[billws]

I have uninstalled and re-installed Sprint Smartview twice now. The problem persists.

[Advertisements]

Ok

This issue appeared after the use of Combofix, so please disable your antivirus, and run again Combofix (to let it finish its job) as explained in my previous posts.
Then please post its log.


THEN


Please click here to download SINO (by Artellos) to your desktop.

• Double click on the SINO icon to run it
• Then please select the following boxes :
  
  • Ipconfig
  • Ping
  • Netstat
  • Hosts file
  • Shares
  • Routing Table
• Then hit the Run scan! button.
• A notepad file will pop up, please copy and paste its content in your next reply.

Note: If you try to interact with the program once it's started scanning it might appear to hang. The scan however will continue.



Also try to connect now and tell me the result please

[Tweene]

Ok

This issue appeared after the use of Combofix, so please disable your antivirus, and run again Combofix (to let it finish its job) as explained in my previous posts.
Then please post its log.


THEN


Please click here to download SINO (by Artellos) to your desktop.

• Double click on the SINO icon to run it
• Then please select the following boxes :
  
  • Ipconfig
  • Ping
  • Netstat
  • Hosts file
  • Shares
  • Routing Table
• Then hit the Run scan! button.
• A notepad file will pop up, please copy and paste its content in your next reply.

Note: If you try to interact with the program once it's started scanning it might appear to hang. The scan however will continue.



Also try to connect now and tell me the result please

[billws]

============== combo fix log =============================

ComboFix 09-08-30.04 - Owner 09/03/2009 18:55.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.998.516 [GMT -5:00]
Running from: c:\documents and settings\Owner.Main\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090830-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG 7.5.430 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\KimLee\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Protection Suite.lnk
c:\documents and settings\KimLee\Desktop\Windows Protection Suite.lnk
c:\documents and settings\KimLee\Start Menu\Programs\Windows Protection Suite.lnk
c:\documents and settings\KimLee\Start Menu\Windows Protection Suite.lnk
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\recycler\S-1-5-21-2505601857-2504061644-3015518269-500
c:\windows\kb913800.exe
c:\windows\system32\twain.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-09-03 02:10 . 2009-09-03 02:10 -------- d-----w- c:\windows\LastGood
2009-09-03 02:09 . 2009-09-03 02:09 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bytemobile
2009-09-03 02:07 . 2009-09-03 02:07 -------- d-----w- c:\documents and settings\IUSR_NMPR.Main\Application Data\Bytemobile
2009-09-03 02:06 . 2005-03-15 16:11 17920 ----a-w- c:\windows\system32\apintfnt.dll
2009-09-03 02:02 . 2009-09-03 02:02 -------- d-----w- c:\program files\Sprint
2009-09-03 02:02 . 2009-09-03 02:02 -------- d-----w- c:\program files\Novatel Wireless
2009-09-03 00:13 . 2009-09-03 00:13 -------- d-----w- c:\documents and settings\Owner.Main\Application Data\Sprint
2009-09-02 23:54 . 2009-09-03 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprint
2009-08-31 15:16 . 2009-08-31 15:21 17331120 ----a-w- c:\documents and settings\All Users\Application Data\WildTangent\Gateway Game Console\Downloads\Installers\SetupGamesClient.exe
2009-08-31 15:09 . 2009-08-31 15:09 -------- d-----w- C:\_OTS
2009-08-24 20:42 . 2009-08-24 20:42 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-24 20:42 . 2009-08-24 20:42 -------- d-----w- c:\program files\MSBuild
2009-08-24 20:42 . 2009-08-24 20:42 -------- d-----w- c:\program files\Reference Assemblies
2009-08-24 20:42 . 2009-08-24 20:42 -------- d-----w- C:\0afdb0f6f08eee95364a2a
2009-08-24 20:42 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-24 20:42 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-24 20:42 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-24 20:42 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-24 20:42 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-24 20:42 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-24 20:42 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-24 20:40 . 2009-08-24 20:40 -------- d-----w- c:\program files\MSXML 6.0
2009-08-24 04:55 . 2009-08-24 04:55 -------- d-----w- c:\windows\ServicePackFiles
2009-08-23 17:06 . 2009-03-06 14:00 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-23 17:06 . 2009-02-06 09:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-08-23 17:06 . 2005-07-26 04:20 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-08-23 17:06 . 2009-02-09 10:01 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-23 17:06 . 2009-02-09 10:01 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-23 17:06 . 2009-02-06 10:22 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-23 17:06 . 2009-02-06 09:41 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-23 17:06 . 2009-02-09 10:01 728576 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-23 17:06 . 2009-02-09 10:01 617984 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-08-23 17:06 . 2009-02-09 10:01 715264 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-08-23 16:36 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-23 16:28 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-08-23 16:23 . 2008-04-11 18:50 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-23 16:13 . 2008-10-03 10:15 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-08-23 16:13 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-23 14:20 . 2009-08-23 14:20 -------- d-----w- c:\program files\ERUNT
2009-08-22 14:01 . 2008-11-26 16:18 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-22 14:01 . 2008-11-26 16:18 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-22 14:01 . 2008-11-26 16:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-22 14:01 . 2008-11-26 16:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-22 14:01 . 2008-11-26 16:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-22 14:01 . 2008-11-26 16:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-22 14:01 . 2008-11-26 16:15 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-22 14:01 . 2008-11-26 16:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-22 14:01 . 2008-11-26 16:21 1236208 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 01:06 . 2009-08-17 01:30 10915883 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\GameManager\GameDB\F2780T1L1\setup_gF2780T1L1_d609054102_l1_s1.exe
2009-08-07 03:56 . 2009-08-07 03:56 -------- d-----w- c:\documents and settings\KimLee\Application Data\Individual Software
2009-08-07 03:55 . 2009-08-07 03:55 -------- d-----w- C:\temp
2009-08-07 03:49 . 2009-08-07 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Individual Software
2009-08-07 03:49 . 2009-08-08 05:11 -------- d-----w- c:\program files\Total 3D Home
2009-08-07 03:49 . 2009-08-07 03:49 -------- d-----w- c:\program files\Common Files\Individual Software
2009-08-07 03:49 . 2001-07-30 23:40 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-08-07 03:49 . 1999-03-07 18:33 49376 ----a-w- c:\windows\system32\Twunk_16.exe
2009-08-07 03:49 . 1999-03-07 18:33 61440 ----a-w- c:\windows\system32\twunk_32.exe
2009-08-07 03:49 . 1999-03-07 17:00 102400 ----a-w- c:\windows\system32\Twain_32.dll
2009-08-05 09:11 . 2009-08-05 09:11 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 11:20 . 2009-01-16 20:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-03 11:15 . 2009-02-06 18:55 -------- d-----w- c:\program files\Mystery Case Files - Return to Ravenhearst
2009-09-03 02:02 . 2009-01-02 18:49 -------- d-----w- c:\program files\Sierra Wireless
2009-09-03 02:02 . 2009-01-02 18:49 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-08-31 17:10 . 2006-06-19 04:25 38080 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 15:15 . 2009-01-02 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-08-24 19:51 . 2009-05-29 20:17 -------- d-----w- c:\program files\Mystery Case Files - Madame Fate
2009-08-23 14:25 . 2009-01-03 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 14:25 . 2009-01-03 17:38 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-22 14:01 . 2009-01-02 18:59 -------- d-----w- c:\program files\Alwil Software
2009-08-21 15:34 . 2009-04-06 01:49 -------- d-----w- c:\program files\GamesBar
2009-08-21 14:25 . 2009-04-08 04:54 117760 ----a-w- c:\documents and settings\KimLee\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-21 14:18 . 2009-04-06 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\GamesBar
2009-08-17 01:50 . 2009-01-16 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-08-05 09:11 . 2009-01-02 08:45 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 18:36 . 2009-01-03 17:37 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-01-03 17:37 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 03:24 . 2009-08-01 02:50 18801642 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\GameManager\GameDB\F5134T1L1\setup_gF5134T1L1_d595010960_l1_s1.exe
2009-07-31 07:13 . 2009-07-31 00:22 -------- d-----w- c:\documents and settings\KimLee\Application Data\ForgottenRiddles
2009-07-31 00:22 . 2009-07-31 00:22 -------- d-----w- c:\program files\Forgotten Riddles - The Mayan Princess
2009-07-29 04:53 . 2006-06-17 09:23 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2006-06-17 09:23 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 00:41 . 2009-01-09 16:50 1 ----a-w- c:\documents and settings\KimLee\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-26 01:08 . 2009-07-26 01:08 -------- d-----w- c:\documents and settings\KimLee\Application Data\GameInvest
2009-07-24 02:53 . 2009-05-08 17:01 -------- d-----w- c:\program files\ffdshow
2009-07-20 00:04 . 2009-07-20 00:04 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-20 00:04 . 2009-07-20 00:04 -------- d-----w- c:\documents and settings\KimLee\Application Data\SystemRequirementsLab
2009-07-20 00:04 . 2009-07-20 00:04 207872 ----a-w- c:\documents and settings\KimLee\Application Data\SystemRequirementsLab\SRLProxy_ind_4.dll
2009-07-20 00:04 . 2009-07-20 00:04 207872 ----a-w- c:\documents and settings\KimLee\Application Data\SystemRequirementsLab\SRLProxy_ind_3.dll
2009-07-20 00:04 . 2009-07-20 00:04 207872 ----a-w- c:\documents and settings\KimLee\Application Data\SystemRequirementsLab\SRLProxy_ind_2.dll
2009-07-20 00:04 . 2009-07-20 00:04 207872 ----a-w- c:\documents and settings\KimLee\Application Data\SystemRequirementsLab\SRLProxy_ind_1.dll
2009-07-17 18:55 . 2009-01-02 08:41 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2009-01-02 08:47 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 04:26 . 2009-07-02 01:27 -------- d-----w- c:\program files\Hidden Expedition - Amazon
2009-06-26 15:59 . 2006-06-17 09:23 668160 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 15:59 . 2009-01-02 08:43 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2009-01-02 08:44 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2009-01-02 08:44 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2009-01-02 08:44 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2009-01-02 08:44 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2009-01-02 08:44 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2009-01-02 08:44 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2009-01-02 08:44 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2009-01-02 08:44 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:36 . 2009-01-02 08:44 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2009-01-02 08:44 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2009-01-02 08:44 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2009-01-02 08:44 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-22 11:49 . 2009-01-02 08:44 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2009-01-02 08:44 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2009-01-02 08:44 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2009-01-02 08:44 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-12 11:50 . 2009-01-02 08:46 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2006-06-17 09:23 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2009-01-02 08:41 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2009-01-02 08:47 132096 ----a-w- c:\windows\system32\wkssvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-02 169984]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-07-13 9134080]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-27 303104]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-30 375296]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-12 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-12 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-12 143360]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-05-26 75008]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-05-26 316672]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-09 550912]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

