Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HP laptop needs help


  • Please log in to reply
18 replies to this topic

#1 Hibrassmann

Hibrassmann

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 31 December 2008 - 03:50 PM

Hi Guys,
Respect and a shout out to didom for helping me out so much last year when my computer got hit.
You guys were SO helpful last time I thought one of you could take a look at this DSS file and tell me what's going on. My computer has been acting very erratic and crashing a lot lately. Firefox crashes for no reason.
In the last few days my HP wireless assistant icon no longer appears in my system tray. For a couple of days i would get the error message that "HP wireless assistant doesn't work on this machine" error screen when it's been working fine for a long time. So I am unable to view available wireless networks. My Sygate personal firewall has also disappeared from my systray. Windows task manager says both are working but neither will open from the start menu for editing. The wireless card is working but I can't access my firewall or access other wireless networks. I've done several scans using the various free programs listed on this board which have removed a couple of viruses and some spyware but I need an expert's eye. Any suggestions would be greatly appreciated.

Thank you in advance for checking this out and happy new year !
Bill C


DDS (Version 1.1.0) - NTFSx86
Run by Bill Churchville at 11:44:43.81 on Wed 12/31/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.serv...&prodOS=012
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SpywareBlock Class: {0a87e45f-537a-40b4-b812-e2544c21a09f} - c:\program files\spycatcher 2006\SCActiveBlock.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [AnalogClock] c:\program files\analog clock\AnalogClock.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
dRunOnce: [RunNarrator] Narrator.exe
uExplorerRun: [svchost.exe] c:\windows\svchost.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\desktop media\mediadetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spycat~1.lnk - c:\program files\spycatcher 2006\Protector.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: interceptor.dll,c:\progra~1\agnitum\outpos~1.0\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\billch~1\applic~1\mozilla\firefox\profiles\gfdrsjzr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4

============= SERVICES / DRIVERS ===============

RSPR?S?C?P?P?01234RSPR?S?C?P?P?01234

=============== Created Last 30 ================

2008-12-30 12:35 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-30 12:35 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-30 12:35 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-30 12:35 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-25 11:28 <DIR> --d----- C:\Outlook Backup
2008-12-19 14:28 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-19 14:28 1,409 a------- c:\windows\QTFont.for
2008-12-03 21:14 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-02 09:41 <DIR> --d----- c:\program files\r2 Studios

==================== Find3M ====================

2008-12-12 09:33 3,060,224 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-29 19:48 72,272 a------- c:\docume~1\billch~1\applic~1\GDIPFONTCACHEV1.DAT
2008-10-24 03:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 05:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 05:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-15 08:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 01:45 18,432 -------- c:\windows\system32\dllcache\iedw.exe
2008-10-03 02:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 02:15 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-02-29 13:13 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-03-09 22:45 0 a------- c:\docume~1\billch~1\applic~1\wklnhst.dat
2007-02-19 15:40 14 a------- c:\documents and settings\bill churchville\getfile.dat

============= FINISH: 11:58:56.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:06:43 AM

Posted 10 January 2009 - 08:36 PM

Welcome to BC :thumbsup:

Sorry for the delay

Please post a fresh DDS log. Thanks
Microsoft MVP Consumer Security--2007-2010

#3 Hibrassmann

Hibrassmann
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 10 January 2009 - 10:24 PM

Thanks Sjpritch,

I've done a few things since the last post. Let me bring you up to speed.
1. I cannot access system restore. I get an error every time I try. even in safe mode administrator acct.
2. control panel/network connections is blank. will not list net connections.
3. spoke with HP tech support (useless) had me remove and try to reinstall HP wireless assistant. Fail. Keep getting active X error.
4. replaced old firewall with online Armour (free).
5. Can't even run D.S.S. I just get the black screen... and no log ever comes up. processor goes to 100% and just spins.

I'll have to post Hijack this log.. below.
Thanks in advance for any help you can give.

I will continue to try DSS. if successful, I'll post here..
bc

*********************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:37 PM, on 1/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Clock\AnalogClock.exe
C:\Program Files\Desktop Media\mediadetect.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.serv...&prodOS=012
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: HPF5F510 HP0019BBF5F510
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe
O4 - HKCU\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe (User '?')
O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-153893394-2306047840-1661408073-1005 Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe (User '?')
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: Desktop Media.lnk = C:\Program Files\Desktop Media\mediadetect.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\agnitum\outpos~1.0\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Unknown owner - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 8100 bytes

#4 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:06:43 AM

Posted 10 January 2009 - 10:41 PM

Okay, you are certainly infected, but i need you to disable Online Armor cause it will affect our fixes.


Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply with a fresh Hijackthis log too.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.





Please follow post logs from dds too.
thanks
Microsoft MVP Consumer Security--2007-2010

#5 Hibrassmann

Hibrassmann
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 10 January 2009 - 11:34 PM

OK,

did as you requested. caught 2 malware. Still unable to generate dds log.
online armour disabled for scans.

MANY THANKS !!!
bc

Here's MBAM log:
>>>>>>>>>>>>>>>>>>>
Malwarebytes' Anti-Malware 1.32
Database version: 1640
Windows 5.1.2600 Service Pack 2

1/10/2009 8:21:22 PM
mbam-log-2009-01-10 (20-21-22).txt

Scan type: Quick Scan
Objects scanned: 57404
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
<<<<<<<<<<<<<<<<<

Here's hijack log:

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:07 PM, on 1/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Clock\AnalogClock.exe
C:\Program Files\Desktop Media\mediadetect.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.serv...&prodOS=012
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: HPF5F510 HP0019BBF5F510
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe
O4 - HKCU\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe (User '?')
O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-153893394-2306047840-1661408073-1005 Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe (User '?')
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: Desktop Media.lnk = C:\Program Files\Desktop Media\mediadetect.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\agnitum\outpos~1.0\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Unknown owner - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 8160 bytes

#6 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:06:43 AM

Posted 11 January 2009 - 08:37 PM

Note: You may need to unhide hidden files and folders.
Configure Windows XP to show hide hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.



Please DELETE the following file(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

Files:
C:\WINDOWS\svchost.exe <-- this file



Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:

O4 - HKCU\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe (User '?')

2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...


In your next reply, please include a fresh HIjackthis log and let me know how everything is running. Thanks
Microsoft MVP Consumer Security--2007-2010

#7 Hibrassmann

Hibrassmann
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 12 January 2009 - 02:38 AM

Wow, this lil bugger is persistant..

I already had all of the hidden files/folders set to show.

I did a search for svchost.

not present C\WINDOWS\svchost.exe

Search did locate the following files:
C\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf
C\WINDOWS\System32\svchost.exe

I did not delete them because the were not at the root level of C\WINDOWS as indicated in your instructions.
The first of the 2 files was listed as created 12/29/08.. which was right about the time my notebook started having real problems.

Fixed the lines checked in HJT scan as requested and rebooted.

Computer is operating fairly well although slow. still able to access i-net through home wireless.
Control Panel/Network Connections still blank. Does not show wireless connection or LAN.
Haven't tried to access through different wireless network. May try STARBUCKS tomorrow.
I have to go to Vegas for 2 weeks for work on Wed and will need to access other wifi networks.
Haven't been able to reinstall HP Wireless Assistant. Script error.
Networking icons still do not appear in system tray on desktop.

Still cannot access system restore however System restore tab appeared briefly on System Properties page. Does not appear now after trying to access System Restore. Still get error screen. "System Restore is not able to protect your computer. Please restart your computer and then run System Restore again."

Fresh HJT log follows. Online Armour is off for scan.
THANK YOU.
bill

>>>>>>>>>>>>>>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:44 PM, on 1/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Clock\AnalogClock.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Desktop Media\mediadetect.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.serv...&prodOS=012
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: HPF5F510 HP0019BBF5F510
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe
O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-153893394-2306047840-1661408073-1005 Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe (User '?')
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: Desktop Media.lnk = C:\Program Files\Desktop Media\mediadetect.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\agnitum\outpos~1.0\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Unknown owner - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 7923 bytes

#8 Hibrassmann

Hibrassmann
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 12 January 2009 - 12:03 PM

HI SJ,

The system seems to be getting more unstable.
It will no longer hibernate.
Shutdown hangs up .
It seems like when it boots the system hangs and does not show the desktop unless the wireless card is ON. strange!
explorer seems to be hanging up on boot and shutdown.

Still can't run DSS
I don't have to tell you how good a new macbook is looking right about now.

bc

Here's a new HJT scan this am.
online armour is ON.
>>>>>>>>>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:26 AM, on 1/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Analog Clock\AnalogClock.exe
C:\Program Files\Desktop Media\mediadetect.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.serv...&prodOS=012
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: HPF5F510 HP0019BBF5F510
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe
O4 - HKUS\S-1-5-21-153893394-2306047840-1661408073-1005\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-153893394-2306047840-1661408073-1005 Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe (User '?')
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: Desktop Media.lnk = C:\Program Files\Desktop Media\mediadetect.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\agnitum\outpos~1.0\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Unknown owner - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 8117 bytes

#9 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:06:43 AM

Posted 12 January 2009 - 06:23 PM

I wonder if its a problem with Online Armour and Avast. Uninstall Avast and AVG let me know how everything is running. If you notice a difference let me know.
Microsoft MVP Consumer Security--2007-2010

#10 Hibrassmann

Hibrassmann
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 12 January 2009 - 10:05 PM

Hey SJ,
I uninstalled AVG.
Avast free is the only antivirus program I have on the computer. I'm using Online Armour free firewall and this version doesn't have antivirus built in. If I remove Avast. I'll need another antivirus.
Can you recommend one from your bleeping computer freeware replacements that won't conflict with Online Armour??
bc

#11 Hibrassmann

Hibrassmann
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 12 January 2009 - 10:50 PM

after uninstalling AVG things are running better. Hibernate is working. Still can't access system restore and network connections is blank. It wont let me access current network. Wireless is working and I am able to connect to home network.

#12 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:06:43 AM

Posted 12 January 2009 - 11:55 PM

When you ope My Computer ---> On the left pane, click on My Network Places, click on Connections and le me know what is displayed. thanks
Microsoft MVP Consumer Security--2007-2010

#13 Hibrassmann

Hibrassmann
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 13 January 2009 - 12:07 AM

It shows a small icon that looks like a TV set entitled HPF5F510.
When I clicked on properties/general tab it lists my HP C-6100 wireless printer. Nothing else.. although the wiress card is working and the ethernet connection is working. bc

#14 Hibrassmann

Hibrassmann
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 13 January 2009 - 01:27 AM

Heeeyyyy!

I finally got a dss report..
Still haven't removed avast!. Concerned about having no antivirus protection..
Online Armour was on for this scan..

Here's the DSS..
The attach.txt is attached.

thanks..bc
>>>>>>>>>>>>>>>

DDS (Ver_09-01-07.01) - NTFSx86
Run by Bill Churchville at 21:39:22.89 on Mon 01/12/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion:

1.6.0_11

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&

pf=laptop
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext =

https://register.hp.com/servlet/WebReg.serv...s.ProdReg1Servl

et?

appID=java_wreg_wreg_genpg&modelID=EP346UA&product

_full_name=HP%20Pavilion%

20dv1000&PROD_SERIAL_ID=CNF6031K4K&PURCH_DT_

MONTH=02&PURCH_DT_DAY=25&PURCH_DT_YEAR=20

06&gwCountry=US&language=EN&prodOS=012
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-

b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0

\activex\AcroIEHelper.dll
BHO: SpywareBlock Class: {0a87e45f-537a-40b4-b812-

e2544c21a09f} - c:\program files\spycatcher 2006

\SCActiveBlock.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-

b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-

b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-

bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-

bc86-eabfe594f69c} - c:\program files\java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AnalogClock] c:\program files\analog

clock\AnalogClock.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6

\bin\jusched.exe"
mRun: [SpyCatcher Reminder] "c:\program files\spycatcher

2006\SpyCatcher.exe" reminder
mRun: [IntelliPoint] "c:\program files\microsoft

intellipoint\ipoint.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch

buttons\EabServr.exe /Start
mRun: [SynTPLpr] c:\program

files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program

files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online

armor\oaui.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\billch~1\startm~1

\programs\startup\schedu~1.lnk - c:\program files\spycatcher

2006\Scheduler daemon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1

\programs\startup\deskto~1.lnk - c:\program files\desktop

media\mediadetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1

\programs\startup\hotsyn~1.lnk - c:\program

files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1

\programs\startup\micros~1.lnk - c:\program files\microsoft

office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1

\programs\startup\spycat~1.lnk - c:\program files\spycatcher

2006\Protector.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4

\office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth

software\btsendto_ie_ctx.htm
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D}

- c:\program files\common files\microsoft shared\web

folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-

1830C7DD7F5D} - c:\progra~1\common~1

\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program

files\superantispyware\SASWINLO.dll
AppInit_DLLs: interceptor.dll,c:\progra~1\agnitum\outpos~1.0

\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-

94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-

39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4

\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a

-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-

037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\billch~1\applic~1

\mozilla\firefox\profiles\gfdrsjzr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage -

hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-10 20:13 <DIR> --d----- c:\docume~1

\billch~1\applic~1\Malwarebytes
2009-01-10 20:13 15,504 a-------

c:\windows\system32\drivers\mbam.sys
2009-01-10 20:13 38,496 a-------

c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 20:13 <DIR> --d----- c:\program

files\Malwarebytes' Anti-Malware
2009-01-10 20:13 <DIR> --d----- c:\docume~1

\alluse~1\applic~1\Malwarebytes
2009-01-10 11:38 <DIR> --d----- c:\docume~1

\billch~1\applic~1\OnlineArmor
2009-01-10 11:38 <DIR> --d----- c:\docume~1

\alluse~1\applic~1\OnlineArmor
2009-01-10 11:37 178,376 a-------

c:\windows\system32\drivers\OADriver.sys
2009-01-10 11:37 30,920 a-------

c:\windows\system32\drivers\OAmon.sys
2009-01-10 11:37 28,872 a-------

c:\windows\system32\drivers\OAnet.sys
2009-01-10 11:37 <DIR> --d----- c:\program files\Tall

Emu
2009-01-10 11:37 <DIR> --d----- C:\OnlineArmor
2009-01-10 11:09 81,920 a-------

c:\windows\system32\Startup.cpl
2009-01-06 23:36 552 a-------

c:\windows\system32\d3d8caps.dat
2008-12-30 12:35 <DIR> --d----- c:\program

files\TeaTimer (Spybot - Search & Destroy)
2008-12-30 12:35 <DIR> --d----- c:\program

files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-30 12:35 <DIR> --d----- c:\program

files\SDHelper (Spybot - Search & Destroy)
2008-12-30 12:35 <DIR> --d----- c:\program files\File

Scanner Library (Spybot - Search & Destroy)
2008-12-25 11:28 <DIR> --d----- C:\Outlook Backup
2008-12-19 14:28 54,156 a---h---

c:\windows\QTFont.qfn
2008-12-19 14:28 1,409 a-------

c:\windows\QTFont.for

==================== Find3M ====================

2008-12-12 09:33 3,060,224 --------

c:\windows\system32\dllcache\mshtml.dll
2008-12-03 21:14 410,984 a-------

c:\windows\system32\deploytk.dll
2008-10-29 19:48 72,272 a------- c:\docume~1

\billch~1\applic~1\GDIPFONTCACHEV1.DAT
2008-10-24 03:10 453,632 --------

c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 05:01 283,648 a-------

c:\windows\system32\gdi32.dll
2008-10-23 05:01 283,648 --------

c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a-------

c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a-------

c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a-------

c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a-------

c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a-------

c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a-------

c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a-------

c:\windows\system32\dllcache\wups.dll
2008-10-15 08:57 332,800 --------

c:\windows\system32\dllcache\netapi32.dll
2008-10-15 01:45 18,432 --------

c:\windows\system32\dllcache\iedw.exe
2008-02-29 13:13 32 a------- c:\docume~1

\alluse~1\applic~1\ezsid.dat
2007-03-09 22:45 0 a------- c:\docume~1

\billch~1\applic~1\wklnhst.dat
2007-02-19 15:40 14 a------- c:\documents and

settings\bill churchville\getfile.dat

============= FINISH: 22:20:42.64 ===============

Attached Files



#15 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:06:43 AM

Posted 13 January 2009 - 06:22 PM

Go to Start ---> Control Panel ---> Click on Network Connections

Let me know what's displayed.
Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users