TheTechGuide Forum

General Category => Tech Clinic => Topic started by: adelaide on January 31, 2008, 02:42:05 AM

Title: Wireless And Other Problems
Post by: adelaide on January 31, 2008, 02:42:05 AM

I recently had a blue screen crash and after the crash my wireless no longer works. After searching online for a fix, I found out that the system file ndisuio is set to 4 in the registry. So I changed it to 1 to make it start and it seems to fix it for the beginning when I restart my computer. But after my computer restarts for a few minutes, my wireless would stop working again. I checked my registry and discover that every time I restart my computer, ndisuio would be reset to 4 again.

Then I tried running my antivirus program and hijack this to see if there's any virus/malware, but when I tried to run them the same error message popped up saying they'r not a valid win32 program. What should I do? I've also tried to reinstall my wireless network driver but it didn't fix anything.  My Windows Restore is saying I can't restore to the previous restore points.

Title: Wireless And Other Problems
Post by: guestolo on January 31, 2008, 09:13:28 PM

Try this and see if you can get it to run
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

Title: Wireless And Other Problems
Post by: adelaide on February 02, 2008, 06:04:40 AM

I have uploaded the files.  When I was running the program a virus scan warning popped up about a malicious program.  Also, this program couldn't run my own version of Hijack This.  But then it saids it's running a HiJack This CLone.

Title: Wireless And Other Problems
Post by: guestolo on February 02, 2008, 10:42:45 PM

Can you do the following
Temporarily disable your Antivirus software so it won't interfere with any fixes we try
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Then do the following
use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color] (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html\")

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.

• Once the files are downloaded click on Next
  
• Click on Scan Settings and configure as follows:
  • Scan using the following Anti-Virus database:
    [color=\"#6666CC\"]Extended[/color]
    
• Scan Options:
  [color=\"#6666CC\"]Scan Archives[/color]
  

[color=\"#6666CC\"]Scan Mail Bases[/color]
[/list]
[/list]

• Click OK and, under select a target to scan, select My Computer
  

When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
(http://i184.photobucket.com/albums/x99/guestolo/Kas-SaveReport-1.gif)
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.

Along with the above report also post the combofix log
And do a fresh scan/savelogfile with hijackthis and post the new log

Title: Wireless And Other Problems
Post by: adelaide on February 03, 2008, 01:09:12 AM

I managed to download combofix.exe during the short period of time I was able to get online when I start up my computer.  However, when I tried to run it, it saids it's not a valid Win32 application again.

Then when I tried to run Kaspersky,  I clicked "yes" to install the activeX control, and then it just stays at the "Initializing" stage on the IE screen, until my wireless internet goes out again.    That period was probably around 3-4 minutes (at the initializing stage) and it never got to download the virus definitions.

Title: Wireless And Other Problems
Post by: guestolo on February 03, 2008, 02:05:49 PM

Can you hook this computer directly to the router and enable the network adapter if disabled in Network connections
Try the scan again with Kaspersky

Title: Wireless And Other Problems
Post by: adelaide on February 05, 2008, 03:40:28 AM

I'm leaving for Germany for 1 week, so I'll do that and post the results once I get back~

Title: Wireless And Other Problems
Post by: guestolo on February 06, 2008, 11:30:45 PM

Bumping just to keep track of this topic

Title: Wireless And Other Problems
Post by: adelaide on February 16, 2008, 02:59:37 AM

So I'm back and I've hooked up this computer to a wired connection.  The internet connection seems to be fine initially.  I went to the Kaspersky scan site and tried to download the scan activeX program, however, it failed to download and this message appeared:

"Failed to load Kaspersky Online Scanner ActiveX control!

You must have administrative rights on this computer;
you also must have the IE security settings to the Medium level."

I only have one account on this computer and it is the administrator account.  I double checked that I am logged into that account.  Also, I have set the IE security setting to Medium level.

At that point the wired internet connection was still working.  But approximately 2 minutes later, it wouldn't work again.  The computer shows that I am connected to the internet, just like w/ my wireless connection would be, but it just wouldn't download/upload anything.

Does that mean there might be a virus/program that's controlling my admin account and resetting my internet????  I'm rather scared now...

Title: Wireless And Other Problems
Post by: guestolo on February 16, 2008, 07:41:24 PM

Can you delete your version of Combofix
Try redownloading from HERE (http://\"http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe\")
Try running it again, if it runs, let it continue and post it's log
If not let me know if you get the same error

Title: Wireless And Other Problems
Post by: adelaide on February 17, 2008, 05:35:59 PM

Here's the ComboFix log:
ComboFix 08-02-15.1 - Ada 2008-02-17  2:15:28.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.950.852.1033.18.143 [GMT -8:00]
Running from: C:\Documents and Settings\Ada\Desktop\Combo-Fix.exe
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\command.pif
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\101205.exe
C:\WINDOWS\system32\drivers\down\101866.exe
C:\WINDOWS\system32\drivers\down\102547.exe
C:\WINDOWS\system32\drivers\down\106182.exe
C:\WINDOWS\system32\drivers\down\122716.exe
C:\WINDOWS\system32\drivers\down\123717.exe
C:\WINDOWS\system32\drivers\down\123878.exe
C:\WINDOWS\system32\drivers\down\126632.exe
C:\WINDOWS\system32\drivers\down\129105.exe
C:\WINDOWS\system32\drivers\down\129155.exe
C:\WINDOWS\system32\drivers\down\130357.exe
C:\WINDOWS\system32\drivers\down\130407.exe
C:\WINDOWS\system32\drivers\down\131138.exe
C:\WINDOWS\system32\drivers\down\133051.exe
C:\WINDOWS\system32\drivers\down\133692.exe
C:\WINDOWS\system32\drivers\down\133792.exe
C:\WINDOWS\system32\drivers\down\134563.exe
C:\WINDOWS\system32\drivers\down\136816.exe
C:\WINDOWS\system32\drivers\down\137257.exe
C:\WINDOWS\system32\drivers\down\140411.exe
C:\WINDOWS\system32\drivers\down\140441.exe
C:\WINDOWS\system32\drivers\down\140562.exe
C:\WINDOWS\system32\drivers\down\140612.exe
C:\WINDOWS\system32\drivers\down\141102.exe
C:\WINDOWS\system32\drivers\down\141533.exe
C:\WINDOWS\system32\drivers\down\141683.exe
C:\WINDOWS\system32\drivers\down\143566.exe
C:\WINDOWS\system32\drivers\down\143626.exe
C:\WINDOWS\system32\drivers\down\143636.exe
C:\WINDOWS\system32\drivers\down\144327.exe
C:\WINDOWS\system32\drivers\down\144587.exe
C:\WINDOWS\system32\drivers\down\144627.exe
C:\WINDOWS\system32\drivers\down\145138.exe
C:\WINDOWS\system32\drivers\down\145208.exe
C:\WINDOWS\system32\drivers\down\145799.exe
C:\WINDOWS\system32\drivers\down\146280.exe
C:\WINDOWS\system32\drivers\down\14863212.exe
C:\WINDOWS\system32\drivers\down\14872074.exe
C:\WINDOWS\system32\drivers\down\14923128.exe
C:\WINDOWS\system32\drivers\down\151067.exe
C:\WINDOWS\system32\drivers\down\151838.exe
C:\WINDOWS\system32\drivers\down\153090.exe
C:\WINDOWS\system32\drivers\down\153190.exe
C:\WINDOWS\system32\drivers\down\153981.exe
C:\WINDOWS\system32\drivers\down\15442815.exe
C:\WINDOWS\system32\drivers\down\15444868.exe
C:\WINDOWS\system32\drivers\down\154602.exe
C:\WINDOWS\system32\drivers\down\15498195.exe
C:\WINDOWS\system32\drivers\down\156745.exe
C:\WINDOWS\system32\drivers\down\156765.exe
C:\WINDOWS\system32\drivers\down\15706484.exe
C:\WINDOWS\system32\drivers\down\157186.exe
C:\WINDOWS\system32\drivers\down\15719904.exe
C:\WINDOWS\system32\drivers\down\15772089.exe
C:\WINDOWS\system32\drivers\down\15787170.exe
C:\WINDOWS\system32\drivers\down\157907.exe
C:\WINDOWS\system32\drivers\down\15797175.exe
C:\WINDOWS\system32\drivers\down\158107.exe
C:\WINDOWS\system32\drivers\down\15848549.exe
C:\WINDOWS\system32\drivers\down\15850501.exe
C:\WINDOWS\system32\drivers\down\15856270.exe
C:\WINDOWS\system32\drivers\down\158788.exe
C:\WINDOWS\system32\drivers\down\15909596.exe
C:\WINDOWS\system32\drivers\down\160420.exe
C:\WINDOWS\system32\drivers\down\161151.exe
C:\WINDOWS\system32\drivers\down\161362.exe
C:\WINDOWS\system32\drivers\down\161852.exe
C:\WINDOWS\system32\drivers\down\16361096.exe
C:\WINDOWS\system32\drivers\down\16368817.exe
C:\WINDOWS\system32\drivers\down\16405109.exe
C:\WINDOWS\system32\drivers\down\164526.exe
C:\WINDOWS\system32\drivers\down\164616.exe
C:\WINDOWS\system32\drivers\down\16699762.exe
C:\WINDOWS\system32\drivers\down\16710899.exe
C:\WINDOWS\system32\drivers\down\167330.exe
C:\WINDOWS\system32\drivers\down\16743776.exe
C:\WINDOWS\system32\drivers\down\168782.exe
C:\WINDOWS\system32\drivers\down\168952.exe
C:\WINDOWS\system32\drivers\down\171206.exe
C:\WINDOWS\system32\drivers\down\171276.exe
C:\WINDOWS\system32\drivers\down\171596.exe
C:\WINDOWS\system32\drivers\down\172107.exe
C:\WINDOWS\system32\drivers\down\172167.exe
C:\WINDOWS\system32\drivers\down\172307.exe
C:\WINDOWS\system32\drivers\down\173459.exe
C:\WINDOWS\system32\drivers\down\174250.exe
C:\WINDOWS\system32\drivers\down\174460.exe
C:\WINDOWS\system32\drivers\down\176273.exe
C:\WINDOWS\system32\drivers\down\177455.exe
C:\WINDOWS\system32\drivers\down\177955.exe
C:\WINDOWS\system32\drivers\down\178586.exe
C:\WINDOWS\system32\drivers\down\179718.exe
C:\WINDOWS\system32\drivers\down\181731.exe
C:\WINDOWS\system32\drivers\down\182882.exe
C:\WINDOWS\system32\drivers\down\184725.exe
C:\WINDOWS\system32\drivers\down\185827.exe
C:\WINDOWS\system32\drivers\down\186898.exe
C:\WINDOWS\system32\drivers\down\187199.exe
C:\WINDOWS\system32\drivers\down\187339.exe
C:\WINDOWS\system32\drivers\down\187820.exe
C:\WINDOWS\system32\drivers\down\189202.exe
C:\WINDOWS\system32\drivers\down\189222.exe
C:\WINDOWS\system32\drivers\down\189682.exe
C:\WINDOWS\system32\drivers\down\189722.exe
C:\WINDOWS\system32\drivers\down\190423.exe
C:\WINDOWS\system32\drivers\down\191114.exe
C:\WINDOWS\system32\drivers\down\191565.exe
C:\WINDOWS\system32\drivers\down\191635.exe
C:\WINDOWS\system32\drivers\down\192086.exe
C:\WINDOWS\system32\drivers\down\192106.exe
C:\WINDOWS\system32\drivers\down\192166.exe
C:\WINDOWS\system32\drivers\down\192176.exe
C:\WINDOWS\system32\drivers\down\193037.exe
C:\WINDOWS\system32\drivers\down\193628.exe
C:\WINDOWS\system32\drivers\down\195761.exe
C:\WINDOWS\system32\drivers\down\196252.exe
C:\WINDOWS\system32\drivers\down\196642.exe
C:\WINDOWS\system32\drivers\down\197193.exe
C:\WINDOWS\system32\drivers\down\197574.exe
C:\WINDOWS\system32\drivers\down\198134.exe
C:\WINDOWS\system32\drivers\down\198976.exe
C:\WINDOWS\system32\drivers\down\200077.exe
C:\WINDOWS\system32\drivers\down\200448.exe
C:\WINDOWS\system32\drivers\down\201449.exe
C:\WINDOWS\system32\drivers\down\202441.exe
C:\WINDOWS\system32\drivers\down\202481.exe
C:\WINDOWS\system32\drivers\down\202751.exe
C:\WINDOWS\system32\drivers\down\202841.exe
C:\WINDOWS\system32\drivers\down\203041.exe
C:\WINDOWS\system32\drivers\down\203592.exe
C:\WINDOWS\system32\drivers\down\205165.exe
C:\WINDOWS\system32\drivers\down\205235.exe
C:\WINDOWS\system32\drivers\down\205705.exe
C:\WINDOWS\system32\drivers\down\205876.exe
C:\WINDOWS\system32\drivers\down\206096.exe
C:\WINDOWS\system32\drivers\down\206176.exe
C:\WINDOWS\system32\drivers\down\206446.exe
C:\WINDOWS\system32\drivers\down\206887.exe
C:\WINDOWS\system32\drivers\down\207067.exe
C:\WINDOWS\system32\drivers\down\207358.exe
C:\WINDOWS\system32\drivers\down\207588.exe
C:\WINDOWS\system32\drivers\down\207878.exe
C:\WINDOWS\system32\drivers\down\208409.exe
C:\WINDOWS\system32\drivers\down\208690.exe
C:\WINDOWS\system32\drivers\down\208770.exe
C:\WINDOWS\system32\drivers\down\208900.exe
C:\WINDOWS\system32\drivers\down\209020.exe
C:\WINDOWS\system32\drivers\down\209601.exe
C:\WINDOWS\system32\drivers\down\210272.exe
C:\WINDOWS\system32\drivers\down\211163.exe
C:\WINDOWS\system32\drivers\down\211444.exe
C:\WINDOWS\system32\drivers\down\211724.exe
C:\WINDOWS\system32\drivers\down\212054.exe
C:\WINDOWS\system32\drivers\down\212285.exe
C:\WINDOWS\system32\drivers\down\212345.exe
C:\WINDOWS\system32\drivers\down\212475.exe
C:\WINDOWS\system32\drivers\down\212725.exe
C:\WINDOWS\system32\drivers\down\213156.exe
C:\WINDOWS\system32\drivers\down\213336.exe
C:\WINDOWS\system32\drivers\down\214218.exe
C:\WINDOWS\system32\drivers\down\214588.exe
C:\WINDOWS\system32\drivers\down\214598.exe
C:\WINDOWS\system32\drivers\down\215009.exe
C:\WINDOWS\system32\drivers\down\215710.exe
C:\WINDOWS\system32\drivers\down\216240.exe
C:\WINDOWS\system32\drivers\down\216361.exe
C:\WINDOWS\system32\drivers\down\216401.exe
C:\WINDOWS\system32\drivers\down\216591.exe
C:\WINDOWS\system32\drivers\down\217642.exe
C:\WINDOWS\system32\drivers\down\217793.exe
C:\WINDOWS\system32\drivers\down\218233.exe
C:\WINDOWS\system32\drivers\down\219024.exe
C:\WINDOWS\system32\drivers\down\220126.exe
C:\WINDOWS\system32\drivers\down\221368.exe
C:\WINDOWS\system32\drivers\down\224052.exe
C:\WINDOWS\system32\drivers\down\224592.exe
C:\WINDOWS\system32\drivers\down\224753.exe
C:\WINDOWS\system32\drivers\down\225894.exe
C:\WINDOWS\system32\drivers\down\226175.exe
C:\WINDOWS\system32\drivers\down\226225.exe
C:\WINDOWS\system32\drivers\down\226635.exe
C:\WINDOWS\system32\drivers\down\227226.exe
C:\WINDOWS\system32\drivers\down\228758.exe
C:\WINDOWS\system32\drivers\down\228879.exe
C:\WINDOWS\system32\drivers\down\229540.exe
C:\WINDOWS\system32\drivers\down\229660.exe
C:\WINDOWS\system32\drivers\down\230741.exe
C:\WINDOWS\system32\drivers\down\232033.exe
C:\WINDOWS\system32\drivers\down\232824.exe
C:\WINDOWS\system32\drivers\down\233025.exe
C:\WINDOWS\system32\drivers\down\233846.exe
C:\WINDOWS\system32\drivers\down\234306.exe
C:\WINDOWS\system32\drivers\down\234737.exe
C:\WINDOWS\system32\drivers\down\236470.exe
C:\WINDOWS\system32\drivers\down\237271.exe
C:\WINDOWS\system32\drivers\down\237761.exe
C:\WINDOWS\system32\drivers\down\238012.exe
C:\WINDOWS\system32\drivers\down\238162.exe
C:\WINDOWS\system32\drivers\down\239023.exe
C:\WINDOWS\system32\drivers\down\240185.exe
C:\WINDOWS\system32\drivers\down\240966.exe
C:\WINDOWS\system32\drivers\down\242208.exe
C:\WINDOWS\system32\drivers\down\242568.exe
C:\WINDOWS\system32\drivers\down\243750.exe
C:\WINDOWS\system32\drivers\down\245823.exe
C:\WINDOWS\system32\drivers\down\247235.exe
C:\WINDOWS\system32\drivers\down\247565.exe
C:\WINDOWS\system32\drivers\down\248086.exe
C:\WINDOWS\system32\drivers\down\248917.exe
C:\WINDOWS\system32\drivers\down\250490.exe
C:\WINDOWS\system32\drivers\down\250560.exe
C:\WINDOWS\system32\drivers\down\250590.exe
C:\WINDOWS\system32\drivers\down\251972.exe
C:\WINDOWS\system32\drivers\down\252022.exe
C:\WINDOWS\system32\drivers\down\254826.exe
C:\WINDOWS\system32\drivers\down\254956.exe
C:\WINDOWS\system32\drivers\down\255627.exe
C:\WINDOWS\system32\drivers\down\258451.exe
C:\WINDOWS\system32\drivers\down\261075.exe
C:\WINDOWS\system32\drivers\down\263428.exe
C:\WINDOWS\system32\drivers\down\263769.exe
C:\WINDOWS\system32\drivers\down\264850.exe
C:\WINDOWS\system32\drivers\down\267835.exe
C:\WINDOWS\system32\drivers\down\269026.exe
C:\WINDOWS\system32\drivers\down\269427.exe
C:\WINDOWS\system32\drivers\down\270348.exe
C:\WINDOWS\system32\drivers\down\271009.exe
C:\WINDOWS\system32\drivers\down\272221.exe
C:\WINDOWS\system32\drivers\down\273082.exe
C:\WINDOWS\system32\drivers\down\273132.exe
C:\WINDOWS\system32\drivers\down\273773.exe
C:\WINDOWS\system32\drivers\down\274274.exe
C:\WINDOWS\system32\drivers\down\275696.exe
C:\WINDOWS\system32\drivers\down\277448.exe
C:\WINDOWS\system32\drivers\down\278550.exe
C:\WINDOWS\system32\drivers\down\278770.exe
C:\WINDOWS\system32\drivers\down\278921.exe
C:\WINDOWS\system32\drivers\down\280793.exe
C:\WINDOWS\system32\drivers\down\281865.exe
C:\WINDOWS\system32\drivers\down\283427.exe
C:\WINDOWS\system32\drivers\down\286311.exe
C:\WINDOWS\system32\drivers\down\308012.exe
C:\WINDOWS\system32\drivers\down\312028.exe
C:\WINDOWS\system32\drivers\down\31620477.exe
C:\WINDOWS\system32\drivers\down\31623782.exe
C:\WINDOWS\system32\drivers\down\316525.exe
C:\WINDOWS\system32\drivers\down\31661947.exe
C:\WINDOWS\system32\drivers\down\32190988.exe
C:\WINDOWS\system32\drivers\down\32196566.exe
C:\WINDOWS\system32\drivers\down\32237004.exe
C:\WINDOWS\system32\drivers\down\32464882.exe
C:\WINDOWS\system32\drivers\down\32475016.exe
C:\WINDOWS\system32\drivers\down\32518849.exe
C:\WINDOWS\system32\drivers\down\32544426.exe
C:\WINDOWS\system32\drivers\down\32552287.exe
C:\WINDOWS\system32\drivers\down\32597272.exe
C:\WINDOWS\system32\drivers\down\32603531.exe
C:\WINDOWS\system32\drivers\down\32612524.exe
C:\WINDOWS\system32\drivers\down\32658640.exe
C:\WINDOWS\system32\drivers\down\330314.exe
C:\WINDOWS\system32\drivers\down\33117220.exe
C:\WINDOWS\system32\drivers\down\33126212.exe
C:\WINDOWS\system32\drivers\down\33151879.exe
C:\WINDOWS\system32\drivers\down\333399.exe
C:\WINDOWS\system32\drivers\down\33457018.exe
C:\WINDOWS\system32\drivers\down\33464879.exe
C:\WINDOWS\system32\drivers\down\33496225.exe
C:\WINDOWS\system32\drivers\down\348981.exe
C:\WINDOWS\system32\drivers\down\349943.exe
C:\WINDOWS\system32\drivers\down\350303.exe
C:\WINDOWS\system32\drivers\down\357393.exe
C:\WINDOWS\system32\drivers\down\361249.exe
C:\WINDOWS\system32\drivers\down\365125.exe
C:\WINDOWS\system32\drivers\down\367057.exe
C:\WINDOWS\system32\drivers\down\370192.exe
C:\WINDOWS\system32\drivers\down\378884.exe
C:\WINDOWS\system32\drivers\down\383801.exe
C:\WINDOWS\system32\drivers\down\387797.exe
C:\WINDOWS\system32\drivers\down\389029.exe
C:\WINDOWS\system32\drivers\down\393435.exe
C:\WINDOWS\system32\drivers\down\396319.exe
C:\WINDOWS\system32\drivers\down\397862.exe
C:\WINDOWS\system32\drivers\down\426323.exe
C:\WINDOWS\system32\drivers\down\429557.exe
C:\WINDOWS\system32\drivers\down\433933.exe
C:\WINDOWS\system32\drivers\down\584069.exe
C:\WINDOWS\system32\drivers\down\587264.exe
C:\WINDOWS\system32\drivers\down\597709.exe
C:\WINDOWS\system32\drivers\down\602957.exe
C:\WINDOWS\system32\drivers\down\611288.exe
C:\WINDOWS\system32\drivers\down\628213.exe
C:\WINDOWS\system32\drivers\down\87846.exe
C:\WINDOWS\system32\drivers\down\88877.exe
C:\WINDOWS\system32\drivers\down\90349.exe
C:\WINDOWS\system32\drivers\down\92863.exe
C:\WINDOWS\system32\drivers\down\95347.exe
C:\WINDOWS\system32\drivers\down\97730.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\LEGACY_SROSA
-------\sfsync02
-------\srosa


(((((((((((((((((((((((((   Files Created from 2008-01-17 to 2008-02-17  )))))))))))))))))))))))))))))))
.

2008-02-17 04:06 . 2008-02-17 04:06   <DIR>   d--------   C:\WINDOWS\system32\drivers\down
2008-02-02 02:59 . 2008-02-02 02:59   <DIR>   d--------   C:\Deckard
2008-01-26 02:30 . 2008-01-26 03:19   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
2008-01-25 03:29 . 1998-06-18 00:00   89,360   --a------   C:\WINDOWS\system32\VB5DB.DLL

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 12:04   319,748   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-17 12:04   27,359,264   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-17 12:04   ---------   d-----w   C:\Documents and Settings\Ada\Application Data\Skype
2008-02-17 09:05   ---------   d-----w   C:\Program Files\WorldCommunityGrid
2008-01-29 04:27   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-27 12:33   21,419   ----a-w   C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 11:57   ---------   d-----w   C:\Program Files\eMule
2008-01-26 09:07   ---------   d-----w   C:\Program Files\NJStar Communicator
2007-11-24 04:46   37,315   ----a-w   C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_22_12_43_30_small.dmp.zip
2007-10-24 09:40   12,012,032   ----a-w   C:\WINDOWS\Internet Logs\xDB33.tmp
2007-09-14 09:34   5,311,488   ----a-w   C:\WINDOWS\Internet Logs\xDB32.tmp
2007-08-14 10:15   8,714,752   ----a-w   C:\WINDOWS\Internet Logs\xDB31.tmp
2007-07-23 01:17   8,133,632   ----a-w   C:\WINDOWS\Internet Logs\xDB30.tmp
2007-07-11 12:51   19,876,847   ----a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2007-05-28 18:39   6,973,440   ----a-w   C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-04-28 09:17   5,495,296   ----a-w   C:\WINDOWS\Internet Logs\xDB2E.tmp
2007-04-05 08:50   3,101,184   ----a-w   C:\WINDOWS\Internet Logs\xDB2D.tmp
2007-04-04 10:10   4,805,120   ----a-w   C:\WINDOWS\Internet Logs\xDB2C.tmp
2007-03-31 15:56   124,041   ----a-w   C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_30_22_51_33_small.dmp.zip
2007-03-21 09:00   3,037,184   ----a-w   C:\WINDOWS\Internet Logs\xDB2B.tmp
2007-03-20 00:26   3,009,024   ----a-w   C:\WINDOWS\Internet Logs\xDB2A.tmp
2007-03-15 08:48   5,723,648   ----a-w   C:\WINDOWS\Internet Logs\xDB29.tmp
2006-12-12 10:06   4,523,008   -c--a-w   C:\WINDOWS\Internet Logs\xDB28.tmp
2006-10-15 10:09   3,417,088   -c--a-w   C:\WINDOWS\Internet Logs\xDB27.tmp
2006-08-27 09:23   743,424   -c--a-w   C:\WINDOWS\Internet Logs\xDB26.tmp
2006-08-25 13:53   20,271,362   ----a-w   C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_08_16_09_24_57_full.dmp.zip
2006-08-25 04:54   3,860,480   -c--a-w   C:\WINDOWS\Internet Logs\xDB25.tmp
2006-07-28 08:59   4,215,808   -c--a-w   C:\WINDOWS\Internet Logs\xDB24.tmp
2006-07-28 08:59   2,966,016   -c--a-w   C:\WINDOWS\Internet Logs\xDB23.tmp
2006-07-01 05:40   4,165,120   -c--a-w   C:\WINDOWS\Internet Logs\xDB22.tmp
2006-06-26 18:24   3,033,088   -c--a-w   C:\WINDOWS\Internet Logs\xDB20.tmp
2006-06-21 08:16   3,985,920   -c--a-w   C:\WINDOWS\Internet Logs\xDB21.tmp
2006-06-21 08:16   3,144,704   -c--a-w   C:\WINDOWS\Internet Logs\xDB1F.tmp
2006-05-08 09:09   3,039,232   -c--a-w   C:\WINDOWS\Internet Logs\xDB1E.tmp
2006-04-06 08:57   3,059,200   -c--a-w   C:\WINDOWS\Internet Logs\xDB1D.tmp
2006-02-20 09:39   2,863,616   -c--a-w   C:\WINDOWS\Internet Logs\xDB1C.tmp
2006-02-06 08:29   2,981,888   -c--a-w   C:\WINDOWS\Internet Logs\xDB1B.tmp
2005-12-17 07:44   3,523,584   -c--a-w   C:\WINDOWS\Internet Logs\xDB1A.tmp
2005-11-26 05:12   1,968,640   -c--a-w   C:\WINDOWS\Internet Logs\xDB19.tmp
2005-11-20 09:08   3,421,184   -c--a-w   C:\WINDOWS\Internet Logs\xDB18.tmp
2005-11-20 00:23   3,420,672   -c--a-w   C:\WINDOWS\Internet Logs\xDB17.tmp
2005-11-20 00:23   2,853,376   -c--a-w   C:\WINDOWS\Internet Logs\xDB16.tmp
2005-10-24 00:43   3,357,696   -c--a-w   C:\WINDOWS\Internet Logs\xDB15.tmp
2005-10-24 00:43   2,703,872   -c--a-w   C:\WINDOWS\Internet Logs\xDB14.tmp
2005-10-11 05:54   783,872   -c--a-w   C:\WINDOWS\Internet Logs\xDB13.tmp
2005-10-09 19:53   2,929,152   -c--a-w   C:\WINDOWS\Internet Logs\xDB12.tmp
2005-10-05 19:01   2,902,016   -c--a-w   C:\WINDOWS\Internet Logs\xDB10.tmp
2005-10-03 18:14   2,896,384   -c--a-w   C:\WINDOWS\Internet Logs\xDBE.tmp
2005-10-03 18:14   199,168   -c--a-w   C:\WINDOWS\Internet Logs\xDBF.tmp
2005-07-02 07:28   139,776   -c--a-w   C:\WINDOWS\Internet Logs\xDB11.tmp
2005-07-02 05:04   2,860,032   -c--a-w   C:\WINDOWS\Internet Logs\xDBD.tmp
2005-06-15 01:01   1,816,576   -c--a-w   C:\WINDOWS\Internet Logs\xDBC.tmp
2005-06-14 22:33   2,855,424   -c--a-w   C:\WINDOWS\Internet Logs\xDBB.tmp
2005-05-26 06:15   2,903,552   -c--a-w   C:\WINDOWS\Internet Logs\xDB6.tmp
2005-05-26 06:15   2,843,648   -c--a-w   C:\WINDOWS\Internet Logs\xDB5.tmp
2005-05-15 06:53   2,763,776   -c--a-w   C:\WINDOWS\Internet Logs\xDB4.tmp
2005-05-13 21:49   2,746,880   -c--a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2005-05-09 06:47   2,732,544   -c--a-w   C:\WINDOWS\Internet Logs\xDBA.tmp
2005-04-26 18:27   2,655,744   -c--a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2005-03-18 07:43   2,418,176   -c--a-w   C:\WINDOWS\Internet Logs\xDB7.tmp
2005-03-17 05:45   2,776,064   -c--a-w   C:\WINDOWS\Internet Logs\xDB9.tmp
2005-03-17 05:16   2,420,224   -c--a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2005-03-14 04:59   2,415,104   -c--a-w   C:\WINDOWS\Internet Logs\xDB8.tmp
2005-01-02 20:49   457   -c--a-w   C:\Program Files\INSTALL.LOG
2007-03-30 21:28   105,984   --sh--w   C:\WINDOWS\Debug\UserMode\CBD61.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-23 08:01 938500]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2004-06-28 16:24 258048]
"000StTHK"="000StTHK.exe" [2001-06-23 19:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"TFNF5"="TFNF5.exe" [2003-10-15 15:03 73728 C:\WINDOWS\system32\TFNF5.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 12:45 135168]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 00:01 86073]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 01:09 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 01:08 495616]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 13:47 1089589]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 17:00 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-19 23:00 88363 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"TPSMain"="TPSMain.exe" [2004-06-01 19:43 278528 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-09 14:58 3665920]
"nwiz"="nwiz.exe" [2004-07-09 14:58 790528 C:\WINDOWS\system32\nwiz.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-25 23:43 184320]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-11 22:04 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2008-02-17 02:58 75384]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-10-03 10:23 95960]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" [2006-07-19 11:03 94208]
"DAEMON Tools-2052"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 23:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 23:32 696320]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-17 02:58 919016]

C:\Documents and Settings\Ada\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-01-03 06:43:43 113664]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]
World Community Grid Agent.lnk - C:\Program Files\WorldCommunityGrid\UD.EXE [2005-04-29 14:12:42 482816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2005-03-29 03:29:03 25214]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-04 20:29:25 1183744]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-10-29 10:29:46 671744]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-09-14 13:52:30 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3CD55043-005A-49B8-B298-0618D55A543C}"= C:\WINDOWS\debug\userMode\CBD61.dll [ ]

R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys [2006-09-21 11:23]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys [2005-11-22 13:32]
R3 MaBtPort;MA Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\mabtport.sys [2006-09-27 09:47]
R3 MaBtVad;Mobile Action Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\MaBtVad.sys [2005-08-23 11:04]
S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\ES-620.sys [2003-04-17 17:42]
S3 hwmouser;HanWang Technology CO.LTD HID Tablet Device;C:\WINDOWS\system32\DRIVERS\hwpad_nt.sys [2001-07-06 19:05]
S3 jausbct;NEC Portable Phone KMP6J1L1 BUS Control Driver;C:\WINDOWS\system32\DRIVERS\jausbct.sys [2003-10-15 23:00]
S3 jausbfn;NEC Portable Phone KMP6J1L1 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\jausbfn.sys [2004-01-13 23:00]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}]
C:\WINDOWS\system32\msnvl.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 08:40:57 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2008-02-17 12:14:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2008-02-17 09:05:48 C:\WINDOWS\Tasks\User_Feed_Synchronization-{86729C8F-59F3-4C11-8E37-F1239F63425B}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-02-17 04:06:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-02-17  4:16:47 - machine was rebooted
ComboFix-quarantined-files.txt  2008-02-17 12:16:40
.
2008-01-09 11:09:00   --- E O F ---  

I removed the attached file and added the contents to your reply
Much easier to follow along

Title: Wireless And Other Problems
Post by: guestolo on February 17, 2008, 09:08:35 PM

Can you do the following

Download and save to desktop SafeBootKeyRepair.exe (http://\"http://www.techsupportforum.com/sectools/sUBs/SafeBootKeyRepair.exe\")
Leave it on desktop for now
We'll need this later

==Open notepad
Copy all the text in blue below and Paste to notepad
Don't use anything else than notepad or the script will not work
===================================================================

[color=\"#0000FF\"]File::
C:\WINDOWS\debug\userMode\CBD61.dll
C:\WINDOWS\Debug\UserMode\CBD61.exe
C:\WINDOWS\system32\msnvl.exe

Folder::
C:\WINDOWS\system32\drivers\down

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3CD55043-005A-49B8-B298-0618D55A543C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}]
[/color]

=========================================================
Save this as txtfile on your desktop
CFScript
(http://i184.photobucket.com/albums/x99/guestolo/CFScript.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Don't mouse click on it, let it complete

When finished, it shall produce a log for you again, with the same name C:\ComboFix.txt..
I'll need to see that again later

Ensure all open windows are closed
Double-click the SafeBootKeyRepair.exe file.
When finished, it shall produce a log for you.


Post back all the following, this will probably take more than one reply to post all the information, do so please
1. Post the entire contents of C:\SafeBoot_Repair.txt
2. Post the log again from Combofix
3. If you still have Hijackthis, can you delete your copy and redownload it from signature below
Try running it and if it runs, Scan>>Save logfile post the fresh log


After the above, if possible, can you go back to my previous post and try and run the Kaspersky scan again
If it will run, let it finish and post it's log also

Title: Wireless And Other Problems
Post by: adelaide on February 18, 2008, 05:04:41 AM

Here's the new ComboFix log:

ComboFix 08-02-15.1 - Ada 2008-02-18  1:35:22.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.950.852.1033.18.115 [GMT -8:00]
Running from: C:\Documents and Settings\Ada\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Ada\Desktop\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE
C:\WINDOWS\debug\userMode\CBD61.dll
C:\WINDOWS\Debug\UserMode\CBD61.exe
C:\WINDOWS\system32\msnvl.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\down

.
(((((((((((((((((((((((((   Files Created from 2008-01-18 to 2008-02-18  )))))))))))))))))))))))))))))))
.

2008-02-02 02:59 . 2008-02-02 02:59   <DIR>   d--------   C:\Deckard
2008-01-26 02:30 . 2008-01-26 03:19   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
2008-01-25 03:29 . 1998-06-18 00:00   89,360   --a------   C:\WINDOWS\system32\VB5DB.DLL

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 09:26   320,108   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-18 09:26   27,359,264   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-18 09:08   ---------   d-----w   C:\Documents and Settings\Ada\Application Data\Skype
2008-02-17 09:05   ---------   d-----w   C:\Program Files\WorldCommunityGrid
2008-01-29 04:27   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-27 12:33   21,419   ----a-w   C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 11:57   ---------   d-----w   C:\Program Files\eMule
2008-01-26 09:07   ---------   d-----w   C:\Program Files\NJStar Communicator
2007-11-24 04:46   37,315   ----a-w   C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_22_12_43_30_small.dmp.zip
2007-10-24 09:40   12,012,032   ----a-w   C:\WINDOWS\Internet Logs\xDB33.tmp
2007-09-14 09:34   5,311,488   ----a-w   C:\WINDOWS\Internet Logs\xDB32.tmp
2007-08-14 10:15   8,714,752   ----a-w   C:\WINDOWS\Internet Logs\xDB31.tmp
2007-07-23 01:17   8,133,632   ----a-w   C:\WINDOWS\Internet Logs\xDB30.tmp
2007-07-11 12:51   19,876,847   ----a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2007-05-28 18:39   6,973,440   ----a-w   C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-04-28 09:17   5,495,296   ----a-w   C:\WINDOWS\Internet Logs\xDB2E.tmp
2007-04-05 08:50   3,101,184   ----a-w   C:\WINDOWS\Internet Logs\xDB2D.tmp
2007-04-04 10:10   4,805,120   ----a-w   C:\WINDOWS\Internet Logs\xDB2C.tmp
2007-03-31 15:56   124,041   ----a-w   C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_30_22_51_33_small.dmp.zip
2007-03-21 09:00   3,037,184   ----a-w   C:\WINDOWS\Internet Logs\xDB2B.tmp
2007-03-20 00:26   3,009,024   ----a-w   C:\WINDOWS\Internet Logs\xDB2A.tmp
2007-03-15 08:48   5,723,648   ----a-w   C:\WINDOWS\Internet Logs\xDB29.tmp
2006-12-12 10:06   4,523,008   -c--a-w   C:\WINDOWS\Internet Logs\xDB28.tmp
2006-10-15 10:09   3,417,088   -c--a-w   C:\WINDOWS\Internet Logs\xDB27.tmp
2006-08-27 09:23   743,424   -c--a-w   C:\WINDOWS\Internet Logs\xDB26.tmp
2006-08-25 13:53   20,271,362   ----a-w   C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_08_16_09_24_57_full.dmp.zip
2006-08-25 04:54   3,860,480   -c--a-w   C:\WINDOWS\Internet Logs\xDB25.tmp
2006-07-28 08:59   4,215,808   -c--a-w   C:\WINDOWS\Internet Logs\xDB24.tmp
2006-07-28 08:59   2,966,016   -c--a-w   C:\WINDOWS\Internet Logs\xDB23.tmp
2006-07-01 05:40   4,165,120   -c--a-w   C:\WINDOWS\Internet Logs\xDB22.tmp
2006-06-26 18:24   3,033,088   -c--a-w   C:\WINDOWS\Internet Logs\xDB20.tmp
2006-06-21 08:16   3,985,920   -c--a-w   C:\WINDOWS\Internet Logs\xDB21.tmp
2006-06-21 08:16   3,144,704   -c--a-w   C:\WINDOWS\Internet Logs\xDB1F.tmp
2006-05-08 09:09   3,039,232   -c--a-w   C:\WINDOWS\Internet Logs\xDB1E.tmp
2006-04-06 08:57   3,059,200   -c--a-w   C:\WINDOWS\Internet Logs\xDB1D.tmp
2006-02-20 09:39   2,863,616   -c--a-w   C:\WINDOWS\Internet Logs\xDB1C.tmp
2006-02-06 08:29   2,981,888   -c--a-w   C:\WINDOWS\Internet Logs\xDB1B.tmp
2005-12-17 07:44   3,523,584   -c--a-w   C:\WINDOWS\Internet Logs\xDB1A.tmp
2005-11-26 05:12   1,968,640   -c--a-w   C:\WINDOWS\Internet Logs\xDB19.tmp
2005-11-20 09:08   3,421,184   -c--a-w   C:\WINDOWS\Internet Logs\xDB18.tmp
2005-11-20 00:23   3,420,672   -c--a-w   C:\WINDOWS\Internet Logs\xDB17.tmp
2005-11-20 00:23   2,853,376   -c--a-w   C:\WINDOWS\Internet Logs\xDB16.tmp
2005-10-24 00:43   3,357,696   -c--a-w   C:\WINDOWS\Internet Logs\xDB15.tmp
2005-10-24 00:43   2,703,872   -c--a-w   C:\WINDOWS\Internet Logs\xDB14.tmp
2005-10-11 05:54   783,872   -c--a-w   C:\WINDOWS\Internet Logs\xDB13.tmp
2005-10-09 19:53   2,929,152   -c--a-w   C:\WINDOWS\Internet Logs\xDB12.tmp
2005-10-05 19:01   2,902,016   -c--a-w   C:\WINDOWS\Internet Logs\xDB10.tmp
2005-10-03 18:14   2,896,384   -c--a-w   C:\WINDOWS\Internet Logs\xDBE.tmp
2005-10-03 18:14   199,168   -c--a-w   C:\WINDOWS\Internet Logs\xDBF.tmp
2005-07-02 07:28   139,776   -c--a-w   C:\WINDOWS\Internet Logs\xDB11.tmp
2005-07-02 05:04   2,860,032   -c--a-w   C:\WINDOWS\Internet Logs\xDBD.tmp
2005-06-15 01:01   1,816,576   -c--a-w   C:\WINDOWS\Internet Logs\xDBC.tmp
2005-06-14 22:33   2,855,424   -c--a-w   C:\WINDOWS\Internet Logs\xDBB.tmp
2005-05-26 06:15   2,903,552   -c--a-w   C:\WINDOWS\Internet Logs\xDB6.tmp
2005-05-26 06:15   2,843,648   -c--a-w   C:\WINDOWS\Internet Logs\xDB5.tmp
2005-05-15 06:53   2,763,776   -c--a-w   C:\WINDOWS\Internet Logs\xDB4.tmp
2005-05-13 21:49   2,746,880   -c--a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2005-05-09 06:47   2,732,544   -c--a-w   C:\WINDOWS\Internet Logs\xDBA.tmp
2005-04-26 18:27   2,655,744   -c--a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2005-03-18 07:43   2,418,176   -c--a-w   C:\WINDOWS\Internet Logs\xDB7.tmp
2005-03-17 05:45   2,776,064   -c--a-w   C:\WINDOWS\Internet Logs\xDB9.tmp
2005-03-17 05:16   2,420,224   -c--a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2005-03-14 04:59   2,415,104   -c--a-w   C:\WINDOWS\Internet Logs\xDB8.tmp
2005-01-02 20:49   457   -c--a-w   C:\Program Files\INSTALL.LOG
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-23 08:01 938500]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2004-06-28 16:24 258048]
"000StTHK"="000StTHK.exe" [2001-06-23 19:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"TFNF5"="TFNF5.exe" [2003-10-15 15:03 73728 C:\WINDOWS\system32\TFNF5.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 12:45 135168]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 00:01 86073]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 01:09 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 01:08 495616]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 13:47 1089589]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 17:00 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-19 23:00 88363 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"TPSMain"="TPSMain.exe" [2004-06-01 19:43 278528 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-09 14:58 3665920]
"nwiz"="nwiz.exe" [2004-07-09 14:58 790528 C:\WINDOWS\system32\nwiz.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-25 23:43 184320]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-11 22:04 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2008-02-17 02:58 75384]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-10-03 10:23 95960]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE" [2006-07-19 11:03 94208]
"DAEMON Tools-2052"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 23:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 23:32 696320]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-02-17 02:58 919016]

C:\Documents and Settings\Ada\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-01-03 06:43:43 113664]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]
World Community Grid Agent.lnk - C:\Program Files\WorldCommunityGrid\UD.EXE [2005-04-29 14:12:42 482816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2005-03-29 03:29:03 25214]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-04 20:29:25 1183744]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-10-29 10:29:46 671744]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-09-14 13:52:30 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys [2006-09-21 11:23]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys [2005-11-22 13:32]
R3 MaBtPort;MA Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\mabtport.sys [2006-09-27 09:47]
R3 MaBtVad;Mobile Action Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\MaBtVad.sys [2005-08-23 11:04]
S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\ES-620.sys [2003-04-17 17:42]
S3 hwmouser;HanWang Technology CO.LTD HID Tablet Device;C:\WINDOWS\system32\DRIVERS\hwpad_nt.sys [2001-07-06 19:05]
S3 jausbct;NEC Portable Phone KMP6J1L1 BUS Control Driver;C:\WINDOWS\system32\DRIVERS\jausbct.sys [2003-10-15 23:00]
S3 jausbfn;NEC Portable Phone KMP6J1L1 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\jausbfn.sys [2004-01-13 23:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 08:40:57 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exe
"2008-02-18 09:49:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2008-02-18 07:00:28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{86729C8F-59F3-4C11-8E37-F1239F63425B}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-02-18 01:43:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-18  1:50:18
ComboFix-quarantined-files.txt  2008-02-18 09:50:13
ComboFix2.txt  2008-02-18 09:05:32
ComboFix3.txt  2008-02-17 12:16:48
.
2008-01-09 11:09:00   --- E O F ---

Title: Wireless And Other Problems
Post by: adelaide on February 18, 2008, 05:05:54 AM

SafeBootKeyRepair log:

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC

Title: Wireless And Other Problems
Post by: adelaide on February 18, 2008, 05:09:51 AM

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:45 AM, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\WorldCommunityGrid\UD.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader3.cab\")
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131755470149 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131755470149\")
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://telescope.aacb.com//webcam/AxisCamControl.ocx (http://\"http://telescope.aacb.com//webcam/AxisCamControl.ocx\")
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab (http://\"http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 (http://\"http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12606 bytes

Title: Wireless And Other Problems
Post by: adelaide on February 18, 2008, 05:15:24 AM

I wasn't able to run Kaspersky still....
My wireless internet was running OK for awhile, and then I couldn't download/upload anything again
However it does seem to be in a slightly better state than before....

Title: Wireless And Other Problems
Post by: guestolo on February 18, 2008, 09:33:05 AM

That's looking better

Can you do the following
You have older versions of Java installed that malware can use to infect your system

Can you access your add/remove programs and remove the following
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Java(tm) 6 Update 2

Don't reboot the computer yet
Instead, can we remove the older version of Ewido please, it's not malicious, just want to eliminate it from possibility of problems
In add/remove uninstall >>>ewido anti-spyware 4.0

Again, don't reboot yet
I'm not sure what version of ZoneAlarm you have installed, but can you uninstall it also
This could be a cause of problems with connection dropouts
Remove>>ZoneAlarm
Ensure to activate Windows Firewall when prompted or after reboot

Reboot the computer
Back in Windows can you try Kaspersky's one more time, if it won't run we'll try an alternative

NOTE: can you also let me know if Symantec's AV is running properly, it looks as if you have/had older versions installed
We can update you to a free AV that will be more up to date

Title: Wireless And Other Problems
Post by: adelaide on February 18, 2008, 10:44:24 PM

Here's Kaspersky's report, it looks scary to me...

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Monday, February 18, 2008 7:51:01 PM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 18/02/2008
 Kaspersky Anti-Virus database records: 572594
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\

Scan Statistics:
   Total number of scanned objects: 157942
   Number of viruses found: 8
   Number of infected objects: 98
   Number of suspicious objects: 0
   Duration of the scan process: 02:20:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Ada\Application Data\$_hpcst$.hpc   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\call256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\callmember256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chat512.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chat8192.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg1024.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg2048.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg512.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\contactgroup256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\index2.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\profile256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\transfer256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\transfer512.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\user1024.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temp\WCESLog.log   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temp\~DFB7F3.tmp   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temp\~DFB8E0.tmp   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\Ada\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-18_Log.ALUSchedulerSvc.LiveUpdate   Object is locked   skipped
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\QooBox\Quarantine\C\WINDOWS\Debug\UserMode\CBD61.exe.vir   Infected: Trojan-PSW.Win32.QQPass.xw   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101205.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101866.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\102547.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\106182.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\126632.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\129105.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\129155.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\130407.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\133051.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\133692.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\134563.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\136816.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\137257.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\141102.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\143566.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\143626.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\144587.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\146280.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\151067.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\156745.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\156765.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\157907.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\168952.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\348981.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\587264.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\597709.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87846.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\88877.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\90349.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\92863.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\95347.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\97730.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/srosa.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/wintems.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/mdelk.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/hldrrr.exe   Infected: Trojan-Downloader.Win32.Bagle.ir   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip   ZIP: infected - 4   skipped
C:\QooBox\Quarantine\Registry_backups\LEGACY_SROSA.reg.dat   Infected: Trojan-Downloader.Win32.Bagle.hp   skipped
C:\QooBox\Quarantine\Registry_backups\services_srosa.reg.dat   Infected: Trojan-Downloader.Win32.Bagle.hp   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000014.exe   Infected: Trojan-PSW.Win32.Delf.fy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000022.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000025.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000026.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000088.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000091.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000108.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000113.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000114.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP17\A0004887.exe   Infected: Trojan-PSW.Win32.Delf.fy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP18\change.log   Object is locked   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP3\A0000257.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP3\A0000281.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0000303.exe   Infected: Trojan-Downloader.Win32.Bagle.ir   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0000333.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0001333.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0002332.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003331.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003355.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003376.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003390.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003391.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003401.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003422.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003444.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003470.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003471.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003472.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003473.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003477.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003479.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003480.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003482.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003485.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003486.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003489.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003490.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003491.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003496.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003499.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003501.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003506.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003511.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003515.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003524.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003525.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003531.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003553.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003743.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003762.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003763.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003767.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003768.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003769.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003770.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003771.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003772.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP6\A0003841.exe   Infected: Trojan-PSW.Win32.QQPass.xw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP8\A0004011.exe   Infected: Trojan-Downloader.Win32.Bagle.ir   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt   Object is locked   skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{955B572B-947D-4276-9E44-9C302E115FF6}.bin   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\edb.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\default   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\Internet.evt   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\software   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\system   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\drivers\fidbox.dat   Object is locked   skipped
C:\WINDOWS\system32\drivers\fidbox.idx   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped

Scan process completed.

Title: Wireless And Other Problems
Post by: guestolo on February 18, 2008, 11:01:38 PM

Quote

NOTE: can you also let me know if Symantec's AV is running properly, it looks as if you have/had older versions installed
We can update you to a free AV that will be more up to date

Can you let me know that please, it may not be running properly and I suggest if it's outdated we update to an alternative

Quote

Here's Kaspersky's report, it looks scary to me...

System restore points are infected, as long as you don't use it yet, your fine
We'll clean it and start you with a fresh restore point
Other infected files are in safe places for now

Title: Wireless And Other Problems
Post by: adelaide on February 18, 2008, 11:05:24 PM

I have removed the 2002 version of Symantec AV, but from the Add/Remove Program list it looks like I also have the 2005 version, which I wasn't able to remove (I clicked "uninstall" but it does nothing).

No, I haven't used any of the restore points yet.....(actually I tried to in the very beginning but the system wouldn't let me)

Title: Wireless And Other Problems
Post by: guestolo on February 18, 2008, 11:16:25 PM

Let's try the following and see how things are afterwards

Let's try and clear system restore points
1. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.

2.Click to add a check mark beside Turn off System Restore on all Drives, and click Apply.

3.When you are warned that all existing Restore Points will be deleted, click Yes to continue.

All system restore points are deleted. Now you should manually create a restore point.

1.Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.

2.Click Create a Restore Point, and then click Next.
3.Name your restore point. >>any name will do

Wait for confirmation then exit out of there

Afterwards, can you do the following
Since you can't properly uninstall Nortons
Let's try and remove it in entirety
Go to the following link
Norton Removal Tool (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2007080716270339?Open&docid=2005033108162039&nsf=tsgeninfo.nsf&view=docid\")
Follow STEP 3, save tool to desktop, close all open windows and run it

After rebooting
Download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Let's get you another Antivirus program
Download and install ONLY one of the following free AV's
You decide which one, they all have a free version
AVG 7 by Grisoft (http://\"http://free.grisoft.com/doc/2/lng/us/tpl/v5\")
OR
Avast Home Edition by ALWIL (http://\"http://www.avast.com/eng/down_home.html\")
OR
Avira AntiVir Personal Edition Classic (http://\"http://www.free-av.com/antivirus/allinonen.html\")

After installation ensure it is updated and run a full system scan

Reboot the computer after it's done scanning

Come back here and post a fresh hijackthis log
Also let me know how things are running please

Title: Wireless And Other Problems
Post by: guestolo on February 18, 2008, 11:39:28 PM

Sorry, the following may apply when turning off System Restore
1. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore
Then click System Restore Settings

Title: Wireless And Other Problems
Post by: adelaide on February 19, 2008, 02:07:55 AM

Here's the newest Hijack This log, I have scanned my computer with Avast AV:

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Monday, February 18, 2008 7:51:01 PM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 18/02/2008
 Kaspersky Anti-Virus database records: 572594
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\

Scan Statistics:
   Total number of scanned objects: 157942
   Number of viruses found: 8
   Number of infected objects: 98
   Number of suspicious objects: 0
   Duration of the scan process: 02:20:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Ada\Application Data\$_hpcst$.hpc   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\call256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\callmember256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chat512.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chat8192.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg1024.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg2048.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg512.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\contactgroup256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\index2.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\profile256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\transfer256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\transfer512.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\user1024.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temp\WCESLog.log   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temp\~DFB7F3.tmp   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temp\~DFB8E0.tmp   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\Ada\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-18_Log.ALUSchedulerSvc.LiveUpdate   Object is locked   skipped
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\QooBox\Quarantine\C\WINDOWS\Debug\UserMode\CBD61.exe.vir   Infected: Trojan-PSW.Win32.QQPass.xw   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101205.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101866.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\102547.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\106182.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\126632.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\129105.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\129155.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\130407.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\133051.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\133692.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\134563.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\136816.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\137257.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\141102.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\143566.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\143626.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\144587.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\146280.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\151067.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\156745.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\156765.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\157907.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\168952.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\348981.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\587264.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\597709.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87846.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\88877.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\90349.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\92863.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\95347.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\97730.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/srosa.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/wintems.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/mdelk.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/hldrrr.exe   Infected: Trojan-Downloader.Win32.Bagle.ir   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip   ZIP: infected - 4   skipped
C:\QooBox\Quarantine\Registry_backups\LEGACY_SROSA.reg.dat   Infected: Trojan-Downloader.Win32.Bagle.hp   skipped
C:\QooBox\Quarantine\Registry_backups\services_srosa.reg.dat   Infected: Trojan-Downloader.Win32.Bagle.hp   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000014.exe   Infected: Trojan-PSW.Win32.Delf.fy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000022.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000025.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000026.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000088.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000091.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000108.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000113.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000114.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP17\A0004887.exe   Infected: Trojan-PSW.Win32.Delf.fy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP18\change.log   Object is locked   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP3\A0000257.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP3\A0000281.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0000303.exe   Infected: Trojan-Downloader.Win32.Bagle.ir   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0000333.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0001333.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0002332.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003331.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003355.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003376.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003390.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003391.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003401.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003422.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003444.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003470.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003471.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003472.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003473.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003477.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003479.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003480.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003482.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003485.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003486.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003489.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003490.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003491.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003496.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003499.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003501.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003506.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003511.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003515.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003524.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003525.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003531.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003553.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003743.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003762.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003763.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003767.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003768.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003769.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003770.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003771.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003772.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP6\A0003841.exe   Infected: Trojan-PSW.Win32.QQPass.xw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP8\A0004011.exe   Infected: Trojan-Downloader.Win32.Bagle.ir   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt   Object is locked   skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{955B572B-947D-4276-9E44-9C302E115FF6}.bin   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\edb.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\default   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\Internet.evt   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\software   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\system   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\drivers\fidbox.dat   Object is locked   skipped
C:\WINDOWS\system32\drivers\fidbox.idx   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped

Scan process completed.


But when I rebooted my computer my wireless connection won't work at all.  It shows that I'm connected, and I've tried clicking on "repair" in network connections, I just cannot open any webpages.

Title: Wireless And Other Problems
Post by: guestolo on February 19, 2008, 09:31:50 PM

You posted the Kasperky log again, I was hoping to see the new hijackthis log

Is it also possible to post the log from AVAST
It does seem like you were able to post everything up until you ran the scan with Avast
Right click the Avast icon by the system clock
and select Avast log files
Can you post it's log

Also if you right click AVAST and select Start Avast AV
When it opens click on the Chest icon, are there any files in the chest?
Can you post the file names

Title: Wireless And Other Problems
Post by: adelaide on February 20, 2008, 04:13:34 AM

OOps sorry for the wrong file.....all those log files got me messed up
Here's the actual Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:15 PM, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader3.cab\")
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131755470149 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131755470149\")
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://telescope.aacb.com//webcam/AxisCamControl.ocx (http://\"http://telescope.aacb.com//webcam/AxisCamControl.ocx\")
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab (http://\"http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 (http://\"http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12782 bytes

--------------------------------------------------------------------------------------------------------------

As for the Avast log, the scan that I did was a bootup scan, and this is the only log file I can find by scanning through the directories:

02/18/2008 21:36
Scan of all local drives
File C:\Documents and Settings\Ada\Application Data\ppStream\update.exe\[UPX] is infected by Win32:Delf-GAJ [Trj], Deleted
File C:\Program Files\ppStream\partner\update.exe\[UPX] is infected by Win32:Delf-GAJ [Trj], Deleted
File C:\QooBox\Quarantine\C\WINDOWS\Debug\UserMode\CBD61.exe.vir is infected by Win32:Trojan-gen {Other}, Deleted
File C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101866.exe.vir is infected by Win32:Beagle-YN [Wrm], Deleted
File C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\102547.exe.vir is infected by Win32:Beagle-YN [Wrm], Deleted
File C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\130407.exe.vir is infected by Win32:Beagle-YN [Wrm], Deleted
File C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\134563.exe.vir is infected by Win32:Beagle-YN [Wrm], Deleted
File C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\143626.exe.vir is infected by Win32:Beagle-YN [Wrm], Deleted
File C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\97730.exe.vir is infected by Win32:Beagle-YN [Wrm], Deleted
File C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP20\A0005139.exe\[UPX] is infected by Win32:Delf-GAJ [Trj], Deleted
File C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP20\A0005140.exe\[UPX] is infected by Win32:Delf-GAJ [Trj], Deleted

Number of searched folders: 8766
Number of tested files: 151351
Number of infected files: 11

---------------------------------------------------------------------------------------------------------
There are 3 files in the Avast!  Chest, all in the "system files" section:

kernel32.dll
winsock.dll
wsock32.dll

Title: Wireless And Other Problems
Post by: guestolo on February 20, 2008, 07:27:39 PM

Quote

There are 3 files in the Avast! Chest, all in the "system files" section:

kernel32.dll
winsock.dll
wsock32.dll

That's normal

Did you try and uninstall Zone Alarm?
If so, take a look at the following link
http://forums.zonealarm.com/zonelabs/board...;message.id=103 (http://\"http://forums.zonealarm.com/zonelabs/board/message?board.id=AllowAccess&message.id=103\")
I see it's entries in your new hijackthis log
Or was that a scan you did earlier, I need to see an updated scan from Hijackthis
That log may have been a day and half old?

Did you have any problems with Internet before you installed Avast and cleaned your system restore points?

Title: Wireless And Other Problems
Post by: adelaide on February 21, 2008, 04:00:15 AM

Ok I followed that website to try to remove zonealarm completely.  I can remove everything except one file in the Zonealarm folder called zlavscan.dll.  It saids I don't have permission to access this file.....

Then I ran the Hijack this scan again:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:56 PM, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WorldCommunityGrid\UD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WorldCommunityGrid\ud_17956201.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\WorldCommunityGrid\ud_17956201_0.dir\WCGrid_AutoDock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader3.cab\")
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131755470149 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131755470149\")
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://telescope.aacb.com//webcam/AxisCamControl.ocx (http://\"http://telescope.aacb.com//webcam/AxisCamControl.ocx\")
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab (http://\"http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 (http://\"http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

--
End of file - 12910 bytes
-------------------------------------------------------------------------------------------
Also, I ran the Avast AV again, but in regular Windows mode before I removed the zonealarm completely, and here's the log:

18/02/2008 11:16:01 PM   SYSTEM   1220   Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.  
18/02/2008 11:16:02 PM   SYSTEM   1220   An error has occured while attempting to update. Please check the logs.  
20/02/2008 2:31:58 AM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101205.exe.vir" file.  
20/02/2008 5:02:28 AM   SYSTEM   352   Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.  
20/02/2008 5:02:29 AM   SYSTEM   352   An error has occured while attempting to update. Please check the logs.  
20/02/2008 3:19:55 PM   SYSTEM   352   Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.  
20/02/2008 3:19:55 PM   SYSTEM   352   An error has occured while attempting to update. Please check the logs.  
20/02/2008 6:46:40 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\106182.exe.vir" file.  
20/02/2008 6:47:00 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\141102.exe.vir" file.  
20/02/2008 6:47:04 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\146280.exe.vir" file.  
20/02/2008 6:47:08 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\151067.exe.vir" file.  
20/02/2008 6:47:09 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\156765.exe.vir" file.  
20/02/2008 6:47:10 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\157907.exe.vir" file.  
20/02/2008 6:47:12 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\168952.exe.vir" file.  
20/02/2008 6:47:20 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87846.exe.vir" file.  
20/02/2008 6:47:23 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\92863.exe.vir" file.  
20/02/2008 6:47:25 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip\wintems.exe" file.  
20/02/2008 6:47:26 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip\mdelk.exe" file.  
20/02/2008 7:17:51 PM   Ada   1540   Sign of "Win32:Beagle-AAB [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip\hldrrr.exe" file.  
20/02/2008 8:17:58 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\My Stuffs\Programs\fgf160.exe\%MAINDIR%\cd_install277.exe\cd_clint.dll" file.  
20/02/2008 8:26:41 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\My Stuffs\Programs\fgf160.exe\%MAINDIR%\cd_install277.exe" file.  
20/02/2008 9:34:33 PM   Ada   1540   Sign of "Win32:Spyware-gen [Trj]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\VeryCD_SuperSearch_Silent.exe\$PROGRAMFILES\YOK.com\SuperSearch\YOK_SuperSearch.dll" file.  
20/02/2008 10:27:15 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\VeryCD_SuperSearch_Silent.exe" file.  
20/02/2008 10:27:21 PM   Ada   1540   Sign of "Win32:Downloader-ZM [Trj]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\assist4.exe\$INSTDIR\$R0" file.  
20/02/2008 10:27:22 PM   Ada   1540   Sign of "Win32:Asibar [Adw]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\assist4.exe\$INSTDIR\Assist\$R0" file.  
20/02/2008 10:27:23 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\assist4.exe\$INSTDIR\Assist\$R0" file.  
20/02/2008 10:27:26 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\assist4.exe\$PLUGINSDIR\wmpns.dll\cdnaux.dll\[UPX]" file.  
20/02/2008 10:27:31 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\assist4.exe\$PLUGINSDIR\wmpns.dll" file.  
20/02/2008 10:28:20 PM   Ada   1540   Sign of "Win32:Befins [Trj]" has been found in "F:\Install Programs\Nero_Burning_ROM_Ultra_Edition_v6[1].3.1.6.zip\Keygen.exe" file.  
20/02/2008 10:28:51 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Install Programs\ppstreamsetup127.exe\{app}\PowerPlayer.dll" file.  
20/02/2008 10:28:57 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Install Programs\ppstreamsetup127.exe\{app}\PSNetwork.dll" file.  
20/02/2008 10:29:11 PM   Ada   1540   Sign of "Win32:Neptunia-KS [Trj]" has been found in "F:\Install Programs\njstar\NJEXPLOR\NJEXPLOR.EXE\%PROGRAM_FILES%\internet explorer\IETop100.dll" file.  
20/02/2008 10:29:13 PM   Ada   1540   Sign of "Win32:Neptunia-KS [Trj]" has been found in "F:\Install Programs\njstar\NJEXPLOR\NJEXPLOR.EXE\%MAINDIR%\Njexplor.exe" file.  

-------------------------------------------------------------------------------------------------

My internet wasn't working properly before I installed Avast, but it would usually work for about 5-10 minutes before it stopped.  Now that I've completely removed zonealarm and placed some more infected files to the Avast chest it seems to be working properly now.  However, when I removed the zonealarm files I did that in safe mode, and now my "My Computer" folder appears funny.....normally it would have divided up the items in there to Hard Drives, Removable Drives, etc.  Now they all just appear like in other regular folders.   And, should I try to remove that zlavscan.dll file as well?  I haven't been able to remove the Zonealarm folder in the Program Files because of that file...

Title: Wireless And Other Problems
Post by: guestolo on February 21, 2008, 08:16:24 AM

Can you try the following,

Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- TrueVector Internet Monitor

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled

Apply and OK it

Do the same for this service name
ewido anti-spyware 4.0 guard

Reboot the computer

Back in Windows

Go to START>>RUN>>Copy and paste the next command below in bold then click OK

sc delete vsmon

Do the same for the next one

sc delete "ewido anti-spyware 4.0 guard"

Please download the [color=\"red\"]OTMoveIt2 by OldTimer[/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe\")[/url].

• Save it to your desktop.
  
• Double-click OTMoveIt2.exe to run it.
  
• Copy the file paths in blue below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  ==============================================================================
  
  [color=\"#0000FF\"]C:\Program Files\Zone Labs
  C:\Program Files\ewido anti-spyware 4.0
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Client[/color]
  
  ==============================================================================
  
• Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the [color=\"yellow\"]yellow[/color] bar) in lower pane and choose Paste.
  
  
• Click the red [color=\"red\"]Moveit![/color] button.
  
• Close OTMoveIt2
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Post that log please along with a fresh hijackthis log

Quote

"My Computer" folder appears funny.....normally it would have divided up the items in there to Hard Drives, Removable Drives, etc. Now they all just appear like in other regular folders.

Can you open My Computer and click on View in the top menu bar
Can you change to eg.. TILES
Does that help?

Also: Can you ensure that Avast is right up to date
Right click the Avast icon by the clock and select UPDATE>>!AVS UPDATE
Are you right up to date?
You may notice 2 icons by the clock set by avast, leave the A icon, but you can right click the other and merge to the main avast icon
Did you register your free version of Avast?

Title: Wireless And Other Problems
Post by: adelaide on February 21, 2008, 06:06:41 PM

The Avast seems to be up to date and I have now registered my copy of the program.

Here's the OTMoveIt log:

[Custom Input]
< C:\Program Files\Zone Labs >
C:\Program Files\Zone Labs\ZoneAlarm moved successfully.
C:\Program Files\Zone Labs moved successfully.
< C:\Program Files\ewido anti-spyware 4.0 >
File/Folder C:\Program Files\ewido anti-spyware 4.0 not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Client >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Client deleted successfully.
 
OTMoveIt2 v1.0.20 log created on 02212008_150303
-------------------------------------------------------------------------------------------------

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:13 PM, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WorldCommunityGrid\UD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\WorldCommunityGrid\ud_10245647.exe
C:\Program Files\WorldCommunityGrid\ud_10245647_0.dir\wcg_hpf2_rosetta.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader3.cab\")
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader.cab\")
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab (http://\"http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131755470149 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131755470149\")
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://telescope.aacb.com//webcam/AxisCamControl.ocx (http://\"http://telescope.aacb.com//webcam/AxisCamControl.ocx\")
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab (http://\"http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 (http://\"http://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,37\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 12525 bytes
--------------------------------------------------------------------------------------------------

And I managed to fix the My Computer problem....it seems like I just need to change the way the items are grouped.

Title: Wireless And Other Problems
Post by: guestolo on February 21, 2008, 09:53:43 PM

Quote

And I managed to fix the My Computer problem....it seems like I just need to change the way the items are grouped.

Good work

Avast should of emailed you a free registration key
Ensure you copy>>paste it to the license key section of Avast
Then it should be good for at least 14 months, after which time, no need to uninstall
Simply reregister again, and copy>>paste new license key

Can you do the following
Go to START>>RUN>>Copy then paste the next command below in bold
Then hit OK

combofix /u

This will uninstall combofix and it's components

OTMoveit.exe

• Please double-click OTMoveIt.exe to run it.
  
• Click the Cleanup! button
  A list will be downloaded>>Allow it Internet access if prompted by your Firewall
  Don't change anything in this list
  
• Select Yes at the prompt
  Wait for the confirmation box to open to reboot the computer
  Don't mouseclick during the wait as you may cause the tool to stall
  
• Select Yes to reboot Now
  

NOTE: This procedure will also delete OTMoveit.exe from desktop and other tools we used for cleaning

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")  

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Take a look at miekiemoes site with other ideas on How to prevent Malware: (http://\"http://users.telenet.be/bluepatchy/miekiemoes/prevention.html\")

I hope that helps

Title: Wireless And Other Problems
Post by: adelaide on February 22, 2008, 06:02:21 AM

Yes I did receive the registration key for Avast, so I'm now registered.

Everything's fixed now, thanks for everything!!!!!

Title: Wireless And Other Problems
Post by: guestolo on February 23, 2008, 04:50:53 PM

I'll lock this topic as your problems are resolved
Take care adelaide /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />