« previous next »
Pages: 1 [2]

Author Topic: Wireless And Other Problems  (Read 1953 times)

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Wireless And Other Problems
« Reply #20 on: February 18, 2008, 11:16:25 PM »
Let's try the following and see how things are afterwards

Let's try and clear system restore points
1. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.

2.Click to add a check mark beside Turn off System Restore on all Drives, and click Apply.

3.When you are warned that all existing Restore Points will be deleted, click Yes to continue.

All system restore points are deleted. Now you should manually create a restore point.

1.Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.

2.Click Create a Restore Point, and then click Next.
3.Name your restore point. >>any name will do

Wait for confirmation then exit out of there

Afterwards, can you do the following
Since you can't properly uninstall Nortons
Let's try and remove it in entirety
Go to the following link
Norton Removal Tool
Follow STEP 3, save tool to desktop, close all open windows and run it

After rebooting
Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Let's get you another Antivirus program
Download and install ONLY one of the following free AV's
You decide which one, they all have a free version
AVG 7 by Grisoft
OR
Avast Home Edition by ALWIL
OR
Avira AntiVir Personal Edition Classic

After installation ensure it is updated and run a full system scan

Reboot the computer after it's done scanning

Come back here and post a fresh hijackthis log
Also let me know how things are running please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Wireless And Other Problems
« Reply #21 on: February 18, 2008, 11:39:28 PM »
Sorry, the following may apply when turning off System Restore
1. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore
Then click System Restore Settings
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline adelaide

  • Newbie
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Wireless And Other Problems
« Reply #22 on: February 19, 2008, 02:07:55 AM »
Here's the newest Hijack This log, I have scanned my computer with Avast AV:

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Monday, February 18, 2008 7:51:01 PM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 18/02/2008
 Kaspersky Anti-Virus database records: 572594
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\

Scan Statistics:
   Total number of scanned objects: 157942
   Number of viruses found: 8
   Number of infected objects: 98
   Number of suspicious objects: 0
   Duration of the scan process: 02:20:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Ada\Application Data\$_hpcst$.hpc   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\call256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\callmember256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chat512.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chat8192.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg1024.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg2048.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\chatmsg512.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\contactgroup256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\index2.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\profile256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\transfer256.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\transfer512.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Application Data\Skype\adadirect\user1024.dbb   Object is locked   skipped
C:\Documents and Settings\Ada\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temp\WCESLog.log   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temp\~DFB7F3.tmp   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temp\~DFB8E0.tmp   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat   Object is locked   skipped
C:\Documents and Settings\Ada\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Ada\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\Ada\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-18_Log.ALUSchedulerSvc.LiveUpdate   Object is locked   skipped
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\QooBox\Quarantine\C\WINDOWS\Debug\UserMode\CBD61.exe.vir   Infected: Trojan-PSW.Win32.QQPass.xw   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101205.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101866.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\102547.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\106182.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\126632.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\129105.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\129155.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\130407.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\133051.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\133692.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\134563.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\136816.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\137257.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\141102.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\143566.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\143626.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\144587.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\146280.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\151067.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\156745.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\156765.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\157907.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\168952.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\348981.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\587264.exe.vir   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\597709.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87846.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\88877.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\90349.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\92863.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\95347.exe.vir   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\97730.exe.vir   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/srosa.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/wintems.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/mdelk.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip/hldrrr.exe   Infected: Trojan-Downloader.Win32.Bagle.ir   skipped
C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip   ZIP: infected - 4   skipped
C:\QooBox\Quarantine\Registry_backups\LEGACY_SROSA.reg.dat   Infected: Trojan-Downloader.Win32.Bagle.hp   skipped
C:\QooBox\Quarantine\Registry_backups\services_srosa.reg.dat   Infected: Trojan-Downloader.Win32.Bagle.hp   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000014.exe   Infected: Trojan-PSW.Win32.Delf.fy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000022.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000025.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000026.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000088.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000091.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000108.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000113.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP1\A0000114.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP17\A0004887.exe   Infected: Trojan-PSW.Win32.Delf.fy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP18\change.log   Object is locked   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP3\A0000257.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP3\A0000281.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0000303.exe   Infected: Trojan-Downloader.Win32.Bagle.ir   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0000333.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0001333.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0002332.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003331.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003355.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003376.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003390.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003391.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003401.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003422.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP4\A0003444.sys   Infected: Trojan-Downloader.Win32.Bagle.iw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003470.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003471.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003472.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003473.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003477.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003479.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003480.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003482.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003485.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003486.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003489.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003490.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003491.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003496.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003499.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003501.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003506.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003511.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003515.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003524.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003525.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003531.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003553.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003743.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003762.exe   Infected: Trojan-PSW.Win32.Agent.xd   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003763.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003767.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003768.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003769.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003770.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003771.exe   Infected: Email-Worm.Win32.Bagle.of   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP5\A0003772.exe   Infected: Trojan.Win32.Pakes.bwy   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP6\A0003841.exe   Infected: Trojan-PSW.Win32.QQPass.xw   skipped
C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP8\A0004011.exe   Infected: Trojan-Downloader.Win32.Bagle.ir   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt   Object is locked   skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{955B572B-947D-4276-9E44-9C302E115FF6}.bin   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\edb.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\default   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\Internet.evt   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\software   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\system   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\drivers\fidbox.dat   Object is locked   skipped
C:\WINDOWS\system32\drivers\fidbox.idx   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped

Scan process completed.


But when I rebooted my computer my wireless connection won't work at all.  It shows that I'm connected, and I've tried clicking on "repair" in network connections, I just cannot open any webpages.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Wireless And Other Problems
« Reply #23 on: February 19, 2008, 09:31:50 PM »
You posted the Kasperky log again, I was hoping to see the new hijackthis log

Is it also possible to post the log from AVAST
It does seem like you were able to post everything up until you ran the scan with Avast
Right click the Avast icon by the system clock
and select Avast log files
Can you post it's log

Also if you right click AVAST and select Start Avast AV
When it opens click on the Chest icon, are there any files in the chest?
Can you post the file names
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline adelaide

  • Newbie
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Wireless And Other Problems
« Reply #24 on: February 20, 2008, 04:13:34 AM »
OOps sorry for the wrong file.....all those log files got me messed up
Here's the actual Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:15 PM, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131755470149
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://telescope.aacb.com//webcam/AxisCamControl.ocx
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12782 bytes

--------------------------------------------------------------------------------------------------------------

As for the Avast log, the scan that I did was a bootup scan, and this is the only log file I can find by scanning through the directories:

02/18/2008 21:36
Scan of all local drives
File C:\Documents and Settings\Ada\Application Data\ppStream\update.exe\[UPX] is infected by Win32:Delf-GAJ [Trj], Deleted
File C:\Program Files\ppStream\partner\update.exe\[UPX] is infected by Win32:Delf-GAJ [Trj], Deleted
File C:\QooBox\Quarantine\C\WINDOWS\Debug\UserMode\CBD61.exe.vir is infected by Win32:Trojan-gen {Other}, Deleted
File C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101866.exe.vir is infected by Win32:Beagle-YN [Wrm], Deleted
File C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\102547.exe.vir is infected by Win32:Beagle-YN [Wrm], Deleted
File C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\130407.exe.vir is infected by Win32:Beagle-YN [Wrm], Deleted
File C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\134563.exe.vir is infected by Win32:Beagle-YN [Wrm], Deleted
File C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\143626.exe.vir is infected by Win32:Beagle-YN [Wrm], Deleted
File C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\97730.exe.vir is infected by Win32:Beagle-YN [Wrm], Deleted
File C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP20\A0005139.exe\[UPX] is infected by Win32:Delf-GAJ [Trj], Deleted
File C:\System Volume Information\_restore{B666A0E2-24A9-45FA-AFCC-4E0D902267E2}\RP20\A0005140.exe\[UPX] is infected by Win32:Delf-GAJ [Trj], Deleted

Number of searched folders: 8766
Number of tested files: 151351
Number of infected files: 11

---------------------------------------------------------------------------------------------------------
There are 3 files in the Avast!  Chest, all in the "system files" section:

kernel32.dll
winsock.dll
wsock32.dll
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Wireless And Other Problems
« Reply #25 on: February 20, 2008, 07:27:39 PM »
Quote
There are 3 files in the Avast! Chest, all in the "system files" section:

kernel32.dll
winsock.dll
wsock32.dll
That's normal

Did you try and uninstall Zone Alarm?
If so, take a look at the following link
http://forums.zonealarm.com/zonelabs/board...;message.id=103
I see it's entries in your new hijackthis log
Or was that a scan you did earlier, I need to see an updated scan from Hijackthis
That log may have been a day and half old?

Did you have any problems with Internet before you installed Avast and cleaned your system restore points?
« Last Edit: February 20, 2008, 07:59:28 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline adelaide

  • Newbie
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Wireless And Other Problems
« Reply #26 on: February 21, 2008, 04:00:15 AM »
Ok I followed that website to try to remove zonealarm completely.  I can remove everything except one file in the Zonealarm folder called zlavscan.dll.  It saids I don't have permission to access this file.....

Then I ran the Hijack this scan again:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:56 PM, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WorldCommunityGrid\UD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WorldCommunityGrid\ud_17956201.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\WorldCommunityGrid\ud_17956201_0.dir\WCGrid_AutoDock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131755470149
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://telescope.aacb.com//webcam/AxisCamControl.ocx
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)

--
End of file - 12910 bytes
-------------------------------------------------------------------------------------------
Also, I ran the Avast AV again, but in regular Windows mode before I removed the zonealarm completely, and here's the log:

18/02/2008 11:16:01 PM   SYSTEM   1220   Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.  
18/02/2008 11:16:02 PM   SYSTEM   1220   An error has occured while attempting to update. Please check the logs.  
20/02/2008 2:31:58 AM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\101205.exe.vir" file.  
20/02/2008 5:02:28 AM   SYSTEM   352   Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.  
20/02/2008 5:02:29 AM   SYSTEM   352   An error has occured while attempting to update. Please check the logs.  
20/02/2008 3:19:55 PM   SYSTEM   352   Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.  
20/02/2008 3:19:55 PM   SYSTEM   352   An error has occured while attempting to update. Please check the logs.  
20/02/2008 6:46:40 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\106182.exe.vir" file.  
20/02/2008 6:47:00 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\141102.exe.vir" file.  
20/02/2008 6:47:04 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\146280.exe.vir" file.  
20/02/2008 6:47:08 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\151067.exe.vir" file.  
20/02/2008 6:47:09 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\156765.exe.vir" file.  
20/02/2008 6:47:10 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\157907.exe.vir" file.  
20/02/2008 6:47:12 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\168952.exe.vir" file.  
20/02/2008 6:47:20 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\87846.exe.vir" file.  
20/02/2008 6:47:23 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\92863.exe.vir" file.  
20/02/2008 6:47:25 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip\wintems.exe" file.  
20/02/2008 6:47:26 PM   Ada   1540   Sign of "Win32:Beagle-AAF [Wrm]" has been found in "C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip\mdelk.exe" file.  
20/02/2008 7:17:51 PM   Ada   1540   Sign of "Win32:Beagle-AAB [Trj]" has been found in "C:\QooBox\Quarantine\catchme2008-02-17_ 40626.64.zip\hldrrr.exe" file.  
20/02/2008 8:17:58 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\My Stuffs\Programs\fgf160.exe\%MAINDIR%\cd_install277.exe\cd_clint.dll" file.  
20/02/2008 8:26:41 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\My Stuffs\Programs\fgf160.exe\%MAINDIR%\cd_install277.exe" file.  
20/02/2008 9:34:33 PM   Ada   1540   Sign of "Win32:Spyware-gen [Trj]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\VeryCD_SuperSearch_Silent.exe\$PROGRAMFILES\YOK.com\SuperSearch\YOK_SuperSearch.dll" file.  
20/02/2008 10:27:15 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\VeryCD_SuperSearch_Silent.exe" file.  
20/02/2008 10:27:21 PM   Ada   1540   Sign of "Win32:Downloader-ZM [Trj]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\assist4.exe\$INSTDIR\$R0" file.  
20/02/2008 10:27:22 PM   Ada   1540   Sign of "Win32:Asibar [Adw]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\assist4.exe\$INSTDIR\Assist\$R0" file.  
20/02/2008 10:27:23 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\assist4.exe\$INSTDIR\Assist\$R0" file.  
20/02/2008 10:27:26 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\assist4.exe\$PLUGINSDIR\wmpns.dll\cdnaux.dll\[UPX]" file.  
20/02/2008 10:27:31 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Install Programs\eMule.0.46c.VeryCD0913.exe\$INSTDIR\assist4.exe\$PLUGINSDIR\wmpns.dll" file.  
20/02/2008 10:28:20 PM   Ada   1540   Sign of "Win32:Befins [Trj]" has been found in "F:\Install Programs\Nero_Burning_ROM_Ultra_Edition_v6[1].3.1.6.zip\Keygen.exe" file.  
20/02/2008 10:28:51 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Install Programs\ppstreamsetup127.exe\{app}\PowerPlayer.dll" file.  
20/02/2008 10:28:57 PM   Ada   1540   Sign of "Win32:Adware-gen [Adw]" has been found in "F:\Install Programs\ppstreamsetup127.exe\{app}\PSNetwork.dll" file.  
20/02/2008 10:29:11 PM   Ada   1540   Sign of "Win32:Neptunia-KS [Trj]" has been found in "F:\Install Programs\njstar\NJEXPLOR\NJEXPLOR.EXE\%PROGRAM_FILES%\internet explorer\IETop100.dll" file.  
20/02/2008 10:29:13 PM   Ada   1540   Sign of "Win32:Neptunia-KS [Trj]" has been found in "F:\Install Programs\njstar\NJEXPLOR\NJEXPLOR.EXE\%MAINDIR%\Njexplor.exe" file.  

-------------------------------------------------------------------------------------------------

My internet wasn't working properly before I installed Avast, but it would usually work for about 5-10 minutes before it stopped.  Now that I've completely removed zonealarm and placed some more infected files to the Avast chest it seems to be working properly now.  However, when I removed the zonealarm files I did that in safe mode, and now my "My Computer" folder appears funny.....normally it would have divided up the items in there to Hard Drives, Removable Drives, etc.  Now they all just appear like in other regular folders.   And, should I try to remove that zlavscan.dll file as well?  I haven't been able to remove the Zonealarm folder in the Program Files because of that file...
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Wireless And Other Problems
« Reply #27 on: February 21, 2008, 08:16:24 AM »
Can you try the following,

Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- TrueVector Internet Monitor

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled

Apply and OK it

Do the same for this service name
ewido anti-spyware 4.0 guard

Reboot the computer

Back in Windows

Go to START>>RUN>>Copy and paste the next command below in bold then click OK

sc delete vsmon

Do the same for the next one

sc delete "ewido anti-spyware 4.0 guard"

Please download the [color=\"red\"]OTMoveIt2 by OldTimer[/color][/url].
  • Save it to your desktop.
  • Double-click OTMoveIt2.exe to run it.
  • Copy the file paths in blue below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    ==============================================================================

    [color=\"#0000FF\"]C:\Program Files\Zone Labs
    C:\Program Files\ewido anti-spyware 4.0
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Client[/color]

    ==============================================================================
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the [color=\"yellow\"]yellow[/color] bar) in lower pane and choose Paste.

  • Click the red [color=\"red\"]Moveit![/color] button.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Post that log please along with a fresh hijackthis log

Quote
"My Computer" folder appears funny.....normally it would have divided up the items in there to Hard Drives, Removable Drives, etc. Now they all just appear like in other regular folders.
Can you open My Computer and click on View in the top menu bar
Can you change to eg.. TILES
Does that help?

Also: Can you ensure that Avast is right up to date
Right click the Avast icon by the clock and select UPDATE>>!AVS UPDATE
Are you right up to date?
You may notice 2 icons by the clock set by avast, leave the A icon, but you can right click the other and merge to the main avast icon
Did you register your free version of Avast?
« Last Edit: February 21, 2008, 08:32:05 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline adelaide

  • Newbie
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Wireless And Other Problems
« Reply #28 on: February 21, 2008, 06:06:41 PM »
The Avast seems to be up to date and I have now registered my copy of the program.

Here's the OTMoveIt log:

[Custom Input]
< C:\Program Files\Zone Labs >
C:\Program Files\Zone Labs\ZoneAlarm moved successfully.
C:\Program Files\Zone Labs moved successfully.
< C:\Program Files\ewido anti-spyware 4.0 >
File/Folder C:\Program Files\ewido anti-spyware 4.0 not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Client >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Client deleted successfully.
 
OTMoveIt2 v1.0.20 log created on 02212008_150303
-------------------------------------------------------------------------------------------------

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:13 PM, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\WorldCommunityGrid\UD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\WorldCommunityGrid\ud_10245647.exe
C:\Program Files\WorldCommunityGrid\ud_10245647_0.dir\wcg_hpf2_rosetta.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: World Community Grid Agent.lnk = C:\Program Files\WorldCommunityGrid\UD.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131755470149
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://telescope.aacb.com//webcam/AxisCamControl.ocx
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 12525 bytes
--------------------------------------------------------------------------------------------------

And I managed to fix the My Computer problem....it seems like I just need to change the way the items are grouped.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Wireless And Other Problems
« Reply #29 on: February 21, 2008, 09:53:43 PM »
Quote
And I managed to fix the My Computer problem....it seems like I just need to change the way the items are grouped.
Good work

Avast should of emailed you a free registration key
Ensure you copy>>paste it to the license key section of Avast
Then it should be good for at least 14 months, after which time, no need to uninstall
Simply reregister again, and copy>>paste new license key

Can you do the following
Go to START>>RUN>>Copy then paste the next command below in bold
Then hit OK

combofix /u

This will uninstall combofix and it's components

OTMoveit.exe
  • Please double-click OTMoveIt.exe to run it.
  • Click the Cleanup! button
    A list will be downloaded>>Allow it Internet access if prompted by your Firewall
    Don't change anything in this list
  • Select Yes at the prompt
    Wait for the confirmation box to open to reboot the computer
    Don't mouseclick during the wait as you may cause the tool to stall
  • Select Yes to reboot Now
NOTE: This procedure will also delete OTMoveit.exe from desktop and other tools we used for cleaning

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster 3.5.1 by JavaCool  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Take a look at miekiemoes site with other ideas on How to prevent Malware:

I hope that helps
« Last Edit: March 04, 2008, 07:22:40 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline adelaide

  • Newbie
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Wireless And Other Problems
« Reply #30 on: February 22, 2008, 06:02:21 AM »
Yes I did receive the registration key for Avast, so I'm now registered.

Everything's fixed now, thanks for everything!!!!!
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Wireless And Other Problems
« Reply #31 on: February 23, 2008, 04:50:53 PM »
I'll lock this topic as your problems are resolved
Take care adelaide http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: 1 [2]
« previous next »