|
| ||
| Computer freezes when connected to Internet Hello For the past few days, whenever I connect to the internet, my computer slows down and eventually completely freezes. If i disconnect from the internet, it starts working again just fine. I have run a few virus scans (mcafee) and a few trojans were found and removed however the problem still exists. Based on another post from this forum, I installed the highjack tool and ran a log. Below is the results...anything look suspicious? Note, I am unable to run any type of virus detection if i am connected to the internet. I did run this hijack file while connected though. Thanks in advance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:28:36 AM, on 1/2/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\ifxspmgt.exe C:\WINDOWS\system32\ifxtcs.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\WINDOWS\system32\nbsdvtsvc.exe C:\WINDOWS\system32\IfxPsdSv.exe C:\WINDOWS\system32\rsosvc.exe C:\WINDOWS\system32\schdlsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\consctl.exe C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\AccelerometerSt.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Novatel Wireless\MobiLink\Lite.exe C:\Documents and Settings\sherry.ruddock\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe C:\Program Files\DNA\btdna.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Network Associates\VirusScan\SCAN32.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe F:\HiJackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://142.146.40.109 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Communications Inc R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [MobiLink Lite] C:\Program Files\Novatel Wireless\MobiLink\Lite.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\sherry.ruddock\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [SFA] "\\rci.rogers.ca\dfsapps\shared\salesforce_v3.0\sfa_install_v3_01.exe" /0INSTALL O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: eTrust SSO Client Startup.lnk = C:\WINDOWS\RunHide.exe O4 - Global Startup: VPN Client.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file:\\rci.rogers.ca\dfsapps\rwi\homepage\homepage.html O15 - Trusted Zone: http://q3.webtechwireless.com O15 - Trusted Zone: http://*.itpmowss (HKLM) O15 - Trusted Zone: http://*.rogers.mphro.com (HKLM) O15 - Trusted Zone: http://*.Rapid (HKLM) O15 - Trusted Zone: http://*.Rapid.rogers.com (HKLM) O15 - Trusted Zone: crossroads.net.wireless.rogers.com (HKLM) O15 - Trusted Zone: http://itolls.rogers.com (HKLM) O15 - Trusted Zone: http://itpmowss.rogers.com (HKLM) O15 - Trusted Zone: ossjunction.net.wireless.rogers.com (HKLM) O15 - Trusted Zone: http://rcilx030.rogers.com (HKLM) O15 - Trusted Zone: http://rcilx031.rogers.com (HKLM) O15 - Trusted Zone: http://rsohp013.rogers.com (HKLM) O15 - Trusted Zone: web-dev.net.wireless.rogers.com (HKLM) O15 - Trusted Zone: http://*.RSSESNITAPWA (HKLM) O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/C...ataManager.CAB O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rci.rogers.ca O17 - HKLM\Software\..\Telephony: DomainName = rci.rogers.ca O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rci.rogers.ca O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rogers.com,rci.rogers.ca,rogers.ca O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rci.rogers.ca O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rci.rogers.ca O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Unknown owner - C:\Program Files\Intel\AMT\atchksrv.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Unknown owner - C:\Program Files\Intel\AMT\LMS.exe (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: nbsdvt - Unknown owner - C:\WINDOWS\system32\nbsdvtsvc.exe O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: RSO Service (rsosvc) - Rogers Shared Operations - C:\WINDOWS\system32\rsosvc.exe O23 - Service: RSS Scheduler (schdlsvc) - Unknown owner - C:\WINDOWS\system32\schdlsv.exe O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Unknown owner - C:\Program Files\Intel\AMT\UNS.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.fantasyislandresort.com/f...as/Aerea16.jpg -- End of file - 15452 bytes |
| ||
| Re: Computer freezes when connected to Internet Can you tell me who is your internet provider? Did you personally add all those trusted sites? Is this a business computer or used for your job? |
| ||
| Re: Computer freezes when connected to Internet I use a national cable provider called Shaw (canada). This is my work computer. Oddly enough I dont have those sites listed in my trusted zone list, they must be in the registry somewhere...added by IT. Most of them do look authentic |
| ||
| Re: Computer freezes when connected to Internet Please do the following: Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop. * DoubleClick mbam-setup.exe and follow the prompts to install MBA-M. * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt. Reboot the computer. Run the ESET Online Scanner and attach the ScanLog with your post for assistance. * You will need to use Internet Explorer to to complete this scan. * You will need to temporarily Disable your current Anti-virus program. * Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked. * When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below. Reboot the computer. Then run a new HJT full system scan and save the log. Post back here with all three logs. |
| ||
| Re: Computer freezes when connected to Internet Thank you for the detailed instructions and your time. I have performed the outlined stops. I was not able to disable my virus scan...it is password protected. Here are the 3 log files Malwarebytes' Anti-Malware 1.31 Database version: 1602 Windows 5.1.2600 Service Pack 2 1/3/2009 11:27:20 AM mbam-log-2009-01-03 (11-27-20).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 116800 Time elapsed: 29 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully. Files Infected: C:\System Volume Information\_restore{E8EBED63-E53D-4C7F-A9CB-A281ED8D8128}\RP306\A0088494.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\bitsadmin.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msqpdxtghvkdxn.dll (Trojan.TDSS) -> Delete on reboot. C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\msqpdxmeicenky.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-3FD.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tempo-659.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully. # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3733 (20090102) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=4857d01557dba64a9b5d48189e54f9e7 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-01-03 08:13:34 # local_time=2009-01-03 02:13:34 (-0600, Central Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=335441 # found=6 # scan_time=3952 C:\WINDOWS\system\_MONA.DLL probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000 C:\WINDOWS\system\_TLCDSC.DLL probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000 C:\WINDOWS\system32\nbsdvtsvc.exe probably unknown NewHeur_PE virus (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000 C:\WINDOWS\system32\schdlsv.exe probably unknown NewHeur_PE virus (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000 C:\WINDOWS\Temp\tmp74.tmp a variant of Win32/Kryptik.CV trojan (unable to clean - deleted) 00000000000000000000000000000000 D:\resycled\boot.com a variant of Win32/Kryptik.DR trojan (unable to clean - deleted) 00000000000000000000000000000000 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:42:31 PM, on 1/3/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\ifxspmgt.exe C:\WINDOWS\system32\ifxtcs.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\WINDOWS\system32\nbsdvtsvc.exe C:\WINDOWS\system32\IfxPsdSv.exe C:\WINDOWS\system32\rsosvc.exe C:\WINDOWS\system32\schdlsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\consctl.exe C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\AccelerometerSt.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Novatel Wireless\MobiLink\Lite.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Documents and Settings\sherry.ruddock\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe F:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://142.146.40.109 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Communications Inc O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [MobiLink Lite] C:\Program Files\Novatel Wireless\MobiLink\Lite.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\sherry.ruddock\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SFA] "\\rci.rogers.ca\dfsapps\shared\salesforce_v3.0\sfa_install_v3_01.exe" /0INSTALL O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: eTrust SSO Client Startup.lnk = C:\WINDOWS\RunHide.exe O4 - Global Startup: VPN Client.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file:\\rci.rogers.ca\dfsapps\rwi\homepage\homepage.html O15 - Trusted Zone: http://q3.webtechwireless.com O15 - Trusted Zone: http://*.itpmowss (HKLM) O15 - Trusted Zone: http://*.rogers.mphro.com (HKLM) O15 - Trusted Zone: http://*.Rapid (HKLM) O15 - Trusted Zone: http://*.Rapid.rogers.com (HKLM) O15 - Trusted Zone: crossroads.net.wireless.rogers.com (HKLM) O15 - Trusted Zone: http://itolls.rogers.com (HKLM) O15 - Trusted Zone: http://itpmowss.rogers.com (HKLM) O15 - Trusted Zone: ossjunction.net.wireless.rogers.com (HKLM) O15 - Trusted Zone: http://rcilx030.rogers.com (HKLM) O15 - Trusted Zone: http://rcilx031.rogers.com (HKLM) O15 - Trusted Zone: http://rsohp013.rogers.com (HKLM) O15 - Trusted Zone: web-dev.net.wireless.rogers.com (HKLM) O15 - Trusted Zone: http://*.RSSESNITAPWA (HKLM) O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/C...ataManager.CAB O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rci.rogers.ca O17 - HKLM\Software\..\Telephony: DomainName = rci.rogers.ca O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rci.rogers.ca O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rogers.com,rci.rogers.ca,rogers.ca O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rci.rogers.ca O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rci.rogers.ca O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Unknown owner - C:\Program Files\Intel\AMT\atchksrv.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Unknown owner - C:\Program Files\Intel\AMT\LMS.exe (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: RSO Service (rsosvc) - Rogers Shared Operations - C:\WINDOWS\system32\rsosvc.exe O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Unknown owner - C:\Program Files\Intel\AMT\UNS.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.fantasyislandresort.com/f...as/Aerea16.jpg -- End of file - 13871 bytes |
| ||
| Re: Computer freezes when connected to Internet Actually looks pretty good and appears that MBA-M and ESET removed quite a bit. Have things improved? I note your java program is out of date. Current version is Version 6 update 11. You should go HERE Download the Offline Install to the desktop. Once that is downloaded then go to Add/Remove and Uninstall ALL previous versions of Java showing there. Once the uninstalls have completed then go to that install file on the desktop and double click to install the newest version. When the install is complete go back to the Download page and on the Right side you will see Verify Now. Click that to go to the verification page where you can test and be certain that your install was successful. Judy |
| ||
| Re: Computer freezes when connected to Internet Yes, thank you VERY much. Things seem to be back to normal!! Looks like Mcafe isnt doing its job very well! |
| ||
| Re: Computer freezes when connected to Internet Quote:
Keep the MBA-M program and scan with it at least weekly, be sure to update before each scan. For weekly scanning just use the Quick Scan, if it finds and removes something then use the Full Scan to be sure everything is gone. You should set a new and now clean restore point by right clicking My Computer. Choose Properties. When System Properties opens click the System Restore Tab. Put a check mark into Turn Off System Restore. You probably will get an alert or warning that it is turning off, click ok or yes, whatever the correct answer is there. Then System Restore will turn off. Wait a moment and do the reverse, go in and take OUT that check mark and System Restore will turn back on. If you feel everything is solved you can mark this thread Solved. Judy |
| ||
| Re: Computer freezes when connected to Internet Hi Judy, This was a very impressive Thread. I also have the same probem. I currently have a Dell Dimension 9150 desktop and my spybot software found malware. But now everytime I start my computer it freezes at the Windows XP welcome screen. I then try to start the machine by disconnecting my wireless internet and it works. Because my machine does not have hardly any documents, etc. would doing a PC Restore to Dells factory settings also work? Or does the malware continue to infect regardless of restoring to factory settings? Please advise. Vin |
| ||
| Re: Computer freezes when connected to Internet You need to begin YOUR OWN thread, this one is six months old. To answer your question, if by going back to Factory Settings you mean actually wiping the drive and then installing, yes, infections would probably be removed but if by restore you mean just reinstall over present operating system then no, probably not. I cannot say for sure why you cannot fully boot the machine without disabling the wireless hook up but honestly don't believe the Spybot run would have caused this. Have you tried to boot in Safe Mode with Networking and see if that works? |
| All times are GMT -4. The time now is 9:07 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC