XP Serv Pack 3 stalls and won't complete

Computer Help and Spyware Removal

BleepingComputer.com

Welcome Guest ( Log In | Click here to Register a free account now! )

Register a free account to unlock additional features at BleepingComputer.com

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal > Misplaced HJT Logs

Closed Topic

Start new topic

XP Serv Pack 3 stalls and won't complete, WIN XP Home on a Dell Latitude

jabroy View Member Profile	Jun 21 2009, 06:39 PM Post #1
Member Group: Members Posts: 23 Joined: 1-June 09 From: Southern Cal Member No.: 337,896	Hello, Having problems updating to service pack 3 on Dell latitude running XP Home. I have disabled all virus protection and operation stalls when it reaches "running programs after install" I'm not sure that is the exact wording... But attached is the Hijack log and DDS log. Hoping someone can get me going in the right direction.... Thanx Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:48:39 PM, on 6/20/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\HyperSnap-DX 5\HprSnap5.exe C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Dell Laptop\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /installquiet O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [StatusClient 2.6] "C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] "C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: HyperSnap-DX 5.lnk = C:\Program Files\HyperSnap-DX 5\HprSnap5.exe O4 - Global Startup: SentriLockCardUtility.lnk = C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191287923064 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191847504970 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 10754 bytes DDS (Ver_09-05-14.01) - NTFSx86 Run by Dell Laptop at 18:39:44.96 on Sat 06/20/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1279.627 [GMT -7:00] AV: McAfee VirusScan On-access scanning enabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall enabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\HyperSnap-DX 5\HprSnap5.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Dell Laptop\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe" uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [Apoint] "c:\program files\apoint\Apoint.exe" mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] "c:\windows\system32\nwiz.exe" /installquiet mRun: [Broadcom Wireless Manager UI] "c:\windows\system32\WLTRAY.exe" mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe" mRun: [StatusClient 2.6] "c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe" /auto mRun: [TomcatStartup 2.5] "c:\program files\hewlett-packard\toolbox\hpbpsttp.exe" mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [KernelFaultCheck] "c:\windows\system32\dumprep.exe" 0 -k mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hypers~1.lnk - c:\program files\hypersnap-dx 5\HprSnap5.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sentri~1.lnk - c:\program files\sentrilockcardutility\SentrilockCardUtility.exe IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191287923064 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191847504970 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1244696438253&h=1403012b9465e4dc5162cbd08959d6fd/&filename=jinstall-6u13-windows-i586-jc.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-20 64160] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-6-10 28544] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 214024] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-22 210216] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-22 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-22 144704] R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-10-23 76160] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-22 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-22 79880] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-22 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-22 40552] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-22 34216] S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2004-4-6 64088] =============== Created Last 30 ================ 2009-06-20 18:27 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-06-20 18:24 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-06-20 18:24 <DIR> --d----- c:\program files\Lavasoft 2009-06-20 17:59 2,118 a------- c:\windows\wininit.ini 2009-06-20 16:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-06-11 08:49 3,255 a------- c:\windows\system32\wbem\Outlook_01c9eaac43c94c40.mof 2009-06-10 22:00 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-10 22:00 73,728 a------- c:\windows\system32\javacpl.cpl 2009-06-10 19:39 28,544 a------- c:\windows\system32\drivers\pavboot.sys 2009-06-10 19:39 <DIR> --d----- c:\program files\Panda Security ==================== Find3M ==================== 2009-06-20 12:06 32,003 a------- c:\windows\system32\nvModes.dat 2009-05-07 08:44 344,064 -------- c:\windows\system32\localspl.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-28 21:55 78,336 -------- c:\windows\system32\ieencode.dll 2009-04-17 02:58 1,846,656 -------- c:\windows\system32\win32k.sys 2009-04-15 08:11 584,192 a------- c:\windows\system32\rpcrt4.dll 2009-02-22 15:45 0 a------- c:\program files\error.dat ============= FINISH: 18:40:30.93 =============== Thanks Attached File(s) Attach_2009_06_20.txt ( 12.91k ) Number of downloads: 5

The weatherman View Member Profile	Jun 21 2009, 06:55 PM Post #2
Bleepin' Perennially Clueless!!! Group: Members Posts: 5,187 Joined: 1-December 07 From: England Member No.: 173,832	You should pm PropagandaPanda and ask him to reopen your topic here:http://www.bleepingcomputer.com/forums/ind...t&p=1308357 as he advised. -------------------- My Father had a profound influence on me, he was a lunatic. X

PropagandaPanda View Member Profile	Jun 21 2009, 08:45 PM Post #3
Group: HJT Team Posts: 6,885 Joined: 10-March 08 Member No.: 195,473	Hello Weatherman, jabroy. For the sake of clearer communication between the three of us, I'll post here rather then send PMs. It would get a bit confusing. @jabroy Please do not post any logs outside of the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal Forum. For future reference, try to only post into the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal Forum if you are sure the machine is infected. @Both Jabroy had PMed me as you had asked. This topic was for another computer. However, looking at the issue being described, and at a brief look at the log, it does not appear to be caused by malware. Thus, I would suggest that jabroy start a new topic in the Windows XP Forum with a description of the issue, without any logs included. This topic could then be closed. Does that sound good? With Regards, The Panda -------------------- If I have been helping you and do not reply within 24 hours, please send me a message.

jabroy View Member Profile	Jun 21 2009, 09:18 PM Post #4
Member Group: Members Posts: 23 Joined: 1-June 09 From: Southern Cal Member No.: 337,896	My mistake for posting logs incorrectly. I thought the log information might be helpful information for whoever would help me. I will post a new topic hopefully in the proper format. Sorry for any confusion. James

Orange Blossom View Member Profile	Jun 21 2009, 11:00 PM Post #5
OBleepin Investigator Group: Moderator Posts: 17,849 Joined: 14-July 06 From: Bloomington, IN Member No.: 76,150	Now that the confusion is cleared, I shall close this topic. Thanks PropagandaPanda for your assistance in clarifying things. Cheers, Orange Blossom -------------------- Orange Blossom An ounce of prevention is worth a pound of cure ESET NOD32, SuperAntiSpyware Pro, SpywareBlaster, Spybot 1.6.2.46, WinPatrol Plus, Sunbelt Personal Firewall - Full, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

« Next Oldest · Misplaced HJT Logs · Next Newest »

Closed Topic

Start new topic

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 02:22 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides

© 2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009 IPS, Inc.