Wireless Won't Work / Avast Error

Viruses and worms
1

Hi folks, I’m in need of some assistance.

Every time I boot up, I get Avast error 10050: “avast! will not be able to protect outgoing mail (SMTP protocol).” and similar messages for news and incoming mail.
Furthermore, though my wireless will connect to networks, I cannot get internet access. Even booting up in safe mode does not fix the error.

I’ve run a thorough scan on Avast! and Superspyware and detected one Trojan, but both programs seemed to indicate it was fixed or quaranteened, but the symptoms have yet to go away.

I’ve looked up some other similar errors on these forums, so I downloaded and ran HTJ and ComboFix. Here are their respective logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53, on 2008-11-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://apps.facebook.com/ability/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM..\Run: [IntelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”
O4 - HKLM..\Run: [IntelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
O4 - HKLM..\Run: [EOUApp] “C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM..\Run: [SonyPowerCfg] “C:\Program Files\Sony\VAIO Power Management\SPMgr.exe”
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM..\Run: [VAIO Update 2] “C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe” /Stationary
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [Biomenu] “C:\Program Files\Protector Suite QL\menusw.exe”
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM..\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe”
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [UpdateManager] “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 “EPSON Stylus CX3800 Series” /O5 “LPT1:” /M “Stylus CX3800”
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [EPSON Stylus CX3800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P35 “EPSON Stylus CX3800 Series (Copy 1)” /O6 “USB002” /M “Stylus CX3800”
O4 - HKLM..\Run: [ISTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

2

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169056059734
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {E93E9DF0-3E59-4331-A269-F1E077C66F00} (GameTap Web Plugin) - http://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30299.www3.hp.com/ediags/hpna/67/install/gtdownhp.cab?1,0,0,94
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe


End of file - 16824 bytes

3

ComboFix 08-11-27.03 - Administrator 2008-11-27 18:16:48.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1739 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\Programs to fix Jonny’s computer\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\setup.inf
c:\windows\setup.exe
c:\windows\system32_000006_.tmp.dll
c:\windows\system32_000007_.tmp.dll
c:\windows\system32_000010_.tmp.dll
c:\windows\system32_000011_.tmp.dll
c:\windows\system32_000012_.tmp.dll
c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-27 18:12 . 2008-11-27 18:13 d-------- c:\program files\Spyware Doctor
2008-11-27 18:12 . 2008-11-27 18:39 d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 18:12 . 2008-11-27 18:12 d-------- c:\documents and settings\Administrator\Application Data\PC Tools
2008-11-27 18:12 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-11-27 18:12 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-11-27 18:12 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-11-27 18:12 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-11-27 18:09 . 2006-12-11 11:43 d-------- c:\documents and settings\Administrator\Application Data\Sony Corporation
2008-11-27 18:09 . 2006-12-11 11:52 d-------- c:\documents and settings\Administrator\Application Data\Intuit
2008-11-27 18:09 . 2006-07-22 10:00 d-------- c:\documents and settings\Administrator\Application Data\Intel
2008-11-27 18:09 . 2008-11-27 18:09 d-------- c:\documents and settings\Administrator
2008-11-25 22:20 . 2008-11-25 22:20 268 --ah----- C:\sqmdata04.sqm
2008-11-25 22:20 . 2008-11-25 22:20 244 --ah----- C:\sqmnoopt04.sqm
2008-11-11 22:20 . 2008-09-04 09:15 1,106,944 -----c— c:\windows\system32\dllcache\msxml3.dll
2008-11-11 22:20 . 2008-10-24 03:21 455,296 -----c— c:\windows\system32\dllcache\mrxsmb.sys
2008-11-04 19:37 . 2008-11-04 19:37 52,224 --a------ c:\windows\ipuninst.exe
2008-11-04 19:34 . 2008-11-04 19:34 d-------- c:\program files\Interplay

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 02:15 --------- d-----w c:\program files\Trend Micro
2008-11-22 23:26 --------- d–h–w c:\program files\InstallShield Installation Information
2008-11-21 23:16 --------- d-----w c:\documents and settings\Jonathan Olson\Application Data\OpenOffice.org2
2008-11-06 02:26 --------- d-----w c:\documents and settings\Jonathan Olson\Application Data\uTorrent
2008-11-04 22:59 83,608 ----a-w c:\documents and settings\Jonathan Olson\Application Data\GDIPFONTCACHEV1.DAT
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 18:30 --------- d-----w c:\program files\The Rosetta Stone
2008-10-14 22:19 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-13 16:52 --------- d-----w c:\program files\Java
2008-10-07 23:28 --------- d-----w c:\program files\SmartFTP Client
2008-10-07 23:27 --------- d-----w c:\program files\SmartFTP Client 3.0 Setup Files
2003-12-18 17:33 20,102 ----a-w c:\program files\Readme.txt
2003-09-03 13:46 10,960 ----a-w c:\program files\EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-04-06 68856]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2006-10-18 204288]
“Messenger (Yahoo!)”=“c:\program files\Yahoo!\Messenger\YahooMessenger.exe” [2008-05-27 4269296]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-13 15360]

