Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can connect to internet only in safe mode

Started by marmalade , May 16 2006 10:31 PM

  • Please log in to reply

#1
marmalade
Posted 16 May 2006 - 10:31 PM

marmalade

    New Member

  • Member
  • Pip
  • 2 posts
Hi, my friend has a laptop that won't connect to the internet when I start Windows XP normally. I decided to check it with Hijackthis but I can't really tell if there's anything wrong so I was wondering if anyone could help me out. Here's the normal windows log and safe mode log.

I'm really stuck as to what to do. Any replies, suggestions, or whatever are really appreciated. :whistling:

HijackThis log in normal mode.

Logfile of HijackThis v1.99.1
Scan saved at 10:34:57, on 2006/05/14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\igfxext.exe
C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Fujitsu\sa\de\jsharp\bin\SBRSVC.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Fujitsu\sa\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: CATLEvents Object - {68132581-10F2-416E-B188-4E648075325A} - C:\DOCUME~1\Owner\LOCALS~1\Temp\ssvnib.dat (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\ja\msntb.dll
O2 - BHO: CATLEvents Object - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\Owner\LOCALS~1\Temp\vrscp.dat (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\ja\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [INETCONDSP] "C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe"
O4 - HKLM\..\Run: [FMVƒ‰ƒ“ƒ`ƒƒ[] C:\fjuty\wallbtn\FMVLauncherKicker.exe
O4 - HKLM\..\Run: [*iisftp] C:\WINDOWS\system\iisftp.exe
O4 - HKLM\..\Run: [*iisvss] C:\WINDOWS\msagent\chars\iisvss.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eCruiser] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DC4NX589\eCruiser[1].exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O8 - Extra context menu item: Microsoft Excel ‚ΙƒGƒNƒXƒ|[ƒg(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: ƒŠƒT[ƒ` - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2C079F28-EE92-4700-A44B-AF5FA285FCCA} (HanGamePluginJP16 Class) - http://down.hangame....ePluginJP16.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame....GPluginJP21.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE7A1D3C-16AC-4037-97FC-2DC2FF2FDB0A}: NameServer = 64.59.144.16,64.59.144.17
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: accdoc - C:\DOCUME~1\Owner\LOCALS~1\Temp\codcca.dat
O20 - Winlogon Notify: accplay - C:\DOCUME~1\Owner\LOCALS~1\Temp\yalpcca.dat
O20 - Winlogon Notify: accwin - C:\DOCUME~1\Owner\LOCALS~1\Temp\niwcca.dat
O20 - Winlogon Notify: adas - C:\DOCUME~1\Owner\LOCALS~1\Temp\sada.dat
O20 - Winlogon Notify: admfc - C:\DOCUME~1\Owner\LOCALS~1\Temp\cfmda.dat
O20 - Winlogon Notify: asap - C:\DOCUME~1\Owner\LOCALS~1\Temp\pasa.dat
O20 - Winlogon Notify: aseula - C:\DOCUME~1\Owner\LOCALS~1\Temp\aluesa.dat
O20 - Winlogon Notify: bakcom - C:\DOCUME~1\Owner\LOCALS~1\Temp\mockab.dat
O20 - Winlogon Notify: bintask - C:\DOCUME~1\Owner\LOCALS~1\Temp\ksatnib.dat
O20 - Winlogon Notify: cabnut - C:\DOCUME~1\Owner\LOCALS~1\Temp\tunbac.dat
O20 - Winlogon Notify: cole - C:\DOCUME~1\Owner\LOCALS~1\Temp\eloc.dat
O20 - Winlogon Notify: comcmd - C:\DOCUME~1\Owner\LOCALS~1\Temp\dmcmoc.dat
O20 - Winlogon Notify: coms - C:\DOCUME~1\Owner\LOCALS~1\Temp\smoc.dat
O20 - Winlogon Notify: comsrv - C:\DOCUME~1\Owner\LOCALS~1\Temp\vrsmoc.dat
O20 - Winlogon Notify: comutil - C:\DOCUME~1\Owner\LOCALS~1\Temp\litumoc.dat
O20 - Winlogon Notify: crvss - C:\DOCUME~1\Owner\LOCALS~1\Temp\ssvrc.dat
O20 - Winlogon Notify: dbbas - C:\DOCUME~1\Owner\LOCALS~1\Temp\sabbd.dat
O20 - Winlogon Notify: dbnet - C:\DOCUME~1\Owner\LOCALS~1\Temp\tenbd.dat
O20 - Winlogon Notify: diskbas - C:\DOCUME~1\Owner\LOCALS~1\Temp\sabksid.dat
O20 - Winlogon Notify: dllbas - C:\DOCUME~1\Owner\LOCALS~1\Temp\sablld.dat
O20 - Winlogon Notify: dllc - C:\DOCUME~1\Owner\LOCALS~1\Temp\clld.dat (file missing)
O20 - Winlogon Notify: doscom - C:\DOCUME~1\Owner\LOCALS~1\Temp\mocsod.dat
O20 - Winlogon Notify: dosjpeg - C:\DOCUME~1\Owner\LOCALS~1\Temp\gepjsod.dat
O20 - Winlogon Notify: dosnut - C:\DOCUME~1\Owner\LOCALS~1\Temp\tunsod.dat
O20 - Winlogon Notify: drvwin - C:\DOCUME~1\Owner\LOCALS~1\Temp\niwvrd.dat
O20 - Winlogon Notify: dvdodbc - C:\DOCUME~1\Owner\LOCALS~1\Temp\cbdodvd.dat
