old2\backups.zip[backups/i]
Virus:W32/Sdbot.KEW.worm Disinfected C:\SDFix\backups_old2\backups.zip[backups/msdtc.exe]
Virus:W32/Sdbot.ftp.worm Disinfected C:\SDFix\backups_old3\backups.zip[backups/i]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\SmitfraudFix\restart.exe
Adware:Adware/SpySheriff Not disinfected C:\tjfdf.exe
Virus:Trj/Wsnpoem.W Disinfected C:\vvuysfo.exe

8888888888888888888888888888888888888
DSS

Deckard's System Scanner v20070318.32
Run by Molly on 2007-04-11 at 05:29:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Molly.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:29:40 AM, on 4/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Molly\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Molly.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Microsoft Windows Distributed Transaction Coordinator (Windows Distributed Transaction Process Coordinator) - Unknown owner - C:\WINDOWS\msdtc.exe (file missing)


-- Files created between 2007-03-11 and 2007-04-11 -----------------------------

2007-04-10 22:19:43 1867 --a------ C:\WINDOWS\System32\pfdnnt_actions.sys<PFDNNT~1.SYS>
2007-04-10 22:19:43 8704 --a------ C:\WINDOWS\System32\pfdnnt.exe
2007-04-10 20:15:17 305 --a------ C:\Fixshares.reg<FIXSHA~1.REG>
2007-04-10 18:53:56 705370 --a------ C:\SDFix.exe
2007-04-10 18:46:31 20267 --a------ C:\pudl.exe
2007-04-07 13:28:17 2017 --a------ C:\tjfdf.exe
2007-04-07 13:28:06 48128 --a------ C:\bohxe.exe
2007-04-04 21:35:01 0 d-------- C:\Documents and Settings\Duane\.housecall6.6<HOUSEC~1.6>
2007-04-04 21:30:09 0 d-------- C:\WINDOWS\Sun
2007-03-31 07:36:01 109 --a------ C:\delete.reg
2007-03-31 07:25:13 0 d-------- C:\Documents and Settings\Cody\Application Data\WeatherBug<WEATHE~1>
2007-03-30 20:32:03 159 --a------ C:\FixServices.bat<FIXSER~1.BAT>
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun


-- Find3M Report ---------------------------------------------------------------

2007-04-11 05:29:37 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-04-10 22:47:27 0 d-------- C:\Program Files\Picasa2
2007-04-10 22:45:44 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-10 22:41:03 0 d-------- C:\Program Files\iTunes
2007-04-10 22:39:50 0 d-------- C:\Program Files\Google
2007-04-10 22:37:26 0 d-------- C:\Program Files\BigFix
2007-04-06 19:03:43 0 d-------- C:\Documents and Settings\Molly\Application Data\WeatherBug<WEATHE~1>
2007-04-01 10:33:26 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-24 13:47:01 0 d-------- C:\Documents and Settings\Molly\Application Data\AVG7
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Weather"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.exe 1"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-04-11 at 05:30:00 ---------
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-11-2007, 09:01 AM   #144 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,946
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
Hi,

Per your PM, since you removed your firewall a couple weeks ago due to problems running tools, keep this PC disconnected from the internet until we get one in place. This may very well be the reason this bot continued to get in and why additional trojans are coming in as well.

Disconnect this PC now.

-----------------------------------------------------------------

I'd prefer to use Killbox instead of Avenger on these. Use your other PC to download the following, and transfer to this system:

Download Pocket Killbox to your desktop.

-----------------------------------------------------------------

FIREWALL
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:

Do not install more than one firewall program as they will conflict with each other.

Comodo Personal Firewall

-----------------------------------------------------------------

Boot this system into Safe Mode.

-----------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[-hkey_current_user\software\MyWebSearch]

[-hkey_classes_root\FunWebProducts.ShellViewControl]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

-----------------------------------------------------------------

Launch KillBox.exe & select the following options:
  • Delete on Reboot
  • All files (if available)
Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy:

C:\bohxe.exe
C:\pudl.exe
C:\tjfdf.exe
C:\vvuysfo.exe
C:\Documents and Settings\Duane\Desktop\VirtumundoBeGone.exe
C:\Documents and Settings\Molly\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Molly\Desktop\Click To Find and Fix Errors.lnk
C:\Documents and Settings\Molly\Desktop\requested-files[2007-04-06_22_59].cab
C:\Documents and Settings\Molly\Desktop\requested-files[2007-04-06_23_10].cab

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* KillBox will alert you the files will be deleted on next reboot, click Yes
* When asked to Reboot, select Yes

Click OK at any PendingFileRenameOperations prompt, and let us know if you receive this message. Also, if the computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

-------------------------------------------------------

Open Killbox again, and go to File>Logs> click on Actions History Logs. Copy/paste the info from the text file which opens into your next reply. Close Killbox.

-------------------------------------------------------

Install Comodo Firewall to this system, then run another online scan at Panda and save the results.

-----------------------------------------------------------------

Run a scan with dss.exe and post the main.txt

-----------------------------------------------------------------

Include the following in your next reply:

Killbox Actions History log
Panda results
main.txt
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-11-2007, 11:58 PM   #145 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
The firewall appears to be doing a good job. svchost.exe is in the log several times. I looked in the files and did not see i, setup_#####.exe, or the other exe files in the C drive that had bee there before.

Quote:
Download Pocket Killbox to your desktop.
8888888 link did not work, download from cybertechhelp

Quote:
Click OK at any PendingFileRenameOperations prompt, and let us know if you receive
this message. Also, if the computer does not restart automatically, please restart
it manually.
888888888 no message, did restart

Killbox actions history log

Pocket Killbox version 2.0.0.881
Running on Windows XP as Molly(Administrator)
was started @ Wednesday, April 11, 2007, 8:29 PM

# 1 [Delete on Reboot]
Path = C:\pudl.exe


# 2 [Delete on Reboot]
Path = C:\tjfdf.exe


# 3 [Delete on Reboot]
Path = C:\Documents and Settings\Duane\Desktop\VirtumundoBeGone.exe


# 4 [Delete on Reboot]
Path = C:\Documents and Settings\Molly\Application Data\WinAntiVirus Pro 2006


# 5 [Delete on Reboot]
Path = C:\Documents and Settings\Molly\Desktop\Click To Find and Fix Errors.lnk


# 6 [Delete on Reboot]
Path = C:\Documents and Settings\Molly\Desktop\requested-files[2007-04-06_22_59].cab


# 7 [Delete on Reboot]
Path = C:\Documents and Settings\Molly\Desktop\requested-files[2007-04-06_23_10].cab


I Rebooted @ 8:31:12 PM
Killbox Closed(Exit) @ 8:31:12 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Molly(Administrator)
was started @ Wednesday, April 11, 2007, 8:43 PM

Panda Results



Incident Status Location

Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\Documents and Settings\Molly\Application Data\WinAntiVirus Pro 2006
Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\FunWebProducts.ShellViewControl.1
Adware:adware/wupd Not disinfected Windows Registry
Virus:W32/Sdbot.ftp.worm Not disinfected C:\!KillBox\requested-files[2007-04-06_22_59].cab[C:\windows\system32\i]
Virus:W32/Sdbot.ftp.worm Not disinfected C:\!KillBox\requested-files[2007-04-06_23_10].cab[C:\windows\system32\i]
Adware:Adware/SpySheriff Not disinfected C:\!KillBox\tjfdf.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\!KillBox\VirtumundoBeGone.exe
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\o4r7omoo.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\o4r7omoo.default\cookies.txt[www.systemdoctor.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cody\Cookies\cody@ad.yieldmanager[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cody\Cookies\cody@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Cody\Cookies\cody@apmebf[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cody\Cookies\cody@doubleclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cody\Cookies\cody@mediaplex[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Duane\Application Data\Mozilla\Firefox\Profiles\wchylb0m.default\cookies.txt[.systemdoctor.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Downloader.NUS Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DWFYZOJ\fagdnnxh[1].htm
Virus:Trj/Downloader.NUS Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DWFYZOJ\fagdnnxh[2].htm
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DWFYZOJ\iblyvij[1].htm
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DWFYZOJ\npvsftpq[1].txt
Virus:Trj/Downloader.NUS Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6X0DW705\axqnnnky[1].htm
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6X0DW705\iblyvij[1].htm
Virus:Trj/Downloader.NUS Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KRMHM32V\axqnnnky[1].htm
Virus:Trj/Downloader.NUS Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KRMHM32V\axqnnnky[2].htm
Virus:Trj/Downloader.NUS Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KRMHM32V\fagdnnxh[1].htm
Virus:Trj/Downloader.NUS Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KRMHM32V\fagdnnxh[2].htm
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KRMHM32V\iblyvij[1].htm
Virus:Trj/Downloader.NUS Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YNCP89MT\axqnnnky[1].htm
Virus:Trj/Downloader.NUS Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YNCP89MT\fagdnnxh[1].htm
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YNCP89MT\iblyvij[1].htm
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Molly\Cookies\molly@ads.pointroll[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Molly\Cookies\molly@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Molly\Cookies\molly@bs.serving-sys[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Molly\Cookies\molly@doubleclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Molly\Cookies\molly@mediaplex[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Molly\Cookies\molly@serving-sys[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1005\Dc1.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1005\Dc2.exe
Adware:Adware/SpySheriff Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1006\Dc4.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\Process.exe