4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“igfxtray”=“c:\windows\system32\igfxtray.exe” [2005-12-17 98304]
“igfxhkcmd”=“c:\windows\system32\hkcmd.exe” [2005-12-17 77824]
“igfxpers”=“c:\windows\system32\igfxpers.exe” [2005-12-17 118784]
“Apoint”=“c:\program files\Apoint\Apoint.exe” [2004-11-17 118784]
“IntelZeroConfig”=“c:\program files\Intel\Wireless\bin\ZCfgSvc.exe” [2006-02-28 667718]
“IntelWireless”=“c:\program files\Intel\Wireless\Bin\ifrmewrk.exe” [2006-02-28 602182]
“EOUApp”=“c:\program files\Intel\Wireless\Bin\EOUWiz.exe” [2006-02-28 569413]
“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]
“SonyPowerCfg”=“c:\program files\Sony\VAIO Power Management\SPMgr.exe” [2006-06-13 217088]
“ISBMgr.exe”=“c:\program files\Sony\ISB Utility\ISBMgr.exe” [2004-02-20 32768]
“VAIO Update 2”=“c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe” [2005-10-11 151552]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2006-06-20 7561216]
“Biomenu”=“c:\program files\Protector Suite QL\menusw.exe” [2006-02-22 1354240]
“Switcher.exe”=“c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe” [2006-02-14 176128]
“VAIO Recovery”=“c:\windows\Sonysys\VAIO Recovery\PartSeal.exe” [2003-04-19 28672]
“DAEMON Tools”=“c:\program files\DAEMON Tools\daemon.exe” [2006-11-12 157592]
“HPHmon04”=“c:\windows\system32\hphmon04.exe” [2006-01-06 348160]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 79224]
“Adobe Photo Downloader”=“c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe” [2006-09-27 61440]
“HPDJ Taskbar Utility”=“c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe” [2006-01-13 172032]
“HP Software Update”=“c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” [2007-05-08 54840]
“UpdateManager”=“c:\program files\Common Files\Sonic\Update Manager\sgtray.exe” [2003-08-19 110592]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2007-11-14 286720]
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2007-11-15 267048]
“EPSON Stylus CX3800 Series”=“c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE” [2005-02-08 98304]
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe” [2008-01-09 185896]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“EPSON Stylus CX3800 Series (Copy 1)”=“c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE” [2005-02-08 98304]
“ISTray”=“c:\program files\Spyware Doctor\pctsTray.exe” [2008-08-25 1168264]

c:\documents and settings\Jonathan Olson\Start Menu\Programs\Startup
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 1773568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-06 19:16 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-22 18:11 39936 c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 13:51 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.dvsd”= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli fusstub

[HKLM~\startupfolder\C:^Documents and Settings^Jonathan Olson^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=c:\documents and settings\Jonathan Olson\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=c:\windows\pss\GameSpot Download Manager.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^Jonathan Olson^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\Jonathan Olson\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
–a------ 2008-01-03 08:15 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
–a------ 2008-05-27 20:58 4269296 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“Viewpoint Manager Service”=2 (0x2)
“iPod Service”=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\Common Files\AOL\Loader\aolload.exe”=
“c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe”=
“c:\Program Files\uTorrent\utorrent.exe”=
“c:\Program Files\iTunes\iTunes.exe”=
“c:\Program Files\The Creative Assembly\Rome - Total War\RomeTW.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\Windows Live\Messenger\livecall.exe”=
“c:\Program Files\SmartFTP Client\SmartFTP.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“49098:TCP”= 49098:TCP:Azureus

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2006-07-21 9216]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-01 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-01 20560]
R2 FdRedir;FdRedir;??\c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;??\c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 33024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;“c:\program files\Viewpoint\Common\ViewpointService.exe” [2007-10-30 24652]
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-07-21 36352]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2006-07-21 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-07-21 226304]
S3 Ext2FS;Ext2FS;c:\windows\system32\drivers\Ext2FS.sys [2007-01-03 37840]
S3 gUSBSTOi;gUSBSTOi;??\c:\docume~1\JONATH~1\LOCALS~1\Temp\gUSBSTOi.sys
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\Image Converter 2\IcVzMon.exe [2006-12-11 32768]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2006-07-21 30080]

Newly Created Service - MCHINJDRV
.
Contents of the ‘Scheduled Tasks’ folder

2008-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job

  • c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
    .
        • ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-HPHUPD04 - c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
HKLM-Run-POEngine - (no file)

5

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Jonathan Olson\Application Data\Mozilla\Firefox\Profiles\91pg3mku.default
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com
FF -: plugin - c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 18:38:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
--------------------- DLLs Loaded Under Running Processes ---------------------