O20 - Winlogon Notify: euladoc - C:\DOCUME~1\Owner\LOCALS~1\Temp\codalue.dat
O20 - Winlogon Notify: eulados - C:\DOCUME~1\Owner\LOCALS~1\Temp\sodalue.dat
O20 - Winlogon Notify: expabr - C:\DOCUME~1\Owner\LOCALS~1\Temp\rbapxe.dat
O20 - Winlogon Notify: faxap - C:\DOCUME~1\Owner\LOCALS~1\Temp\paxaf.dat
O20 - Winlogon Notify: faxbin - C:\DOCUME~1\Owner\LOCALS~1\Temp\nibxaf.dat
O20 - Winlogon Notify: faxtapi - C:\DOCUME~1\Owner\LOCALS~1\Temp\ipatxaf.dat
O20 - Winlogon Notify: hardexp - C:\DOCUME~1\Owner\LOCALS~1\Temp\pxedrah.dat
O20 - Winlogon Notify: hardwms - C:\DOCUME~1\Owner\LOCALS~1\Temp\smwdrah.dat
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: iisabr - C:\DOCUME~1\Owner\LOCALS~1\Temp\rbasii.dat
O20 - Winlogon Notify: iptapi - C:\DOCUME~1\Owner\LOCALS~1\Temp\ipatpi.dat
O20 - Winlogon Notify: jpegc - C:\DOCUME~1\Owner\LOCALS~1\Temp\cgepj.dat
O20 - Winlogon Notify: kbras - C:\DOCUME~1\Owner\LOCALS~1\Temp\sarbk.dat
O20 - Winlogon Notify: kbxml - C:\DOCUME~1\Owner\LOCALS~1\Temp\lmxbk.dat
O20 - Winlogon Notify: keydb - C:\DOCUME~1\Owner\LOCALS~1\Temp\bdyek.dat
O20 - Winlogon Notify: keyrun - C:\DOCUME~1\Owner\LOCALS~1\Temp\nuryek.dat
O20 - Winlogon Notify: libun - C:\DOCUME~1\Owner\LOCALS~1\Temp\nubil.dat
O20 - Winlogon Notify: maindrv - C:\DOCUME~1\Owner\LOCALS~1\Temp\vrdniam.dat
O20 - Winlogon Notify: mainwave - C:\DOCUME~1\Owner\LOCALS~1\Temp\evawniam.dat
O20 - Winlogon Notify: mcac - C:\DOCUME~1\Owner\LOCALS~1\Temp\cacm.dat
O20 - Winlogon Notify: mcc - C:\DOCUME~1\Owner\LOCALS~1\Temp\ccm.dat
O20 - Winlogon Notify: mccab - C:\DOCUME~1\Owner\LOCALS~1\Temp\baccm.dat
O20 - Winlogon Notify: mcun - C:\DOCUME~1\Owner\LOCALS~1\Temp\nucm.dat
O20 - Winlogon Notify: mfcdrv - C:\DOCUME~1\Owner\LOCALS~1\Temp\vrdcfm.dat
O20 - Winlogon Notify: mp3wave - C:\DOCUME~1\Owner\LOCALS~1\Temp\evaw3pm.dat
O20 - Winlogon Notify: msdrv - C:\DOCUME~1\Owner\LOCALS~1\Temp\vrdsm.dat
O20 - Winlogon Notify: mspc - C:\DOCUME~1\Owner\LOCALS~1\Temp\cpsm.dat (file missing)
O20 - Winlogon Notify: msvcdrv - C:\DOCUME~1\Owner\LOCALS~1\Temp\vrdcvsm.dat
O20 - Winlogon Notify: olelog - C:\DOCUME~1\Owner\LOCALS~1\Temp\golelo.dat
O20 - Winlogon Notify: playimg - C:\DOCUME~1\Owner\LOCALS~1\Temp\gmiyalp.dat
O20 - Winlogon Notify: psc - C:\DOCUME~1\Owner\LOCALS~1\Temp\csp.dat
O20 - Winlogon Notify: reginet - C:\DOCUME~1\Owner\LOCALS~1\Temp\teniger.dat
O20 - Winlogon Notify: runftp - C:\DOCUME~1\Owner\LOCALS~1\Temp\ptfnur.dat
O20 - Winlogon Notify: runps - C:\DOCUME~1\Owner\LOCALS~1\Temp\spnur.dat
O20 - Winlogon Notify: srvcat - C:\DOCUME~1\Owner\LOCALS~1\Temp\tacvrs.dat
O20 - Winlogon Notify: svcip - C:\DOCUME~1\Owner\LOCALS~1\Temp\picvs.dat
O20 - Winlogon Notify: svcw - C:\DOCUME~1\Owner\LOCALS~1\Temp\wcvs.dat
O20 - Winlogon Notify: svrac - C:\DOCUME~1\Owner\LOCALS~1\Temp\carvs.dat
O20 - Winlogon Notify: svras - C:\DOCUME~1\Owner\LOCALS~1\Temp\sarvs.dat
O20 - Winlogon Notify: tapiav - C:\DOCUME~1\Owner\LOCALS~1\Temp\vaipat.dat
O20 - Winlogon Notify: taskdvd - C:\DOCUME~1\Owner\LOCALS~1\Temp\dvdksat.dat
O20 - Winlogon Notify: tcpinfo - C:\DOCUME~1\Owner\LOCALS~1\Temp\ofnipct.dat
O20 - Winlogon Notify: tcpmain - C:\DOCUME~1\Owner\LOCALS~1\Temp\niampct.dat
O20 - Winlogon Notify: tcptask - C:\DOCUME~1\Owner\LOCALS~1\Temp\ksatpct.dat
O20 - Winlogon Notify: unrun - C:\DOCUME~1\Owner\LOCALS~1\Temp\nurnu.dat
O20 - Winlogon Notify: urlbak - C:\DOCUME~1\Owner\LOCALS~1\Temp\kablru.dat
O20 - Winlogon Notify: urlrun - C:\DOCUME~1\Owner\LOCALS~1\Temp\nurlru.dat
O20 - Winlogon Notify: vbcab - C:\DOCUME~1\Owner\LOCALS~1\Temp\bacbv.dat
O20 - Winlogon Notify: vbinet - C:\DOCUME~1\Owner\LOCALS~1\Temp\tenibv.dat
O20 - Winlogon Notify: vbjpeg - C:\DOCUME~1\Owner\LOCALS~1\Temp\gepjbv.dat
O20 - Winlogon Notify: vbrun - C:\DOCUME~1\Owner\LOCALS~1\Temp\nurbv.dat
O20 - Winlogon Notify: vgasys - C:\DOCUME~1\Owner\LOCALS~1\Temp\sysagv.dat
O20 - Winlogon Notify: vsss - C:\DOCUME~1\Owner\LOCALS~1\Temp\sssv.dat
O20 - Winlogon Notify: winac - C:\DOCUME~1\Owner\LOCALS~1\Temp\caniw.dat
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: MyMedia Server - Unknown owner - C:\Program Files\Fujitsu\MyMedia\MyMedia Server\mediaserver.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SBRLLA For FM Advisor (SBRLLA) - FUJITSU LIMITED - C:\Program Files\Fujitsu\sa\de\jsharp\bin\SBRSVC.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

