XP internet access blocked with reboots

[lhswanson]

The computer has internet access in safe-mode, but not in normal. System re-boots with web access. Also, the windows security/virus alert balloon opens up constantly. I can close the window, but if I click on the balloon the system re-boots.

I also noticed that the C:\windows folder was listed at 4G +\- (1.5G swapfile) The system32 folder is 1.5G on it's own.

I've run:
Adaware
Spybot
Panda (online is safe-mode)
Hitman Pro (which automates downloading,installing and running a bunch of "free" adware/spyware/virus control programs--in rapid succession)
HijackThis
StartupList

in that order. Something that caught my eye was what StartupList reported.

Skipping zones for this user since there are 11,892 donmains in them.
Skipping zones for default user since there are 4161 domains in them.
Skipping zones for LOCAL SERVICE since there are 4161 domains in them.
Skipping zones for NETWORK SERVICE since there are 4161 domains in them.
Skipping zones for SYSTEM since there are 4161 domains in them.

I'm not sure if this is normal or not, but the program had them highlighted.

Any and all help will be appreciated,
Larry


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:52:16 PM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Joygasm\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\program files\Acrobat\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEnot
O4 - HKLM\..\Run: [nwiz] notnwiz.exe /installnot
O4 - HKLM\..\Run: [MimBoot] D:\PROGRA~1\JukeBox\mimboot.exenot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exenot"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exenot"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?0858ff75169f41fcaf576d75250e40eb
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?0858ff75169f41fcaf576d75250e40eb
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = comcast.net
O17 - HKLM\Software\..\Telephony: DomainName = comcast.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{B39188C3-FD9C-4DD0-B978-A771D7F6CAF8}: Domain = comcast.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{C15DC845-87E7-4B89-87E5-13F3DCBCD468}: Domain = comcast.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = comcast.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = comcast.net
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5641 bytes


http://forums.spybot.info/showthread...983#post154983

[lhswanson]

I'm not sure if no one can help, or if this has slipped through the cracks.

My problem is that the computer reboots itself whenever I try to access the internet, or click on the "balloon" that constantly pops up saying that my computer may be at risk of a virus. I can close the "balloon" and I can use any program, including regedit, but I can't try to get any help.

I am able to access the internet in safe-mode (hence this message).

I am running XP Pro, and my HJT log is included in my original post. If I need to repost it, just let me know.

Thanks,
Larry

[tashi]

Hello.

You forgot to link to your topic: http://forums.spybot.info/showthread.php?t=22599

Is this a personal machine or a companies?

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Note: HJT Logs
To produce a log, run Trend Micro HijackThis 2.0.2, not Beta, HijackThis v1.99.1. or any other earlier version.

Cheers.

[tashi]

I see you have a topic at GTG: http://www.geekstogo.com/forum/XP-Pr...s-t183312.html

Original post 1-11-08

1-15-08 (today)

I don't know if no one can help, or if my post just slipped through the cracks, but any reply would be appreciated. I know that the forum is busy, but it would be nice to know whether anyone can help or whether I need to move on to another forum to find the help I need. I've been checking for a response at least twice a day since it was posted.

Thanks in advance for a reply either way,
Larry

[lhswanson]

This is my home computer.

I'll download the correct version of HijackThis as soon as I am done here. Should I run it in safe-mode (which allows an internet connection), or should I run it in normal mode? Also, should I post the report in my original thread?

And yes, after not getting a respnse for this long (I know that the thread is very busy so that is not an issue) I did post my question to Geeks to Go... but have not gotten a single reply there.

Thanks again for the help,
Larry

[tashi]

And yes, after not getting a respnse for this long (I know that the thread is very busy so that is not an issue) I did post my question to Geeks to Go... but have not gotten a single reply there.

Posted 1-11-08

Here and at GTG.

I would not be the person assisting, I made a query only.

Best regards.

[tashi]

Merged Waiting Room thread with original topic.

Please copy/paste the logs requested into a new topic, with a link back to this one.

I will then close this as helpers look for zero response.

Best regards.