main.txt

Deckard's System Scanner v20070318.32
Run by Molly on 2007-04-11 at 22:10:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Molly.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:10:20 PM, on 4/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Molly\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Molly.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Microsoft Windows Distributed Transaction Coordinator (Windows Distributed Transaction Process Coordinator) - Unknown owner - C:\WINDOWS\msdtc.exe (file missing)


-- Files created between 2007-03-11 and 2007-04-11 -----------------------------

2007-04-11 20:58:18 0 d-------- C:\Documents and Settings\Molly\Application Data\Comodo
2007-04-11 20:58:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-04-11 20:45:32 51328 --a------ C:\WINDOWS\System32\drivers\inspect.sys
2007-04-11 20:45:32 75520 --a------ C:\WINDOWS\System32\drivers\cmdmon.sys
2007-04-11 20:45:32 0 d-------- C:\Program Files\Comodo
2007-04-11 20:29:13 0 d-------- C:\!KillBox
2007-04-10 20:15:17 305 --a------ C:\Fixshares.reg<FIXSHA~1.REG>
2007-04-10 18:53:56 705370 --a------ C:\SDFix.exe
2007-04-04 21:35:01 0 d-------- C:\Documents and Settings\Duane\.housecall6.6<HOUSEC~1.6>
2007-04-04 21:30:09 0 d-------- C:\WINDOWS\Sun
2007-03-31 07:25:13 0 d-------- C:\Documents and Settings\Cody\Application Data\WeatherBug<WEATHE~1>
2007-03-30 20:32:03 159 --a------ C:\FixServices.bat<FIXSER~1.BAT>
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:25 491768 --a------ C:\ie6setup.exe
2007-03-11 22:17:35 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-11 09:24:21 0 d-------- C:\Documents and Settings\Duane\Application Data\Sun


-- Find3M Report ---------------------------------------------------------------

2007-04-11 22:10:19 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-04-11 21:41:43 0 d-------- C:\Program Files\Picasa2
2007-04-11 21:39:51 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-11 21:34:44 0 d-------- C:\Program Files\iTunes
2007-04-11 21:33:18 0 d-------- C:\Program Files\Google
2007-04-11 21:30:33 0 d-------- C:\Program Files\BigFix
2007-04-06 19:03:43 0 d-------- C:\Documents and Settings\Molly\Application Data\WeatherBug<WEATHE~1>
2007-04-01 10:33:26 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-24 13:47:01 0 d-------- C:\Documents and Settings\Molly\Application Data\AVG7
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-13 21:29:11 0 d-------- C:\Program Files\Common Files\Sandlot Shared<SANDLO~1>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>
2007-01-11 16:35:33 12800 --a------ C:\WINDOWS\System32\svchost.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Weather"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.exe 1"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CMDAGENT
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CMDMON
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INSPECT


-- End of Deckard's System Scanner: finished at 2007-04-11 at 22:10:43 ---------

System Behavior

System seems to be working well, hopefully it is on the road to recovery.

Time to update AVG and run that?

Thank you.
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-12-2007, 12:28 AM   #146 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,946
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
I certainly hope so...

Quote:
svchost.exe is in the log several times
This is normal and nothing to worry about. http://www.computerhaven.info/svchost.htm
Quote:
“Svchost.exe” is the file name for the generic Windows process called Service Host which resides in \Windows\System32\. Since it acts as a host, it can collect multiple services together and run them in a common environment. This results in a more efficient arrangement since it reduces boot time and system overhead by eliminating the need to run dozens of separate services, each in their own memory spaces. Different groups of Windows services have different requirements in terms of system access and security, which is why separate instances of svchost.exe are needed.
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.
---------------------------------------------------------------

Just a few things to finish up...


Quote:
@echo off
sc stop "Microsoft Windows Distributed Transaction Coordinator"
sc delete "Microsoft Windows Distributed Transaction Coordinator"
exit
Double click FixServices.bat. A window will open and close. This is normal.

---------------------------------------------------------------

Delete the following folder:

C:\Documents and Settings\Molly\Application Data\WinAntiVirus Pro 2006

---------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[-hkey_classes_root\FunWebProducts.ShellViewControl.1]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

---------------------------------------------------------------

Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

--------------------------------------------------------------------

Empty your Recycle Bin.

--------------------------------------------------------------------

Reboot your system.

--------------------------------------------------------------------

Now go ahead and update AVG A-S and run a scan. It's always best to scan from Safe Mode and close any open windows. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used.

--------------------------------------------------------------------

Surf the internet for a couple days and then run an online scan at Panda and another dss.exe and post both logs here. If they are still clean, we'll go ahead and update to XP SP2 and tidy up your system from all these tools we used and logs that were produced.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-15-2007, 02:18 PM   #147 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
I am having issues when running Panda. After being connected for a couple hours I lose the connection. I close the browser, reopen, and that does not work. I am going to run Panda again and try disabling the firewall upon completion of the scan and see what happens. I am not sure what else to do at this time. I did notice that firefox and IE were trying to act as a server so I used "Deny". Should I have picked Allow? Panda does have 2 in the detected Virus column.

Results of DSS

Deckard's System Scanner v20070318.32
Run by Molly on 2007-04-15 at 12:56:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Molly.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:58:09 PM, on 4/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Molly\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Molly.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Microsoft Windows Distributed Transaction Coordinator (Windows Distributed Transaction Process Coordinator) - Unknown owner - C:\WINDOWS\msdtc.exe (file missing)


-- Files created between 2007-03-15 and 2007-04-15 -----------------------------

2007-04-14 08:54:06 0 d-------- C:\Documents and Settings\Molly\Application Data\Sun
2007-04-13 20:51:37 21312 --a------ C:\WINDOWS\choice.exe
2007-04-13 20:50:27 0 d-------- C:\ie-spyad
2007-04-11 20:58:18 0 d-------- C:\Documents and Settings\Molly\Application Data\Comodo
2007-04-11 20:58:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-04-11 20:45:32 51328 --a------ C:\WINDOWS\System32\drivers\inspect.sys
2007-04-11 20:45:32 75520 --a------ C:\WINDOWS\System32\drivers\cmdmon.sys
2007-04-11 20:45:32 0 d-------- C:\Program Files\Comodo
2007-04-11 20:29:13 0 d-------- C:\!KillBox
2007-04-10 20:15:17 305 --a------ C:\Fixshares.reg<FIXSHA~1.REG>
2007-04-10 18:53:56 705370 --a------ C:\SDFix.exe
2007-04-04 21:35:01 0 d-------- C:\Documents and Settings\Duane\.housecall6.6<HOUSEC~1.6>
2007-04-04 21:30:09 0 d-------- C:\WINDOWS\Sun
2007-03-31 07:25:13 0 d-------- C:\Documents and Settings\Cody\Application Data\WeatherBug<WEATHE~1>
2007-03-30 20:32:03 147 --a------ C:\FixServices.bat<FIXSER~1.BAT>
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger
2007-03-19 21:14:12 0 d--h----- C:\WINDOWS\PIF


-- Find3M Report ---------------------------------------------------------------

2007-04-15 12:56:25 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-04-15 12:04:40 0 d-------- C:\Program Files\Picasa2
2007-04-15 12:01:24 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-15 11:51:04 0 d-------- C:\Program Files\iTunes
2007-04-15 11:46:49 0 d-------- C:\Program Files\Google
2007-04-15 11:36:07 0 d-------- C:\Program Files\BigFix
2007-04-15 08:34:05 0 d-------- C:\Documents and Settings\Molly\Application Data\AVG7
2007-04-06 19:03:43 0 d-------- C:\Documents and Settings\Molly\Application Data\WeatherBug<WEATHE~1>
2007-04-01 10:33:26 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:22 491768 --a------ C:\ie6setup.exe
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Weather"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.exe 1"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-04-15 at 13:00:36 ---------
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-15-2007, 09:15 PM   #148 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,946
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
Hiya,

Did you create and make the bat file I mentioned in Post #146?

Quote:
@echo off
sc stop "Microsoft Windows Distributed Transaction Coordinator"
sc delete "Microsoft Windows Distributed Transaction Coordinator"
exit
The reason I'm asking is because that service is still in your latest scan and I'd like to know if it was an oversight or if it has indeed returned.

I'm going to send you in to get it so we're certain it has been done:

Click Start->Run - type services.msc & then click on the OK button
*Locate the service - Microsoft Windows Distributed Transaction Coordinator **Careful here. They are listed alphabetically--Do not confuse it with the legit Distributed Transaction Coordinator
*Double-click on it to open the Properties dialog.
*Under the General tab...
*Stop the service by using the Stop button.
*Change the Startup type to Disabled & then click on the OK button

Next, start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
*In the popup box that appears, copy/paste Windows Distributed Transaction Process Coordinator into the open box and click OK.

Reboot your system for the change to take effect.

------------------------------------------------------------------

Quote:
I did notice that firefox and IE were trying to act as a server so I used "Deny". Should I have picked Allow?
Yes--try again to get the online scan and this time, allow the browsers to act as a server.

Post the results along with a new main.txt from dss.exe
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-18-2007, 08:22 AM   #149 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
Greetings, I wanted to post a reply so you knew I was still out here, just having issues.

I deleted the file using the steps outlined in the previous post.
Quote:
Click Start->Run - type services.msc & then click on the OK button
*Locate the service - Microsoft Windows Distributed Transaction Coordinator **Careful here. They are listed alphabetically--Do not confuse it with the legit Distributed Transaction Coordinator
*Double-click on it to open the Properties dialog.
*Under the General tab...
*Stop the service by using the Stop button.
*Change the Startup type to Disabled & then click on the OK button
The service was already stopped.
I did change it from Automatic to Disabled.

It was deleted using HJT.

I am having issues with connectivity. I run the Panda scan and when I click on the see report it says I need to be connected to the internet. Is there a setting in the firewall that is closing my internet connection that I am not aware of? Should I uninstall / delete the firewall and redo it since it is not letting me change the browser setting for server control. Maybe I can just delete IE and Firefox from the list and reset that way.

Thanks
Last edited by cul8rman; 04-18-2007 at 08:23 AM.
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-18-2007, 08:34 AM   #150 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,946
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
If you can't figure out how to change the denied permissions in Comodo, then yes--uninstall it and it's folder located in C:\Program Files\Comodo. Reboot. Reinstall.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-20-2007, 05:25 PM   #151 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
I have been very busy with my two young ones this past week. I was able to take out all applications so they would have to come in fresh. Svchost wants to act as a server / connect to internet, Comodo is all red, so I blocked. Is that the correct thing to do?

Thanks, should have post tomorrow AM.
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-20-2007, 06:06 PM   #152 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,946
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
Hiya,

No, you need to allow svchost to act as a server. You may see it 'pop up' a few times. Allow each one as multiple svchost.exe will be running, which is normal. Different groups of Windows services have different requirements in terms of system access and security, which is why separate instances of svchost.exe are needed.

Same thing if you see Generic Host Processes--allow it. Generic Host Processes are a list of services Microsoft uses for XP. Many of them are associated with Network applications (communicating locally or through the Internet)
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-20-2007, 11:44 PM   #153 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
Got around my issue, hopefully did not mess things up too bad. I uninstalled the firewall, ran Panda scan without being connected to the web, and then reconnected when it was finished. I then disconnected, reinstalled Comodo, then got back online. I do not see any of the past pesty files on the drive.