c:\documents and settings\KimLee\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\Owner.Main\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2009-1-2 2168360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 22:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/22/2009 9:01 AM 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 3:07 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 3:07 PM 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/22/2009 9:01 AM 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 3:07 PM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SPRINTRCAPPSVC
*NewlyCreated* - TCPIPBM
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - sttray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
LSP: bmnet.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 19:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\bmnet.dll
.
Completion time: 2009-09-04 19:10
ComboFix-quarantined-files.txt 2009-09-04 00:10

Pre-Run: 136,901,607,424 bytes free
Post-Run: 139,411,922,944 bytes free

228 --- E O F --- 2009-08-24 20:45


============================= end combo fix log ============================

[billws]

==================== SINO LOG ============================

System Investigator by Olrik
Log Created On: 1920_03-09-2009
SINO Version: 2.4.8.9

Total RAM: 997 MB | Free RAM: 478 MB | Pagefile Size: 2402 MB
C: | 133255 MB out of 232966 MB Free | Local Fixed Disk
D: | 2157 MB out of 5495 MB Free | Local Fixed Disk
E: | None | CD-ROM Disc
F: | None | Removable Disk
G: | None | Removable Disk
H: | None | Removable Disk
I: | None | Removable Disk

<<<< Ipconfig >>>>

Windows IP Configuration

Host Name . . . . . . . . . . . . : Main
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel® 82562V 10/100 Network Connection
Physical Address. . . . . . . . . : 00-16-76-AC-AA-3F


<<<< Pinging >>>>

Pinging to www.opendns.com
There was a problem executing a ping to www.opendns.com
This can be due to various reasons. Missing a DNS Server or Internet Connection are the biggest cause of this error.

Pinging to 208.67.222.222
There was a problem executing a ping to 208.67.222.222
This can be due to various reasons. Missing a DNS Server or Internet Connection are the biggest cause of this error.

Pinging to www.youtube.com
There was a problem executing a ping to www.youtube.com
This can be due to various reasons. Missing a DNS Server or Internet Connection are the biggest cause of this error.

Pinging to 208.117.236.69
There was a problem executing a ping to 208.117.236.69
This can be due to various reasons. Missing a DNS Server or Internet Connection are the biggest cause of this error.

localhost Test
Pinging to 127.0.0.1 [127.0.0.1]:

Response - 0ms
Response - 0ms
Response - 0ms
Response - 0ms

Packets: Sent = 4, Received = 4, Lost = 0
Minimum = 0ms - Maximum = 0ms


<<<< Netstat >>>>

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1060
[svchost.exe]

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 0.0.0.0:55382 0.0.0.0:0 LISTENING 1320
[Remote UI Service.exe]

TCP 0.0.0.0:57519 0.0.0.0:0 LISTENING 1320
[Remote UI Service.exe]

TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING 2184
[alg.exe]

TCP 127.0.0.1:4664 0.0.0.0:0 LISTENING 2876
[GoogleDesktopIndex.exe]

TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING 2012
[ashMaiSv.exe]

TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING 2056
[ashWebSv.exe]

TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING 2012
[ashMaiSv.exe]

TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING 2012
[ashMaiSv.exe]

TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING 2012
[ashMaiSv.exe]

UDP 0.0.0.0:3776 *:* 504
[mcrdsvc.exe]

UDP 0.0.0.0:500 *:* 820
[lsass.exe]

