 HP laptop needs help, malware?? |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Dec 31 2008, 03:50 PM
Post
#1
|
|
|
Member  Group: Members Posts: 17 Joined: 19-February 07 Member No.: 112,691  |
Respect and a shout out to didom for helping me out so much last year when my computer got hit. You guys were SO helpful last time I thought one of you could take a look at this DSS file and tell me what's going on. My computer has been acting very erratic and crashing a lot lately. Firefox crashes for no reason. In the last few days my HP wireless assistant icon no longer appears in my system tray. For a couple of days i would get the error message that "HP wireless assistant doesn't work on this machine" error screen when it's been working fine for a long time. So I am unable to view available wireless networks. My Sygate personal firewall has also disappeared from my systray. Windows task manager says both are working but neither will open from the start menu for editing. The wireless card is working but I can't access my firewall or access other wireless networks. I've done several scans using the various free programs listed on this board which have removed a couple of viruses and some spyware but I need an expert's eye. Any suggestions would be greatly appreciated. Thank you in advance for checking this out and happy new year ! Bill C DDS (Version 1.1.0) - NTFSx86 Run by Bill Churchville at 11:44:43.81 on Wed 12/31/2008 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11 ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.msn.com uInternet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.serv...&prodOS=012 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: SpywareBlock Class: {0a87e45f-537a-40b4-b812-e2544c21a09f} - c:\program files\spycatcher 2006\SCActiveBlock.dll BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [AnalogClock] c:\program files\analog clock\AnalogClock.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" dRunOnce: [RunNarrator] Narrator.exe uExplorerRun: [svchost.exe] c:\windows\svchost.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\desktop media\mediadetect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spycat~1.lnk - c:\program files\spycatcher 2006\Protector.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs: interceptor.dll,c:\progra~1\agnitum\outpos~1.0\wl_hook.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\billch~1\applic~1\mozilla\firefox\profiles\gfdrsjzr.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 4 ============= SERVICES / DRIVERS =============== RSPR?S?C?P?P?01234RSPR?S?C?P?P?01234 =============== Created Last 30 ================ 2008-12-30 12:35 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-12-30 12:35 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2008-12-30 12:35 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-12-30 12:35 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2008-12-25 11:28 <DIR> --d----- C:\Outlook Backup 2008-12-19 14:28 54,156 a---h--- c:\windows\QTFont.qfn 2008-12-19 14:28 1,409 a------- c:\windows\QTFont.for 2008-12-03 21:14 410,984 a------- c:\windows\system32\deploytk.dll 2008-12-02 09:41 <DIR> --d----- c:\program files\r2 Studios ==================== Find3M ==================== 2008-12-12 09:33 3,060,224 -------- c:\windows\system32\dllcache\mshtml.dll 2008-10-29 19:48 72,272 a------- c:\docume~1\billch~1\applic~1\GDIPFONTCACHEV1.DAT 2008-10-24 03:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 05:01 283,648 a------- c:\windows\system32\gdi32.dll 2008-10-23 05:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll 2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll 2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll 2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll 2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll 2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll 2008-10-15 08:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll 2008-10-15 01:45 18,432 -------- c:\windows\system32\dllcache\iedw.exe 2008-10-03 02:15 247,326 a------- c:\windows\system32\strmdll.dll 2008-10-03 02:15 247,326 -------- c:\windows\system32\dllcache\strmdll.dll 2008-02-29 13:13 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat 2007-03-09 22:45 0 a------- c:\docume~1\billch~1\applic~1\wklnhst.dat 2007-02-19 15:40 14 a------- c:\documents and settings\bill churchville\getfile.dat ============= FINISH: 11:58:56.35 ===============
Attached File(s)
|
 |
 
|
|
Jan 10 2009, 08:36 PM
Post
#2
|
|
 Distinguished Member Group: HJT Team Posts: 692 Joined: 19-February 07 From: West Coast of Florida, USA Member No.: 112,785 |
Welcome to BC
 Sorry for the delay Please post a fresh DDS log. Thanks --------------------  Microsoft MVP Consumer Security--2007-2009  |
|
|
|
|
Jan 10 2009, 10:24 PM
Post
#3
|
|
|
Member Group: Members Posts: 17 Joined: 19-February 07 Member No.: 112,691 |
Thanks Sjpritch,
I've done a few things since the last post. Let me bring you up to speed. 1. I cannot access system restore. I get an error every time I try. even in safe mode administrator acct. 2. control panel/network connections is blank. will not list net connections. 3. spoke with HP tech support (useless) had me remove and try to reinstall HP wireless assistant. Fail. Keep getting active X error. 4. replaced old firewall with online Armour (free). 5. Can't even run D.S.S. I just get the black screen... and no log ever comes up. processor goes to 100% and just spins. I'll have to post Hijack this log.. below. Thanks in advance for any help you can give. I will continue to try DSS. if successful, I'll post here.. bc ********************* Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:22:37 PM, on 1/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Clock\AnalogClock.exe C:\Program Files\Desktop Media\mediadetect.exe C:\Program Files\palmOne\Hotsync.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.serv...&prodOS=012 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: HPF5F510 HP0019BBF5F510 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe O4 - HKCU\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe (User '?') O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - S-1-5-21-153893394-2306047840-1661408073-1005 Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe (User '?') O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe O4 - Global Startup: Desktop Media.lnk = C:\Program Files\Desktop Media\mediadetect.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\agnitum\outpos~1.0\wl_hook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Unknown owner - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 8100 bytes |
|
|
|
|
Jan 10 2009, 10:41 PM
Post
#4
|
|
|
Distinguished Member Group: HJT Team Posts: 692 Joined: 19-February 07 From: West Coast of Florida, USA Member No.: 112,785 |
Okay, you are certainly infected, but i need you to disable Online Armor cause it will affect our fixes.
Please download Malwarebytes Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately. Please follow post logs from dds too. thanks -------------------- Microsoft MVP Consumer Security--2007-2009 |
|
|
|
|
Jan 10 2009, 11:34 PM
Post
#5
|
|
|
Member Group: Members Posts: 17 Joined: 19-February 07 Member No.: 112,691 |
OK,
did as you requested. caught 2 malware. Still unable to generate dds log. online armour disabled for scans. MANY THANKS !!! bc Here's MBAM log: >>>>>>>>>>>>>>>>>>> Malwarebytes' Anti-Malware 1.32 Database version: 1640 Windows 5.1.2600 Service Pack 2 1/10/2009 8:21:22 PM mbam-log-2009-01-10 (20-21-22).txt Scan type: Quick Scan Objects scanned: 57404 Time elapsed: 3 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. <<<<<<<<<<<<<<<<< Here's hijack log: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:27:07 PM, on 1/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Analog Clock\AnalogClock.exe C:\Program Files\Desktop Media\mediadetect.exe C:\Program Files\palmOne\Hotsync.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.serv...&prodOS=012 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: HPF5F510 HP0019BBF5F510 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe O4 - HKCU\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe (User '?') O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - S-1-5-21-153893394-2306047840-1661408073-1005 Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe (User '?') O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe O4 - Global Startup: Desktop Media.lnk = C:\Program Files\Desktop Media\mediadetect.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\agnitum\outpos~1.0\wl_hook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Unknown owner - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 8160 bytes |
|
|
|
|
Jan 11 2009, 08:37 PM
Post
#6
|
|
|
Distinguished Member Group: HJT Team Posts: 692 Joined: 19-February 07 From: West Coast of Florida, USA Member No.: 112,785 |
Note: You may need to unhide hidden files and folders.
Configure Windows XP to show hide hidden files: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select "Show hidden files and folders". Uncheck the "Hide protected operating system files (recommended)" option. Uncheck the "Hide file extensions for known file types" option. Click Yes to confirm. Click OK. Please DELETE the following file(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them. Files: C:\WINDOWS\svchost.exe <-- this file Run HijackThis, and press "Do a System Scan Only". 1. When the scan is complete place a check mark next to the following entries: O4 - HKCU\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe (User '?') 2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer... In your next reply, please include a fresh HIjackthis log and let me know how everything is running. Thanks -------------------- Microsoft MVP Consumer Security--2007-2009 |
|
|
|
|
Jan 12 2009, 02:38 AM
Post
#7
|
|
|
Member Group: Members Posts: 17 Joined: 19-February 07 Member No.: 112,691 |
Wow, this lil bugger is persistant..
I already had all of the hidden files/folders set to show. I did a search for svchost. not present C\WINDOWS\svchost.exe Search did locate the following files: C\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf C\WINDOWS\System32\svchost.exe I did not delete them because the were not at the root level of C\WINDOWS as indicated in your instructions. The first of the 2 files was listed as created 12/29/08.. which was right about the time my notebook started having real problems. Fixed the lines checked in HJT scan as requested and rebooted. Computer is operating fairly well although slow. still able to access i-net through home wireless. Control Panel/Network Connections still blank. Does not show wireless connection or LAN. Haven't tried to access through different wireless network. May try STARBUCKS tomorrow. I have to go to Vegas for 2 weeks for work on Wed and will need to access other wifi networks. Haven't been able to reinstall HP Wireless Assistant. Script error. Networking icons still do not appear in system tray on desktop. Still cannot access system restore however System restore tab appeared briefly on System Properties page. Does not appear now after trying to access System Restore. Still get error screen. "System Restore is not able to protect your computer. Please restart your computer and then run System Restore again." Fresh HJT log follows. Online Armour is off for scan. THANK YOU. bill >>>>>>>>>>>>>> Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:14:44 PM, on 1/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Clock\AnalogClock.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Desktop Media\mediadetect.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.serv...&prodOS=012 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: HPF5F510 HP0019BBF5F510 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - S-1-5-21-153893394-2306047840-1661408073-1005 Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe (User '?') O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe O4 - Global Startup: Desktop Media.lnk = C:\Program Files\Desktop Media\mediadetect.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\agnitum\outpos~1.0\wl_hook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Unknown owner - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 7923 bytes |
|
|
|
|
Jan 12 2009, 12:03 PM
Post
#8
|
|
|
Member Group: Members Posts: 17 Joined: 19-February 07 Member No.: 112,691 |
HI SJ,
The system seems to be getting more unstable. It will no longer hibernate. Shutdown hangs up . It seems like when it boots the system hangs and does not show the desktop unless the wireless card is ON. strange! explorer seems to be hanging up on boot and shutdown. Still can't run DSS I don't have to tell you how good a new macbook is looking right about now. bc Here's a new HJT scan this am. online armour is ON. >>>>>>>>> Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:00:26 AM, on 1/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Analog Clock\AnalogClock.exe C:\Program Files\Desktop Media\mediadetect.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Tall Emu\Online Armor\oahlp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.serv...&prodOS=012 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: HPF5F510 HP0019BBF5F510 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - S-1-5-21-153893394-2306047840-1661408073-1005 Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe (User '?') O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe O4 - Global Startup: Desktop Media.lnk = C:\Program Files\Desktop Media\mediadetect.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\agnitum\outpos~1.0\wl_hook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Unknown owner - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 8117 bytes |
|
|
|
|
Jan 12 2009, 06:23 PM
Post
#9
|
|
|
Distinguished Member Group: HJT Team Posts: 692 Joined: 19-February 07 From: West Coast of Florida, USA Member No.: 112,785 |
I wonder if its a problem with Online Armour and Avast. Uninstall Avast and AVG let me know how everything is running. If you notice a difference let me know.
-------------------- Microsoft MVP Consumer Security--2007-2009 |
|
|
|
|
Jan 12 2009, 10:05 PM
Post
#10
|
|
|
Member Group: Members Posts: 17 Joined: 19-February 07 Member No.: 112,691 |
Hey SJ,
I uninstalled AVG. Avast free is the only antivirus program I have on the computer. I'm using Online Armour free firewall and this version doesn't have antivirus built in. If I remove Avast. I'll need another antivirus. Can you recommend one from your bleeping computer freeware replacements that won't conflict with Online Armour?? bc |
|
|
|
|
Jan 12 2009, 10:50 PM
Post
#11
|
|
|
Member Group: Members Posts: 17 Joined: 19-February 07 Member No.: 112,691 |
after uninstalling AVG things are running better. Hibernate is working. Still can't access system restore and network connections is blank. It wont let me access current network. Wireless is working and I am able to connect to home network.
|
|
|
|
|
Jan 12 2009, 11:55 PM
Post
#12
|
|
|
Distinguished Member Group: HJT Team Posts: 692 Joined: 19-February 07 From: West Coast of Florida, USA Member No.: 112,785 |
When you ope My Computer ---> On the left pane, click on My Network Places, click on Connections and le me know what is displayed. thanks
-------------------- Microsoft MVP Consumer Security--2007-2009 |
|
|
|
|
Jan 13 2009, 12:07 AM
Post
#13
|
|
|
Member Group: Members Posts: 17 Joined: 19-February 07 Member No.: 112,691 |
It shows a small icon that looks like a TV set entitled HPF5F510.
When I clicked on properties/general tab it lists my HP C-6100 wireless printer. Nothing else.. although the wiress card is working and the ethernet connection is working. bc |
|
|
|
|
Jan 13 2009, 01:27 AM
Post
#14
|
|
|
Member Group: Members Posts: 17 Joined: 19-February 07 Member No.: 112,691 |
Heeeyyyy!
I finally got a dss report.. Still haven't removed avast!. Concerned about having no antivirus protection.. Online Armour was on for this scan.. Here's the DSS.. The attach.txt is attached. thanks..bc >>>>>>>>>>>>>>> DDS (Ver_09-01-07.01) - NTFSx86 Run by Bill Churchville at 21:39:22.89 on Mon 01/12/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11 ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr? TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion& pf=laptop mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.msn.com uInternet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.serv...s.ProdReg1Servl et? appID=java_wreg_wreg_genpg&modelID=EP346UA&product _full_name=HP%20Pavilion% 20dv1000&PROD_SERIAL_ID=CNF6031K4K&PURCH_DT_ MONTH=02&PURCH_DT_DAY=25&PURCH_DT_YEAR=20 06&gwCountry=US&language=EN&prodOS=012 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59- b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0 \activex\AcroIEHelper.dll BHO: SpywareBlock Class: {0a87e45f-537a-40b4-b812- e2544c21a09f} - c:\program files\spycatcher 2006 \SCActiveBlock.dll BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c- b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638- b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b- bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07- bc86-eabfe594f69c} - c:\program files\java\jre6 \lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [AnalogClock] c:\program files\analog clock\AnalogClock.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6 \bin\jusched.exe" mRun: [SpyCatcher Reminder] "c:\program files\spycatcher 2006\SpyCatcher.exe" reminder mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe" dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\billch~1\startm~1 \programs\startup\schedu~1.lnk - c:\program files\spycatcher 2006\Scheduler daemon.exe StartupFolder: c:\docume~1\alluse~1\startm~1 \programs\startup\deskto~1.lnk - c:\program files\desktop media\mediadetect.exe StartupFolder: c:\docume~1\alluse~1\startm~1 \programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe StartupFolder: c:\docume~1\alluse~1\startm~1 \programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1 \programs\startup\spycat~1.lnk - c:\program files\spycatcher 2006\Protector.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4 \office10\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458- 1830C7DD7F5D} - c:\progra~1\common~1 \skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs: interceptor.dll,c:\progra~1\agnitum\outpos~1.0 \wl_hook.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7- 94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208- 39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4 \MpShHook.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a -ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f- 037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\billch~1\applic~1 \mozilla\firefox\profiles\gfdrsjzr.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 4 ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-01-10 20:13 <DIR> --d----- c:\docume~1 \billch~1\applic~1\Malwarebytes 2009-01-10 20:13 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-01-10 20:13 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-10 20:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-01-10 20:13 <DIR> --d----- c:\docume~1 \alluse~1\applic~1\Malwarebytes 2009-01-10 11:38 <DIR> --d----- c:\docume~1 \billch~1\applic~1\OnlineArmor 2009-01-10 11:38 <DIR> --d----- c:\docume~1 \alluse~1\applic~1\OnlineArmor 2009-01-10 11:37 178,376 a------- c:\windows\system32\drivers\OADriver.sys 2009-01-10 11:37 30,920 a------- c:\windows\system32\drivers\OAmon.sys 2009-01-10 11:37 28,872 a------- c:\windows\system32\drivers\OAnet.sys 2009-01-10 11:37 <DIR> --d----- c:\program files\Tall Emu 2009-01-10 11:37 <DIR> --d----- C:\OnlineArmor 2009-01-10 11:09 81,920 a------- c:\windows\system32\Startup.cpl 2009-01-06 23:36 552 a------- c:\windows\system32\d3d8caps.dat 2008-12-30 12:35 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-12-30 12:35 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2008-12-30 12:35 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-12-30 12:35 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2008-12-25 11:28 <DIR> --d----- C:\Outlook Backup 2008-12-19 14:28 54,156 a---h--- c:\windows\QTFont.qfn 2008-12-19 14:28 1,409 a------- c:\windows\QTFont.for ==================== Find3M ==================== 2008-12-12 09:33 3,060,224 -------- c:\windows\system32\dllcache\mshtml.dll 2008-12-03 21:14 410,984 a------- c:\windows\system32\deploytk.dll 2008-10-29 19:48 72,272 a------- c:\docume~1 \billch~1\applic~1\GDIPFONTCACHEV1.DAT 2008-10-24 03:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 05:01 283,648 a------- c:\windows\system32\gdi32.dll 2008-10-23 05:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll 2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll 2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll 2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll 2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll 2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll 2008-10-15 08:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll 2008-10-15 01:45 18,432 -------- c:\windows\system32\dllcache\iedw.exe 2008-02-29 13:13 32 a------- c:\docume~1 \alluse~1\applic~1\ezsid.dat 2007-03-09 22:45 0 a------- c:\docume~1 \billch~1\applic~1\wklnhst.dat 2007-02-19 15:40 14 a------- c:\documents and settings\bill churchville\getfile.dat ============= FINISH: 22:20:42.64 ===============
Attached File(s)
|
|
|
|
|
Jan 13 2009, 06:22 PM
Post
#15
|
|
|
Distinguished Member Group: HJT Team Posts: 692 Joined: 19-February 07 From: West Coast of Florida, USA Member No.: 112,785 |
Go to Start ---> Control Panel ---> Click on Network Connections
Let me know what's displayed. -------------------- Microsoft MVP Consumer Security--2007-2009 |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 05:41 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.