Panda results


Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\FunWebProducts.ShellViewControl.1
Adware:adware/wupd Not disinfected Windows Registry
Virus:W32/Sdbot.ftp.worm Not disinfected C:\!KillBox\requested-files[2007-04-06_22_59].cab[C:\windows\system32\i]
Virus:W32/Sdbot.ftp.worm Not disinfected C:\!KillBox\requested-files[2007-04-06_23_10].cab[C:\windows\system32\i]
Potentially unwanted tool:Application/Processor Not disinfected C:\!KillBox\VirtumundoBeGone.exe
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\o4r7omoo.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\o4r7omoo.default\cookies.txt[www.systemdoctor.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Cody\Cookies\cody@apmebf[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SmitfraudFix\Process.exe
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.doubleclick.net/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1005\Dc1.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1005\Dc2.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\Process.exe


DSS Results

Deckard's System Scanner v20070318.32
Run by Molly on 2007-04-20 at 22:34:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Molly.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:36:01 PM, on 4/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Molly\Desktop\dss.exe
C:\HIJACK~1\Molly.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- Files created between 2007-03-20 and 2007-04-20 -----------------------------

2007-04-20 22:24:06 51328 --a------ C:\WINDOWS\System32\drivers\inspect.sys
2007-04-20 22:24:06 75520 --a------ C:\WINDOWS\System32\drivers\cmdmon.sys
2007-04-15 20:58:40 0 d-------- C:\Documents and Settings\Duane\Application Data\Comodo
2007-04-14 08:54:06 0 d-------- C:\Documents and Settings\Molly\Application Data\Sun
2007-04-13 20:51:37 21312 --a------ C:\WINDOWS\choice.exe
2007-04-13 20:50:27 0 d-------- C:\ie-spyad
2007-04-11 20:58:18 0 d-------- C:\Documents and Settings\Molly\Application Data\Comodo
2007-04-11 20:58:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-04-11 20:45:32 0 d-------- C:\Program Files\Comodo
2007-04-11 20:29:13 0 d-------- C:\!KillBox
2007-04-10 20:15:17 305 --a------ C:\Fixshares.reg<FIXSHA~1.REG>
2007-04-10 18:53:56 705370 --a------ C:\SDFix.exe
2007-04-04 21:35:01 0 d-------- C:\Documents and Settings\Duane\.housecall6.6<HOUSEC~1.6>
2007-04-04 21:30:09 0 d-------- C:\WINDOWS\Sun
2007-03-31 07:25:13 0 d-------- C:\Documents and Settings\Cody\Application Data\WeatherBug<WEATHE~1>
2007-03-30 20:32:03 147 --a------ C:\FixServices.bat<FIXSER~1.BAT>
2007-03-27 20:55:16 0 d-------- C:\Documents and Settings\Molly\SmitfraudFix<SMITFR~1>
2007-03-27 18:56:48 0 d-------- C:\hijackthis<HIJACK~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\WINDOWS
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Symantec
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\InterTrust<INTERT~1>
2007-03-24 11:58:22 0 d-------- C:\Documents and Settings\Master Account\Application Data\Adobe
2007-03-24 11:58:21 1048576 --ah----- C:\Documents and Settings\Master Account\NTUSER.DAT
2007-03-24 08:46:40 0 d-------- C:\WINDOWS\System32\Kaspersky Lab<KASPER~1>
2007-03-20 20:18:18 0 d-------- C:\avenger


-- Find3M Report ---------------------------------------------------------------

2007-04-20 21:19:18 0 d-------- C:\Program Files\Picasa2
2007-04-20 21:17:43 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-20 21:13:09 0 d-------- C:\Program Files\iTunes
2007-04-20 21:11:54 0 d-------- C:\Program Files\Google
2007-04-20 21:09:35 0 d-------- C:\Program Files\BigFix
2007-04-15 12:56:25 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-04-15 08:34:05 0 d-------- C:\Documents and Settings\Molly\Application Data\AVG7
2007-04-06 19:03:43 0 d-------- C:\Documents and Settings\Molly\Application Data\WeatherBug<WEATHE~1>
2007-04-01 10:33:26 3446 --a------ C:\WINDOWS\System32\tmp.reg
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\System32\dgjun.bat
2007-03-12 18:20:22 491768 --a------ C:\ie6setup.exe
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-21 18:24:56 0 d-------- C:\Program Files\backups
2007-02-20 21:14:12 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-01-28 21:28:17 14 --a------ C:\WINDOWS\System32\systeminfo3.dll<SYSTEM~1.DLL>
2007-01-21 15:08:15 14612 --a------ C:\Program Files\CWSHREDDER.EXE-2D092FD4.pf<CWSHRE~1.PF>
2007-01-21 15:03:52 532480 --a------ C:\Program Files\cwshredder.exe<CWSHRE~1.EXE>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Weather"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.exe 1"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-04-20 at 22:36:22 ---------
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-21-2007, 07:28 PM   #154 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,946
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
These logs are finally looking real good.

This entry we've been trying to get with a regfix is still there. I'm going to send you in after it:

Click START…RUN…Type in regedit.
  • Navigate to the following key by clicking the + sign next to each category to expand them.
  • Continue doing so until you've reached the file/folder/entry I highlighted in BLUE
  • Right click the highlighted folder and select 'Delete'
hkey_classes_root\ FunWebProducts.ShellViewControl.1

If the above registry key is giving you problems deleting:
  • Right click on it and click on Permissions.
  • Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK.
  • Now try deleting the entry again.
Once you're done, close the Registry Editor.

How is your system behaving? If all is well, now would be a good time flush out the old Restore points and create a fresh, clean one.

Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any inadvertent reinfection from previous restore points.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-21-2007, 10:28 PM   #155 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
Procedure followed, Funwebproducts is a bad memory. I reset the system restore points, rebooted, and verified the file was gone, along with pesty files from the past. A real quick Panda scan (about 5 minutes into the scan) revealed two viruses like before so I stopped the scan. Last night after the post I ran AVG A/S and AV to get them up to date. The Spyware seems to be dropping, and there are still 2 bugs somewhere.

Waiting for next steps.
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-21-2007, 10:34 PM   #156 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,946
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
What 'bugs' remain?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-21-2007, 11:52 PM   #157 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
I think these are the bugs

Virus:W32/Sdbot.ftp.worm Not disinfected C:\!KillBox\requested-files[2007-04-06_22_59].cab[C:\windows\system32\i]
Virus:W32/Sdbot.ftp.worm Not disinfected C:\!KillBox\requested-files[2007-04-06_23_10].cab[C:\windows\system32\i]
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-22-2007, 08:29 AM   #158 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,946
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
Those are just the backups from when we deleted the sample files you had packed and sent to SpyKiller for evaluation. You can delete this folder C:\ !KillBox

Now that we have a nice clean Restore point and a Firewall installed, did you want to try re-enabling the File Sharing and see if you are now protected from that infection?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-22-2007, 10:46 AM   #159 (permalink)
Registered User
 
cul8rman's Avatar
 
Join Date: Aug 2006
Location: Arizona
Posts: 134
OS: XP


Re: MS Windows XP will not load when connected to internet
This PC seems to be working pretty well now. I have not had AVG pop up with the virus warnings like it had in the past.

The folder C:\!KillBox and it's contents have been deleted. I looked at the last AVG AV log and that was the only virus it detected.

File sharing would be nice, mainly accessing my printer over the home network. Is it time to try that, or should the other PC be cleaned up first?

The only complaint on this PC is that it can be a little slow, maybe lagging in response. I figured that may be corrected in the update to SP2.
cul8rman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-22-2007, 11:20 AM   #160 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,946
OS: WinXP and Vista


Re: MS Windows XP will not load when connected to internet
I'm thinking the reason it kept getting back in was due to the fact that you had disabled our Firewall. Once we re-enabled it, and removed the malware it didn't return.

Let's do this--update to XPSP2 now. It's a large download and it is much more secure than SP1. Come back here once you've installed SP2 and we'll re-enable the File Sharing and see how it goes. If the infection returns, we remove it and disable File Sharing again.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 8 of 9 « First 567 8 9

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:32 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85