Edited by rambro, 18 May 2006 - 12:05 PM.

  • 0

Advertisements

#2
rambro
Posted 18 May 2006 - 01:04 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear marmalade, :whistling:

Welcome to the Geeks to Go forums.

We are currently studying your log. :blink:
*************************************

Dear mamalade, in the future do not put your Hijackthis logs in a file attachment.
****************

Since you cannot access the Internet in normal mode on the infected computer. Please log on to the infected computer in "Safe Mode". If you can connect to the Internet in the "Safe Mode" on the infected computer, go to the following link: http://www.uploadmalware.com/ and upload the following files marked in blue:

C:\WINDOWS\system\iisftp.exe
C:\WINDOWS\msagent\chars\iisvss.exe

Note: the above files are bad files, so if you decide to copy these files on a cd-rom and access the Internet on another computer to upload these files, just be careful.

rambro :help:

Edited by rambro, 18 May 2006 - 01:14 PM.

  • 0

#3
rambro
Posted 18 May 2006 - 01:13 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear marmalade;

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

If you cannot access the Internet on the infected PC in normal mode and you have access to a CD Burner on another pc, do the following:

Create three new folders on the desktop of this PC. Label them

Trojan Hunter
Ewido
VundoFix

Download a Free Trial of Trojan Hunter at http://www.misec.net...rojanHunter.exe to this pc's desktop and copy and place the executable file (TrojanHunter.exe) in the Trojan Hunter folder on this pc's desktop. Do not run this executable file at this time.

