Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computer Restarts When Connecting to Internet


  • This topic is locked This topic is locked
40 replies to this topic

#1 RussF92767

RussF92767

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 01 October 2008 - 07:13 AM

Running Windows 2000 Professional SP3. Every time the computer connects to the internet, either through a wired or wireless connection the computer restarts. I've removed quite a bit of spyware already through hijackthis! and other programs while attempting to restore this computer. Here is the current Hijackthis! log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:13 AM, on 10/1/2008
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\savedump.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InfoMyCa.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://att.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O20 - AppInit_DLLs: C:\WINNT\system32\sulimo.dat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
O23 - Service: WUSB54GPv4SVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 5707 bytes



Any ideas or suggestions to fix this problem are greatly appreciated!

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 October 2008 - 04:53 PM

Hello and welcome to the forum


I don't see a anti-virus program running. Get a free one.

Avira AntiVir Personal - FREE Antivirus
http://www.free-av.c..._antivirus.html

Or

avast! 4
http://www.avast.com...avast-home.html

Run a full scan and let us know what it finds along with a new HijackThis log.

Also please describe how your computer behaves at the moment

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 RussF92767

RussF92767

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 02 October 2008 - 08:52 PM

The computer was acting normally aside from restarting when connecting to the internet. Programs seemed to run OK except IE and Firefox.

Per your request, here is the Avira Antivir Report:

Avira AntiVir Personal
Report file date: Thursday, October 02, 2008 23:20

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows 2000
Windows version: (Service Pack 3) [5.0.2195]
Boot mode: Normally booted
Username: SYSTEM
Computer name: USER-E6DDF483FE

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 19:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 6/30/2008 11:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 6/30/2008 15:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 15:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 8/6/2008 19:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 18:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 4/24/2008 18:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/15/2008 18:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 7/18/2008 12:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 8/6/2008 19:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 18:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 8/6/2008 20:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 14:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 7/31/2008 14:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 18:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 6/30/2008 20:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, October 02, 2008 23:20

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'SBHookSvc.exe' - '1' Module(s) have been scanned
Scan process 'InfoMyCa.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'ycommon.exe' - '1' Module(s) have been scanned
Scan process 'WUSB54GPv4.exe' - '1' Module(s) have been scanned
Scan process 'LogMeInSystray.' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ybrwicon.exe' - '1' Module(s) have been scanned
Scan process 'winmgmt.exe' - '1' Module(s) have been scanned
Scan process 'motivesb.exe' - '1' Module(s) have been scanned
Scan process 'cfd.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'mstask.exe' - '1' Module(s) have been scanned
Scan process 'regsvc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
Scan process 'ramaint.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '0' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '49' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSmartSearch.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49549046.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloadervcd8.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49549050.qua'!
C:\Documents and Settings\user\ie_update3r.exe
[0] Archive type: OVL
--> Object
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE] The file was moved to '49449074.qua'!
C:\Documents and Settings\user\ie_update4r.exe
[DETECTION] Is the TR/Dldr.Agent.dfm Trojan
[NOTE] The file was moved to '49449077.qua'!
C:\Documents and Settings\user\.housecall6.6\Quarantine\devadwp.exe.bac_a01592
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\user\.housecall6.6\Quarantine\devadwp.exe.bac_a01592
[DETECTION] Is the TR/Agent.16384.23 Trojan
[NOTE] The file was moved to '495b907e.qua'!
C:\Documents and Settings\user\.housecall6.6\Quarantine\installer_en[1].exe.bac_a01592
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\user\.housecall6.6\Quarantine\installer_en[1].exe.bac_a01592
[DETECTION] Is the TR/Gendal.173600 Trojan
[NOTE] The file was moved to '49589089.qua'!
C:\Documents and Settings\user\.housecall6.6\Quarantine\ja.exe.bac_a01592
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\user\.housecall6.6\Quarantine\ja.exe.bac_a01592
[DETECTION] Is the TR/Dldr.Obfuscatd.BK Trojan
[NOTE] The file was moved to '4913907e.qua'!
C:\Documents and Settings\user\.housecall6.6\Quarantine\jivcraaa.exe.bac_a01592
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\user\.housecall6.6\Quarantine\jivcraaa.exe.bac_a01592
[DETECTION] Contains recognition pattern of the DR/Spy.Agent.IR.5 dropper
[NOTE] The file was moved to '495b908e.qua'!
C:\Documents and Settings\user\.housecall6.6\Quarantine\printer.exe.bac_a01592
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\user\.housecall6.6\Quarantine\printer.exe.bac_a01592
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '494e9098.qua'!
C:\Documents and Settings\user\.housecall6.6\Quarantine\rmzdlg32.dll.bac_a01592
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\user\.housecall6.6\Quarantine\rmzdlg32.dll.bac_a01592
[DETECTION] Is the TR/Spy.Agent.IR.51 Trojan
[NOTE] The file was moved to '495f9096.qua'!
C:\Documents and Settings\user\.housecall6.6\Quarantine\sulimo.dat.bac_a01592
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\user\.housecall6.6\Quarantine\sulimo.dat.bac_a01592
[DETECTION] Is the TR/Peed.JZ.11 Trojan
[NOTE] The file was moved to '495190a0.qua'!
C:\Documents and Settings\user\.housecall6.6\Quarantine\sw_ins.exe.bac_a01592
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\user\.housecall6.6\Quarantine\sw_ins.exe.bac_a01592
[DETECTION] Is the TR/Dldr.Adload.MA Trojan
[NOTE] The file was moved to '494490a4.qua'!
C:\Documents and Settings\user\.housecall6.6\Quarantine\winavxx.exe.bac_a01592
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\user\.housecall6.6\Quarantine\winavxx.exe.bac_a01592
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '49539098.qua'!
C:\Documents and Settings\user\.housecall6.6\Quarantine\xlavba3.exe.bac_a01592
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\user\.housecall6.6\Quarantine\xlavba3.exe.bac_a01592
[DETECTION] Is the TR/Dldr.Wixud.G Trojan
[NOTE] The file was moved to '4946909c.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080930-201242-308-autorun.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '4948923f.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080930-201242-974-system.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '49489241.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080930-205116-300-system.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '49489243.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080930-205116-695-autorun.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '49489246.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080930-210323-313-system.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '49489247.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080930-210323-488-autorun.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '49489249.qua'!
C:\Program Files\Yahoo!\Messenger\yahoomessenger.exe
[DETECTION] Is the TR/Patched.BZ.172 Trojan
[NOTE] The file was moved to '494d92c7.qua'!
C:\WINNT\nmcuninstall.exe
[DETECTION] Is the TR/Dldr.Zlob.dmx Trojan
[NOTE] The file was moved to '494892fd.qua'!
C:\WINNT\rbvrvzw.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495b92f6.qua'!
C:\WINNT\upcrav.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49489306.qua'!
C:\WINNT\system32\ntio256.sys
[WARNING] The file could not be opened!
C:\WINNT\system32\SoUI.dll
[DETECTION] Is the TR/Dldr.Delphi.Gen Trojan
[NOTE] The file was moved to '493a9422.qua'!
C:\WINNT\system32\sulimo.dat
[DETECTION] Is the TR/Peed.JZ.11 Trojan
[NOTE] The file was moved to '4951942c.qua'!
C:\WINNT\system32\sysppua.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49589436.qua'!
C:\WINNT\system32\trust.dll
[DETECTION] Is the TR/Spy.BZub.bta Trojan
[NOTE] The file was moved to '495a9435.qua'!
C:\WINNT\system32\users64.dat
[DETECTION] Is the TR/Spy.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '443a04bb.qua'!
C:\WINNT\system32\drivers\OLD2.tmp
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '492994df.qua'!


End of the scan: Thursday, October 02, 2008 23:42
Used time: 21:48 Minute(s)

The scan has been done completely.

1133 Scanning directories
40737 Files were scanned
28 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
30 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
40705 Files not concerned
493 Archives were scanned
3 Warnings
30 Notes

And here is the Hijackthis! Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:01 PM, on 10/2/2008
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InfoMyCa.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O20 - AppInit_DLLs: C:\WINNT\system32\sulimo.dat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
O23 - Service: WUSB54GPv4SVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 5352 bytes


All detected viruses were quarantined.

Thanks for your help!

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 03 October 2008 - 08:51 PM

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 RussF92767

RussF92767

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 04 October 2008 - 08:55 PM

Per your instructions...

Malwarebytes' Anti-Malware 1.27
Database version: 1127
Windows 5.0.2195 Service Pack 3

10/4/2008 11:48:16 PM
mbam-log-2008-10-04 (23-48-16).txt

Scan type: Quick Scan
Objects scanned: 38112
Time elapsed: 9 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And the Hijackthis! Log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:07 PM, on 10/4/2008
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InfoMyCa.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
O23 - Service: WUSB54GPv4SVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 5302 bytes





Computer is still restarting when I try to connect out to the internet...

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 October 2008 - 06:11 AM

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab

Close ALL windows and browsers except HijackThis and click "Fix checked"



Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 RussF92767

RussF92767

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 05 October 2008 - 09:08 AM

I am away from that computer at the moment, but I will do as you instruct when I am back there, probably in about 8 hours or so. I noticed that my computer is running Windows 2000 Service Pack 3. Service Pack 4 is available for download. Should I download and install that? Could that also be part of my internet connectivity problem? Thanks in advance.

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 October 2008 - 09:11 AM

I noticed that my computer is running Windows 2000 Service Pack 3. Service Pack 4 is available for download. Should I download and install that? Could that also be part of my internet connectivity problem?

Yes :thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 RussF92767

RussF92767

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 05 October 2008 - 09:13 AM

Should I follow your instruction first or install SP4 first?

#10 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 October 2008 - 09:15 AM

Should I follow your instruction first or install SP4 first?

Do the fix first.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#11 RussF92767

RussF92767

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 05 October 2008 - 05:39 PM

Did the recommended fixes, here is the Hijackthis! log Working on downloading the Service Pack for install now...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:22 PM, on 10/5/2008
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WUSB54GPv4.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InfoMyCa.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WUSB54GPv4] C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
O23 - Service: WUSB54GPv4SVC - GEMTEKS - C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 3956 bytes



Computer is still rebooting when I attempt to connect to the internet...I will let you know what happens after I install the service pack.

#12 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 October 2008 - 05:41 PM

Computer is still rebooting when I attempt to connect to the internet...I will let you know what happens after I install the service pack.

If it's rebooting, how are you getting the service pack?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#13 RussF92767

RussF92767

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 05 October 2008 - 05:48 PM

I am downloading it on another computer and transfering it on to a jump drive.

#14 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 October 2008 - 07:36 PM

If that doesn't work, try this:

Get a copy of winsockxpfix.exe You just run it and
things should work OK after it reboots your system.

http://www.spywareki.../winsockfix.exe

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#15 RussF92767

RussF92767

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 05 October 2008 - 07:56 PM

And if THAT doesn't work??? :angry:

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users