              • ‘winlogon.exe’(696)
                c:\windows\system32\fusstub.dll
                c:\program files\Protector Suite QL\infra.dll
                c:\program files\Protector Suite QL\homefus.dll
                c:\windows\system32\biologon.dll
                c:\program files\Protector Suite QL\homepass.dll
                c:\program files\Protector Suite QL\passport.dll
                c:\program files\Protector Suite QL\BhTcAll.dll
                c:\program files\Protector Suite QL\BhDevTfm.dll
                c:\program files\Protector Suite QL\AlgVer.dll
                c:\program files\Protector Suite QL\TCBioLib.dll
                c:\program files\Protector Suite QL\remote.dll
                c:\windows\system32\VESWinlogon.dll
                c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
                c:\program files\Protector Suite QL\mysafe.dll

              • ‘lsass.exe’(752)
                c:\windows\system32\fusstub.dll
                c:\program files\Protector Suite QL\infra.dll
                c:\program files\Protector Suite QL\homefus.dll
                .
                ------------------------ Other Running Processes ------------------------
                .
                c:\program files\Intel\Wireless\Bin\EvtEng.exe
                c:\program files\Intel\Wireless\Bin\S24EvMon.exe
                c:\program files\Alwil Software\Avast4\aswUpdSv.exe
                c:\program files\Alwil Software\Avast4\ashServ.exe
                c:\program files\Apoint\ApntEx.exe
                c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
                c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
                c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
                c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
                c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
                c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
                c:\windows\system32\nvsvc32.exe
                c:\windows\system32\HPZipm12.exe
                c:\program files\Intel\Wireless\Bin\RegSrvc.exe
                c:\program files\Spyware Doctor\pctsAuxs.exe
                c:\program files\Spyware Doctor\pctsSvc.exe
                c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                c:\program files\Sony\VAIO Event Service\VESMgr.exe
                c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
                c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
                c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
                c:\program files\Alwil Software\Avast4\ashMaiSv.exe
                c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
                c:\windows\system32\wscntfy.exe
                c:\program files\iPod\bin\iPodService.exe
                c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
                .

.
Completion time: 2008-11-27 18:46:46 - machine was rebooted [Jonathan Olson]
ComboFix-quarantined-files.txt 2008-11-28 02:46:40

Pre-Run: 10,234,994,688 bytes free
Post-Run: 13,719,023,616 bytes free

243 — E O F — 2008-11-12 07:19:56

6

I haven’t looked in detail at your logs as I think this is a problem usually associated with having another AV or remnants of another AV on your system. A quick look at the O23 entries shows the dreaded Symantec.

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

symlcsvc.exe or symlcsvc process info for Norton Internet Security Suite.
So you still have remnants of NIS, Norton is a pig to remove even if you have uninstalled it, there are frequently remnants waiting to bite your next AV in the rear.

A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT
Or ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

I don’t know if your PC Tools application/s incorporate an anti-virus element (not just anti-spyware) ?

7

I ran the Norton removal tool, but none of the problems were fixed. I wouldn’t think it would be Symantec, since I think I removed it the day I bought my computer, and haven’t had this problem for the two years I’ve had it.

8

Well the problem is not un-typical of remnants of an AV and your HJT log basically confirms there are remnants of Norton. So the SymNRT tool didn’t work, though why it would suddenly appear, possibly the last program update sparked/noticed the possible conflict.

I would certainly Fix: the entry in HJT and reboot and see if that resolves the problem.

If not try a repair of avast. Add Remove programs, select ‘avast! Anti-Virus,’ click the Change/Remove button and scroll down to Repair, click next and follow.
If that doesn’t work try, uninstall, reboot, install, reboot.

9

I fixed the Symmantec with HJT, and uninstalled avast! but neither has worked at restoring my internet. Is there a chance that reinstalling avast would fix the problem, or has the potential problem been ruled out?

10

I don’t know if it would restore your internet as avast doesn’t change any internet settings.

However there is some malware that when removed can mess your your internet connections, but you don’t mention anything about a previous infection/detection ?

Some work arounds/posssible fixes for lost connections, see below - if you have XP SP2 or higher (perhaps even Vista, don’t know) try the last option first and see if that is enough.

Lost Internet Connection - To recover you internet connection, try downloading and running WinsockXPfix: http://www.snapfiles.com/get/winsockxpfix.html

– NEWDOTNET - Check out this topic http://forum.avast.com/index.php?topic=21608.0

No needs to do all of this. For non-XP SP2 systems http://cexx.org/lspfix.htm

For XP SP2, try Windows Start button, Run - type ‘netsh winsock reset’ without the quotes - this may be enough to fix the issue.

If none of the above work then it is likely to be a problem with your wireless router, and I have zero experience there.

11

None of those worked. For sure it isn’t a problem with the wireless router, since I have gone to more than one wireless location, and none of them work (and everyone else’s computer on the router works). Furthermore, I doubt it’s a hardware or router problem since I have successfully connected to networks on my alternate Linux bootup.

12

Well I really have no other suggestions.

Though windows will communicate with your wireless network/router differently than Linux so it could still be a problem with communication to your router, but only in windows at that was the problem area.