UDP 0.0.0.0:1900 *:* 1320
[Remote UI Service.exe]

UDP 0.0.0.0:4500 *:* 820
[lsass.exe]

UDP 0.0.0.0:52595 *:* 1320
[Remote UI Service.exe]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 127.0.0.1:1900 *:* 272
[svchost.exe]

UDP 127.0.0.1:61234 *:* 3416
Can not obtain ownership information
UDP 127.0.0.1:123 *:* 1108
[svchost.exe]

UDP 127.0.0.1:1043 *:* 3416
Can not obtain ownership information

<<<< Routing Table >>>>

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 76 ac aa 3f ...... Intel® 82562V 10/100 Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None

Route Table

<<<< Hosts File >>>>

The HOSTS file is 6946 Bytes in size.


74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com

There were more then 5 lines not pointing to 127.0.0.1

<<<< Active Shares >>>>

Share: IPC$ - Path:
Share: D$ - Path: D:\
Share: ADMIN$ - Path: C:\WINDOWS
Share: C$ - Path: C:\


END OF LOG FILE, Date of Completion: 1920_03-09-2009 ----------


======================== end of sino log =====================================


Sprint SmartView is working again. I can get online now.

The original problem persists. Cannot access gmail.

Thanks again for your efforts.

[Tweene]

Hello


Great, how did you do to fix the problem about Sprint Smartview ?

I'm going to check your logs and I'll be back as soon as possible

[Tweene]

Hi


Step 1

It seems that you have two antivirus : Avast! and AVG.
Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
I advise you to uninstall one of them.


Step 2

Download the HostsXpert 4.2 - Hosts File Manager.

• Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
• Run HostsXpert 4.2 - Hosts File Manager from its new home
• Click on "File Handling".
• Click on "Restore MS Hosts File".
• Click OK on the Confirmation box.
• Click on "Make Read Only?"
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Two solutions : it works or it doesn't work.

• If it seems to work, please open the hosts file and check that there is no entry like these :
  
  74.125.45.100 4-open-davinci.com
  74.125.45.100 securitysoftwarepayments.com.
  
  If you don't find them, please post a new OTL log and stop here (dont' follow the step 3).
  If you find them, please go on with the third step.
  
  
• If you get an error with HostsXpert, then go ahead with the step 3.

Step 3

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  C:\WINDOWS\system32\drivers\etc\hosts
  
  :Commands
  [purity]
  [emptytemp]
  [resethosts]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL log

THEN

• Run HostsXpert 4.2 - Hosts File Manager from its new home
• Click on "File Handling".
• Click on "Restore MS Hosts File".
• Click OK on the Confirmation box.
• Click on "Make Read Only?"
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

and then please post a new OTL log.



How is your computer running ?

[billws]

Got an error with hostsexpert.

otl log

All processes killed
========== FILES ==========
C:\WINDOWS\system32\drivers\etc\hosts moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR_NMPR.Main
->Temp folder emptied: 59463 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR_NMPR.MAIN.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: KimLee
->Temp folder emptied: 6831551 bytes
->Temporary Internet Files folder emptied: 63901 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3360237 bytes
->Opera cache emptied: 133579 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner

User: Owner.Main
->Temp folder emptied: 12038124 bytes
File delete failed. C:\Documents and Settings\Owner.Main\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 94487 bytes
->Opera cache emptied: 26404370 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_57c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 46.83 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.0.10.7 log created on 09042009_230312

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_57c.dat not found!

Registry entries deleted on Reboot...

[Tweene]

Ok, so you got an error the first time you ran HostsXpert. But do you still have an error after the use of OTL ?

Don't forget the new OTL log (run OTL and click on Quick scan)

[billws]

Looks like OTL straightened everything out. Machine seems to be running fine now. I will post OTL log as soon as I can get on that machine.

I had uninstalled AVG (I thought) a long time ago. Apparently what I did just got rid of the user interface items and icons and left the program running in the background. I can find no uninstall avg program. Nor is there any listing for AVG in Add ? Remove Programs. I thought I would run the AVG installer and see if I could delete that way... Sound OK to you?

[Tweene]

Sounds good.

You have the AVG remover here : http://www.avg.com/download-tools
You can try it.

[Tweene]

Hello billws


Do you still need assistance ?

[billws]

Hey, Tweene. Sorry for the delay in reply. Everything seems to be running fine.

If you want to close out the thread, that's OK by me.

I really appreciate your efforts.

Thanks again.

[Tweene]

Hi


Absence of symptoms does not mean that everything is clear.
If you agree with it, I think you should run one more scan to clear out the remnants.


You have used Malwarebytes before. If you still have it on your machine please update and run a Quick Scan. Post the scan report back here.


If you no-longer have Malwarebytes, please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.



Things I'd like to see in your next reply :
- the Malwarebyte log
- a fresh and new OTL log

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.