Since you cannot access the Internet, please download the latest update files for TrojanHunter program from this link: http://www.misec.net...unter/updating/. Place this file also, in the Trojan Hunter folder on this pc's desktop.

Download Ewido Security Suite from here: http://www.ewido.net/en/download/ to this pc's desktop and copy and place the "ewido-setup.exe" executable file in the Ewido folder on this pc's desktop. Do not run this executable file at this time.

Again, since you cannot access the Internet, please download the latest update files for the Ewido Security Suite program from this link: http://www.ewido.net...wnload/updates/ (i.e. download the "Full Database"). Place these files also, in the Ewido folder on this pc's desktop.

Please go here and download the latest version of the VundoFix: http://www.atribune..../click.php?id=4. Place this executable file (i.e. VundoFix.exe) in the VundoFix folder on this pc.

Get a new CD-ROM disk, and copy (i.e. burn) the three folders on this pc's desktop to the CD ROM disk. Copy the three folders from the CD-ROM disk to the infected pc's C: drive.

From the infected computer

Click on "TrojanHunter.exe" executable file to install the Trojan Hunter program and manually install the lastest updates for this program; however, do not run this program at this time, you will run the program in safe mode.

Click on the "ewido-setup.exe" executable file to install the Ewido Security Suite program and manually install the latest updates for this program; however, do not run this program at this time, you will run the program in safe mode.

Note: When installing the Ewido Security Suite program, under 'Additional Options' uncheck:
  • Install background guard
  • Install scan via context menu


Now that the TrojanHunter and Ewido Security programs, and their repective updates, are installed on the "Infected computer".

Do the following:

Please reboot your computer into Safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). For additional help in booting into Safe Mode, see the following site: http://www.pchell.co.../safemode.shtml

Clean out temporary and Temporary Internet files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin
********************

Run the TrojanHunter program and fix anything it detects.

Run a full scan with the ewido application and remove anything it finds. This application should also produce a log, please post this log in a reply to this post.

Run the "VundoFix.exe" file located in the "VundoFix" folder. See the following insturctions:
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on and restart your computer back into normal mode.
The VundoFix should produce a log called "vundofix.txt", post the contents of C:\vundofix.txt log in a reply to this post.

Please restart your computer and post a new HijackThis log, the Ewido Scan log and the vundofix log in a reply to this post. :whistling:

In addition, let me know in detail how your computer system is running after performing the above steps. :blink:
  • 0

#4
rambro
Posted 18 May 2006 - 03:00 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear marmalade, :whistling:

Can you tell me, in detail, if the yearly subscription to your friend's McAfee antivirus software has expired?

Can you tell me, in detail, if your friend has registered his/her McAfee antivirus software?

rambro :blink:
  • 0

#5
marmalade
Posted 19 May 2006 - 11:45 PM

marmalade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Dear marmalade, :whistling:

Welcome to the Geeks to Go forums.

We are currently studying your log. :blink:
*************************************

Dear mamalade, in the future do not put your Hijackthis logs in a file attachment.
****************

Since you cannot access the Internet in normal mode on the infected computer. Please log on to the infected computer in "Safe Mode". If you can connect to the Internet in the "Safe Mode" on the infected computer, go to the following link: http://www.uploadmalware.com/ and upload the following files marked in blue:

C:\WINDOWS\system\iisftp.exe
C:\WINDOWS\msagent\chars\iisvss.exe

Note: the above files are bad files, so if you decide to copy these files on a cd-rom and access the Internet on another computer to upload these files, just be careful.

rambro :help:


I can't find these files even when I show hidden files and folders. Any ideas?

Btw, they say the McAfee is registered and fine. Is it the McAfee that's stopping the internet connection..? Should I uninstall it?

Edited by marmalade, 19 May 2006 - 11:49 PM.

  • 0

#6
rambro
Posted 20 May 2006 - 07:10 AM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear marmalade, :whistling:

Please do me a favor and do not repost what I have posted to you. I basically know what I have sent you through a post and reposting this information back to me wastes space and makes it harder for me to analyze your post. Just give me the information that I ask for. Thank you for your cooperation. :blink:

Btw, they say the McAfee is registered and fine. Is it the McAfee that's stopping the internet connection..? Should I uninstall it?


No, the McAfee antivirus program is not causing a stoppage in the internet connection, do not unistall this program. The computer system is infected with the Vundo virus.
************************

I can't find these files even when I show hidden files and folders. Any ideas?


Here are the instructions for showing Hidden files and folders:

Make sure your PC is configured to show hidden files. Here is how to do this:

Windows XP

* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".

Here is a link for further explanation: http://www.xtra.co.n...1916458,00.html

Then please try to find and upload those files I gave you in my first post (See post #2). If you still can't find these files move on to the next post (See post #3). Good Luck!!!

rambro :help:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP