Trojan disabled internet access, network, system restore, etc

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

LadyoftheFlwrs

Thread Starter
Joined
May 28, 2007
Messages
7
Hi,

I'm having major issues with a trojan....I had several messages from McAfee that it blocked a generic trojan and everything seemed fine. Then, the next time I tried to turn on my computer, I had these problems:

-Internet access is completely disabled (I'm on a friend's laptop)
-Network connections are gone...the folder is blank and it says the network settings are unable to load. I tried to add a new connection and nothing happened...the buttons didn't work when I tried to hit "next" to set it up.
-System restore doesn't work. It says "system restore is unable to protect your computer...please restart, etc"
-The start button and taskbar have changed color....they went from standard blue to a plain grayish tan and the fonts on everything are very basic looking.
-The same thing happened when I tried to log in as a different user and when I tried to use safeboot.
-The sound doesn't work


I had to burn the Hijackthis log to a CD just to be able to post it:

Logfile of HijackThis v1.99.1
Scan saved at 11:13:44 PM, on 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\PROGRA~1\VERIZO~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Verizon Online\Verizon Online Support Center\bin\mpbtn.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\0 Old PC stuff\00 XF photos\VCD-CD Stuff\Virus Stoppers\RootkitRevealer\RootkitRevealer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\0 Old PC stuff\00 XF photos\VCD-CD Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin....com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\Verizon Online Support Center\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?65f83074231a4465ab11b743cf5f5f41
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?65f83074231a4465ab11b743cf5f5f41
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: 6th Street Omaha Poker by pogo - http://game3.pogo.com/v/9.1.1.1/applet/omaha/omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.6.4.29/aces/aces-en_US.cab
O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.0.3.12/applet/addiction/addiction-en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game3.pogo.com/v/9.0.1.7/applet/slots/alibaba-en_US.cab
O16 - DPF: Alibaba Slots - http://game3.pogo.com/v/9.1.1.20/applet/alibaba/alibaba-en_US.cab
O16 - DPF: All-In Texas Hold'em by pogo - http://game1.pogo.com/applet-8.0.3.20/allin/allin-en_US.cab
O16 - DPF: Animal Ark by pogo - http://playweb21.pogo.com/applet-6.1.1.29/animal/animal-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-8.0.9.41/backgammon/backgammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.3.2.25/battlephlinx/battlephlinx-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://game3.pogo.com/v/8.1.9.1/applet/roulette/roulette-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.com/v/9.0.8.20/applet/freebingo/freebingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/9.1.1.8/applet/blackjack/blackjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game3.pogo.com/v/9.0.5.4/applet/vbjack2/vbjack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.9.4.41/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/v/8.1.9.1/applet/bowling/bowling-en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.6.5.31/videoblackjack/videoblackjack-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.1.13/applet/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.7.3.30/checkers2/checkers-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.5.5.36/cribbage/cribbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.7.3.30/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.6.2.21/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.5.5.29/domino/domino-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game3.pogo.com/v/8.1.6.3/applet/videopoker2/doubledeuce-en_US.cab
O16 - DPF: EA Sports Web Soccer by pogo - http://game3.pogo.com/v/9.0.1.7/applet/soccer/soccer-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.7.1.33/euchre/euchre-en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-8.0.4.41/bingo/bingoe-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.6.0.34/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.com/v/9.0.1.7/applet/superbingo/superbingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/golfsolitaire/golfsolitaire-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-8.0.3.20/greenback/greenback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game3.pogo.com/v/9.0.1.7/applet/hangman/hangman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game3.pogo.com/v/9.1.3.19/applet/harvest/harvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-8.0.0.30/hearts/hearts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game3.pogo.com/v/9.1.3.19/applet/drawpoker/drawpoker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.28/pool2/pool-ob-assets.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.com/v/9.0.8.20/applet/fancy/fancy-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.2.30/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Jigsaw Treasure Hunter - http://game3.pogo.com/v/9.0.8.29/applet/jth/jth-en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game3.pogo.com/v/9.0.1.7/applet/videopoker2/jokerswild-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game3.pogo.com/v/9.0.8.20/applet/gin2/gin2-en_US.cab
O16 - DPF: Keno by pogo - http://game3.pogo.com/v/9.0.1.7/applet/keno/keno-en_US.cab
O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/9.1.3.19/applet/speedkeno/speedkeno-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game3.pogo.com/v/9.1.1.1/applet/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.0.6.14/applet/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-8.0.0.20/mahjong2/mahjong2-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/9.1.1.1/applet/shoes/shoes-en_US.cab
O16 - DPF: Monopoly by pogo - http://game3.pogo.com/v/9.1.1.24/applet/monopoly/monopoly-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.7.3.30/mlslots/mlslots-en_US.cab
O16 - DPF: No-Limit Texas Hold'em by pogo - http://game3.pogo.com/v/8.1.9.1/applet/allin/allin-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/v/9.0.7.14/applet/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.7.1.23/freecell/freecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.com/v/9.0.6.14/applet/freecell2/freecell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.5.1.31/penguins/penguins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/v/8.1.0.23/applet/waterwheel/waterwheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game3.pogo.com/v/9.0.1.7/applet/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-8.0.0.30/pinochle/pinochle-en_US.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-6.1.1.21/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/v/9.0.5.4/applet/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.7.14/applet/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/9.1.1.8/applet/poppit2/poppit2-en_US.cab
O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.3.28/poppit/poppit-ob-assets.cab
O16 - DPF: Pseudoku by pogo - http://game3.pogo.com/v/9.0.1.7/applet/pseudoku/pseudoku-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game3.pogo.com/v/9.0.9.8/applet/hotstreak/hotstreak-en_US.cab
O16 - DPF: Quick Shot by pogo - http://game4.pogo.com/applet-6.1.1.29/quickshot/quickshot-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.5.4.34/squares/squares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game1.pogo.com/applet-6.2.1.27/ricochet/ricochet-ob-assets.cab
O16 - DPF: Ride The Tide by pogo - http://game3.pogo.com/v/9.1.1.1/applet/ride/ride-en_US.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-8.0.5.48/slots/scifi-en_US.cab
O16 - DPF: Scrabble by pogo - http://game3.pogo.com/v/9.0.9.8/applet/scrabble/scrabble-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/v/8.1.1.1/applet/slots/showbiz2-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game3.pogo.com/v/9.1.3.19/applet/slots/showbiz-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.7.1.23/spades2/spades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.2.1.41/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game3.pogo.com/v/9.0.7.14/applet/spider/spider-en_US.cab
O16 - DPF: Spooky Slots - http://game1.pogo.com/v/8.1.2.12/applet/spooky/spooky-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.com/v/9.0.8.20/applet/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/v/8.1.0.23/applet/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.5.5.36/sweeper/sweeper-en_US.cab
O16 - DPF: Swashbucks by pogo - http://game3.pogo.com/v/9.1.1.1/applet/piratesgold/piratesgold-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.6.21/applet/sweettooth2/sweettooth2-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/v/8.1.1.13/applet/sweettooth/sweettooth-en_US.cab
O16 - DPF: Tank Hunter by pogo - http://playweb14.pogo.com/applet-6.2.0.37/tank/tank-ob-assets.cab
O16 - DPF: Team Bingo by Pogo - http://game3.pogo.com/v/9.1.3.19/applet/teambingo/teambingo-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game3.pogo.com/v/9.1.3.27/applet/holdem/holdem-en_US.cab
O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/9.0.9.8/applet/millbrae/millbrae-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/8.1.9.1/applet/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/v/8.1.7.44/applet/tumbee2/tumbee2-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.6.5.31/turbo21/turbo21-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game3.pogo.com/v/9.0.1.7/applet/turbo22/turbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game3.pogo.com/v/9.1.1.1/applet/mlslots/mlslots-en_US.cab
O16 - DPF: Video Poker by pogo - http://game3.pogo.com/v/9.0.1.7/applet/videopoker2/videopoker-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game3.pogo.com/v/9.0.8.20/applet/memories/memories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game3.pogo.com/v/9.1.3.19/applet/babble/babble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/v/8.1.8.23/applet/wordsearch/wordsearch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.com/v/9.1.1.8/applet/wordwhomp2/whomp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game3.pogo.com/v/9.0.6.14/applet/whackdown/whackdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game3.pogo.com/v/9.0.8.20/applet/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.1.33/worldclass/worldclass-en_US.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://foodnet3.view22.com/view22/app/view22rte.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinner.com/games/shared/uninstall.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://sympatico.zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SX - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Owner\LOCALS~1\Temp\SX.exe




Can anyone help? I'm completely stumped. Even if I get rid of the virus, how do I get the internet and system restore to work again if they've been deleted? Help, *please*!

Laura
 

LadyoftheFlwrs

Thread Starter
Joined
May 28, 2007
Messages
7
Hi everyone,

Just wanted to let you guys know, in case anyone else has a similar problem, that I managed to fix it fairly easily. I downloaded a free copy of this program:

http://www.winhelponline.com/blog/perform-system-restore-rollback-on-non-bootable-xp-computer/

And followed all of the steps to do a system repair using ERD since the one on my hard drive was corrupt. It allows you to create a bootable CD with all kinds of recovery options. I'm so grateful, I think I'm going to buy the program in case this happens again in the future.

Thanks anyways,
Laura
 

LadyoftheFlwrs

Thread Starter
Joined
May 28, 2007
Messages
7
I thought the problem was fixed with that program and everything seemed okay, but then it all started happening again when I tried to run my virus protection. It disables McAfee then I get a message that says the computer must shutdown due to NT AUTHORITY. The reason given is something about a DCOM Process? I managed to abort the shutdown using the command prompt and I'm trying to run Windows Defender but nothing is coming up yet.

I did a Panda activescan and it said I had a generic trojan virus in my svchosts file, so I tried using hijack this to delete the file on reboot, but it keeps coming back up because the virus must be saved somewhere else. The problem is, I don't know where and I don't know which virus it is.....can someone please look at my hijackthis log and tell me if they see anything suspicious? There's a file folder called WinPcap that appeared suddenly on my computer, could it be that??

I think the trojan has infected one or more windows processes, but I don't want to randomly delete those. I tried to repair Windows XP using the program CD but it asked me for an administrator password and I don't know what it is. Should I just give up and take it to Geek Squad?

Please help!
Laura
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top