Jump to content


Photo
- - - - -

Help!! i cant find the intruder...


  • This topic is locked This topic is locked
119 replies to this topic

#41 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 20 August 2010 - 10:34 AM

Okay, at least that is good.

OTL
-----
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    netsvcs
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\Tasks\at*.job
  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#42 Petesnewjob

Petesnewjob

    Regular Member

  • Honorary Members
  • PipPip
  • 78 posts

Posted 20 August 2010 - 11:40 AM

a few things to mention from yesterday...

i rebooted about 12 times. all were as before. no lock up and shut down, but not right. i open processes and watch it go from 78 to 82 running, cpu usage from 3% to pinned at 100%. even if i have nothing open.

network meter did something strange again.... Ext. IP showed ' Checking (-1) ' . when i open a browser, i get the numbers 70.xxx.xx.xxx, etc(i put in the x's) i've never seen that one before

i tryed something yesterday as well, when i reboot and fan turns on, if i wait til the fan stops before i put in my password(2-3 minutes) then i dont have a warning on my avast icon when the desktop opens.

i dont know if i'm being overly cautious at this point or if these mean something.

OTL as requested. Thanks Elise!


OTL logfile created on: 8/20/2010 9:14:31 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\BedigandMary\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.65 Gb Total Space | 148.65 Gb Free Space | 67.07% Space Free | Partition Type: NTFS
Drive D: | 11.24 Gb Total Space | 1.83 Gb Free Space | 16.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEDIGANDMARY-PC
Current User Name: BedigandMary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/20 09:12:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe
PRC - [2010/07/24 23:36:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/08/20 09:12:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe
MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/03/18 16:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/02/12 13:05:54 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 12:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/06/28 13:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/23 02:16:34 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/10/23 02:16:34 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2008/06/12 11:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/06/04 10:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/04/15 03:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/11 10:56:28 | 000,125,328 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/03/27 12:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 12:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 15:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/13 08:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2008/01/31 16:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/01/24 06:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 19:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 19:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/10/15 03:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/09 19:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/08/17 12:48:08 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 03:12:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/24 23:36:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/24 23:36:54 | 000,000,000 | ---D | M]

[2010/03/20 20:08:13 | 000,000,000 | ---D | M] -- C:\Users\BedigandMary\AppData\Roaming\Mozilla\Extensions
[2010/08/19 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\BedigandMary\AppData\Roaming\Mozilla\Firefox\Profiles\a11mwgv3.default\extensions
[2010/04/28 14:48:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\BedigandMary\AppData\Roaming\Mozilla\Firefox\Profiles\a11mwgv3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/04 08:19:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/04 16:22:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/04 08:19:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SymLnch] C:\Program Files (x86)\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\BedigandMary\Pictures\dogs pics blackberry 7-28-2010\IMG00169.jpg
O24 - Desktop BackupWallPaper: C:\Users\BedigandMary\Pictures\dogs pics blackberry 7-28-2010\IMG00169.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/20 09:12:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe
[2010/08/13 11:07:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/13 11:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/11 11:14:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2010/08/11 10:40:26 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 10:40:19 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 10:40:04 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 10:40:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 10:39:51 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/08/11 10:39:51 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 10:39:50 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/08/11 10:39:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 10:39:50 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010/08/11 10:39:50 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/08/11 10:39:49 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/08/11 10:39:49 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/08/10 14:28:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/04 19:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/08/04 08:19:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/08/04 08:19:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/08/04 08:19:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/08/03 20:17:47 | 000,000,000 | ---D | C] -- C:\Users\BedigandMary\AppData\Roaming\Template

========== Files - Modified Within 30 Days ==========

[2010/08/20 09:14:07 | 002,097,152 | -HS- | M] () -- C:\Users\BedigandMary\NTUSER.DAT
[2010/08/20 09:12:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\BedigandMary\Desktop\OTL.exe
[2010/08/20 08:31:36 | 000,083,456 | ---- | M] () -- C:\Users\BedigandMary\Desktop\ITS_CCC_Instr_Reg_LVMS2010.doc
[2010/08/20 08:12:24 | 000,000,290 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/08/20 08:10:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/20 08:10:38 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/20 08:10:38 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/20 08:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/20 08:10:28 | 4256,133,120 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/19 19:12:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/19 19:12:14 | 000,524,288 | -HS- | M] () -- C:\Users\BedigandMary\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/08/19 19:12:14 | 000,065,536 | -HS- | M] () -- C:\Users\BedigandMary\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/08/19 19:12:10 | 001,325,818 | -H-- | M] () -- C:\Users\BedigandMary\AppData\Local\IconCache.db
[2010/08/19 15:49:28 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4F54C0B5-B365-4AD8-9FC0-6DCF103A51F6}.job
[2010/08/18 09:48:06 | 000,016,041 | ---- | M] () -- C:\Users\BedigandMary\Desktop\dump0.dat
[2010/08/18 05:37:12 | 516,199,211 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/17 18:21:54 | 000,000,577 | ---- | M] () -- C:\Users\BedigandMary\Desktop\MBRCheck - Shortcut.lnk
[2010/08/17 12:48:08 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/08/17 12:47:14 | 000,133,632 | ---- | M] () -- C:\Users\BedigandMary\Desktop\RKUnhookerLE.EXE
[2010/08/13 11:07:45 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/12 11:53:39 | 000,000,732 | ---- | M] () -- C:\Users\BedigandMary\AppData\Local\d3d9caps64.dat
[2010/08/11 11:15:46 | 000,698,690 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/11 11:15:46 | 000,599,826 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/11 11:15:46 | 000,103,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/11 11:13:17 | 000,873,310 | ---- | M] () -- C:\Windows\SysNative\oem24.inf
[2010/08/11 10:52:14 | 000,314,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/05 09:27:48 | 000,075,456 | ---- | M] () -- C:\Users\BedigandMary\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/03 20:17:45 | 000,000,000 | ---- | M] () -- C:\Users\BedigandMary\AppData\Roaming\wklnhst.dat
[2010/08/03 20:17:04 | 000,019,456 | ---- | M] () -- C:\Users\BedigandMary\Documents\Label3.doc
[2010/08/03 20:16:48 | 000,061,440 | ---- | M] () -- C:\Users\BedigandMary\Documents\PAULS WATCH REPAIR.doc
[2010/08/03 20:16:42 | 000,043,008 | ---- | M] () -- C:\Users\BedigandMary\Documents\Pauls watch repair big.doc

========== Files Created - No Company Name ==========

[2010/08/20 08:31:35 | 000,083,456 | ---- | C] () -- C:\Users\BedigandMary\Desktop\ITS_CCC_Instr_Reg_LVMS2010.doc
[2010/08/18 09:48:06 | 000,016,041 | ---- | C] () -- C:\Users\BedigandMary\Desktop\dump0.dat
[2010/08/17 18:21:54 | 000,000,577 | ---- | C] () -- C:\Users\BedigandMary\Desktop\MBRCheck - Shortcut.lnk
[2010/08/17 12:48:08 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/08/17 12:47:13 | 000,133,632 | ---- | C] () -- C:\Users\BedigandMary\Desktop\RKUnhookerLE.EXE
[2010/08/17 00:41:08 | 4256,133,120 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/17 00:41:08 | 4256,133,120 | -HS- | C] () --
[2010/08/13 11:07:45 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 21:08:05 | 000,000,732 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\d3d9caps64.dat
[2010/08/11 11:13:36 | 000,873,310 | ---- | C] () -- C:\Windows\SysNative\oem24.inf
[2010/08/10 14:28:17 | 516,199,211 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/03 20:17:45 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Roaming\wklnhst.dat
[2010/08/03 20:17:04 | 000,019,456 | ---- | C] () -- C:\Users\BedigandMary\Documents\Label3.doc
[2010/08/03 20:16:47 | 000,061,440 | ---- | C] () -- C:\Users\BedigandMary\Documents\PAULS WATCH REPAIR.doc
[2010/08/03 20:16:41 | 000,043,008 | ---- | C] () -- C:\Users\BedigandMary\Documents\Pauls watch repair big.doc
[2010/04/19 10:59:21 | 000,006,144 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/26 04:08:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/03/26 04:07:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/03/20 19:55:51 | 000,427,144 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistMSI3630.txt
[2010/03/20 19:55:50 | 000,011,626 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistUI3630.txt
[2010/03/20 19:30:15 | 000,002,402 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistMSI2284.txt
[2010/03/20 19:30:08 | 000,125,744 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\dd_vcredistUI2284.txt
[2010/03/20 19:04:07 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\QSwitch.txt
[2010/03/20 19:04:07 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\DSwitch.txt
[2010/03/20 19:04:07 | 000,000,000 | ---- | C] () -- C:\Users\BedigandMary\AppData\Local\AtStart.txt
[2010/03/20 15:11:10 | 000,000,366 | -H-- | C] () -- \IPH.PH
[2010/03/20 13:39:18 | 274,755,583 | -HS- | C] () --
[2008/02/08 01:51:02 | 000,333,257 | RHS- | C] () -- \bootmgr
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/12/01 23:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Tasks\at*.job >
< End of report >

#43 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 20 August 2010 - 12:25 PM

I see a few small things that still need fixed, but nothing important. Its possible your Avast shows the warning sign as long as your connection isn't initialized properly so it can't connect to its update site (I'm using Avast myself and observe the same thing).

OTL FIX
------------
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :otl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    
    :commands
    [emptytemp]
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the ESET smart install icon on your desktop.
  • Check Accept Terms.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  • Push the Posted Image button.
  • Push Posted Image

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#44 Petesnewjob

Petesnewjob

    Regular Member

  • Honorary Members
  • PipPip
  • 78 posts

Posted 20 August 2010 - 01:01 PM

im on my other laptop..

rebooted after OTL,
no fan right away(good sign) i entered password, went to a black screen for a bit, assuming from whatever OTL accomplished/did/etc..no prob. but when desktop appeared, the log OTL log is there and open but so is 'Update Adobe Flash Player' box. i stopped. have not touched it since.

is it safe to continue?

#45 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 20 August 2010 - 01:03 PM

Yes, please continue with that.

Does it run fine otherwise?
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#46 Petesnewjob

Petesnewjob

    Regular Member

  • Honorary Members
  • PipPip
  • 78 posts

Posted 20 August 2010 - 01:10 PM

yes, similar to yesterdays 2 smooth startups ;)

here is the OTL, starting Eset now...

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: BedigandMary
->Temp folder emptied: 51490879 bytes
->Temporary Internet Files folder emptied: 1697615 bytes
->Java cache emptied: 12399922 bytes
->FireFox cache emptied: 59952940 bytes
->Flash cache emptied: 111073 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36902408 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 250561 bytes

Total Files Cleaned = 155.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08202010_104247

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#47 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 20 August 2010 - 01:30 PM

Okay, I'll wait for ESET. ;)
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#48 Petesnewjob

Petesnewjob

    Regular Member

  • Honorary Members
  • PipPip
  • 78 posts

Posted 20 August 2010 - 02:50 PM

C:\HP\HPQWare\aim_icq\triton_de_de\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_en_gb\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_es_es\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_fr_fr\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_it_it\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
C:\HP\HPQWare\aim_icq\triton_nl_nl\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

#49 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 20 August 2010 - 03:05 PM

Hi, thats looking great. If you have no other problems left, you're good to go. ;)

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean ;)

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
  • Start OTL and click the Cleanup button. This will remove all tools and logs we used. Allow a reboot.
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#50 Petesnewjob

Petesnewjob

    Regular Member

  • Honorary Members
  • PipPip
  • 78 posts

Posted 20 August 2010 - 05:17 PM

thank you for all your help Elise!!! computer is running better, although i dont think its completely clean. i ran OTL but it didnt clean files or programs off my desktop(eset, mbr check, rku unhook) OTL is gone though. did i forget to check something?

can i try anything else?

also, what was it(this infection)?? i tryed to do a search and found 5 or so topics w google. nothing had any sort of explanation(i opened only 2, didnt trust the other websites)

again, thanks for all your help!!! ;)

#51 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 21 August 2010 - 01:33 AM

Hi, you can uninstall ESET using add/remove programs (it has a small applet installed).
MBRCheck and RKU are "new" tools so to say, so I think thats why they are not yet added to OTL's cleaning routine. You can just delete them.

Why do you think your computer is not yet clean?

As for the infection, its difficult to say; I asked MBRcheck's developper who told me 64 bit machines rarely have MBR infections and that it is quite possible this was a glitch.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#52 Petesnewjob

Petesnewjob

    Regular Member

  • Honorary Members
  • PipPip
  • 78 posts

Posted 21 August 2010 - 12:49 PM

good morning Elise!

in hopes of not being reduntant. same as before, but a little better. ok, after proofreading, its redundant, sorry... ;)

here are my concerns...

during reboot, it seams that a program opens and blocks other programs. (in a nutshell) avast has warning on it, my internet connection has a red x on it(basically not ready)... these would all make sense if it was not connected to the internet yet, but thanks to my gadgets, i know the weather outside, watch the activity meter jump from 4%, 100%, 40%, 15%, 100%, and so on. working hard. yesterday after one of my many reboots my phisical memory was calmly (very reboot) at 37-40%. a few hours later i decided to check...i had nothing open, but my phisical memory was at 68% and usage was 25 too 80ish%, averaging around 55. i rebooted and usage went back down.

i decided to run an mbam scan. before i did, i checked if its been updated..my last update was on 8-13(doesnt it update itself?) so i updated and ran scan. clean. checked protection log, 1 IP Block.

just in case you want to see it...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4453

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/20/2010 4:25:13 PM
mbam-log-2010-08-20 (16-25-13).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 294528
Time elapsed: 1 hour(s), 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:

08:14:27 BedigandMary MESSAGE Protection started successfully
08:14:31 BedigandMary MESSAGE IP Protection started successfully
10:48:54 BedigandMary MESSAGE Protection started successfully
10:48:58 BedigandMary MESSAGE IP Protection started successfully
14:29:23 BedigandMary MESSAGE Protection started successfully
14:29:26 BedigandMary MESSAGE IP Protection started successfully
14:39:00 BedigandMary MESSAGE Protection started successfully
14:39:04 BedigandMary MESSAGE IP Protection started successfully
15:19:49 BedigandMary MESSAGE IP Protection stopped
15:19:53 BedigandMary MESSAGE Database updated successfully
15:19:53 BedigandMary MESSAGE IP Protection started successfully
20:05:44 BedigandMary MESSAGE Protection started successfully
20:05:47 BedigandMary MESSAGE IP Protection started successfully




ran Avast(my full complete custom scan) came back clean. i open logs, avast shows the same password protected files as before, again. (the ones i never had) i would post them but i cannot click anything but close on the avast log page.

SwSetup\SPFS\setup.exe|>slingplayer\library/us.spl|........(add one of many). png or tif or xml ...error: Archive is password protected(42056)

after both were done, i rebooted. once on, i face same issues. i could not open task manager, computer froze. rather than rebooting it then, i decide to leave it be. woke up this morning, touched the mouse, screen lights up and the arrow is still thinking... i give it a few minutes, manually reboot, computer shuts off but turned on w a black screen that didnt go away. i gave it at least 5 minutes to allow it time, but was forced to manually reboot again. 2nd reboot everything turned on, quite fast actually. so fast that while i started this post, the int logo has a red x("wlan turned on" usually follows avast's vocal "system's secure") but im already typing to you and i know what the temp is outside. Avast has warning on it and internet supposedly is not connected yet. avast tells me im secure, int logo tell me no internet, but i have internet running, typing, gadgets up and running even before i opened moz browser. 'after' i open a browser WLAN pop up 'enabled' avast, 'your secure' and sometimes, like today, i was typing for at least 5 minutes before the wlan icon showed enabled and red x went away.

if the wlan is not enabled, how is it that options that use the internet are running? or i open a page/browser? obviously by now the computer shows normal(earth on int logo, avast has no warning)

i will say its running better though Elise, and its all thanks to you!!! with out your help and guidance, i could never have done any of this. You and this forum are such a HUGE, HUGE asset and help to us(regular guys & gals)....Thank you again and again!

once this comp gets the official "Clean" , i'm buying and installing malwarebytes on my acer netbook(next on the clean up list)

much appreciated Elise!

#53 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 21 August 2010 - 02:28 PM

I don't see the IP block you are referring to. ;) Only the start/stop/update lines.

As for your problem, that sounds as a hardware problem, not software. I wouldn't be surprised its related to your Network Adapter. Its normal it takes a bit for your connection to enable, this is normal.

Also the memory usage is quite normal. Many background tasks are scheduled to run when the system is idle (like updating/checking for updates for various applications).
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#54 Petesnewjob

Petesnewjob

    Regular Member

  • Honorary Members
  • PipPip
  • 78 posts

Posted 22 August 2010 - 11:59 AM

good morning Elise!

i will list my issues. again, i'm sorry if redundant(maybe i'm not explaining myself correctly)

1. if computer turns on and my gadget shows the temp and weather outside, isnt the interent working????

2. when i manually rebooted yesterday after a crash, Adobe Reader icon showed up next to avast(bottom right of screen) update is ready to be installed dialog box popped up. i did not open it but did scroll over it(did NOT say which update version) i open internet go to adobe.com, click update, shows 9.3.4 as new update, and i read somewhere 8.2.4 has vulnerabilities. HUGE mistake and completely my fault, i chose to install off my computer icon(assuming i'm safe). well, 8.2.4 installed..., cant uninstall it, and cant install 9.3.4. when attempting removal i get an unusual questions.. "are you sure you want to remove adobe 8.2.4" with a check box for "dont ever ask me again" i ignore that but proceed w removal. about a minute into it i get a security warning box asking me to either 'allow' or 'cancel' this 'Unknown Publishers' access. "an unidentified publisher wants access to your computer" i check details of this Unknown Publisher. (Adobe cant be Unknown, right?)

Details:
Unknown Publisher
Update
8.2.4
Adobe Systems Incorporated

i cancel. how could Adobe have an 'Unknown Publisher'? i did research, and 8.2.4 has many vulnerabilities and i am not the only one going through this(did a search)new version was released 8-19

3. my system has locked up and needed manual reboot 3 times since yesterday. yet i've barely used it.

4. i've had 4 security warnings since yesterday. (w black screen, just like my other explanations)

5. task manager wont open without a crash or security warning. (same as my other explanations) i think i opened it successfully a few times without any odd affects.

6. network meter shows IP: 1x2.xxx.x.xxx(i put in x's) under it Ext IP: 70.xxx.xx.xxx(x's me). question: when 1st booted, before avast security warning goes away and my wlan connects, Ext IP shows "checking (-1)" once avast and wlan show running/etc, the numbers appear. What is 'checking(-1)"??

7. how do my gadgets work if wlan is not connected?

8. how can i open a browser when wlan is not connected adn avast shows ...(next, number 9)

9. how does avast go from Mail Shield, Web Shield and Security Shield TURNED OFF to all systems secure?

i understand what you explained to me earlier, but it doesnt make sense(to me anyway).... how does it need time to connect to the internet, when its already on? why do i get the WLAN box open telling me im now connected, when i've been watching the network meter's activity and weather?(doesnt that mean its on???) not to mention sometimes i already have a browser open...

10. i never had password protected files when running avast(before this infection). they are all still there adn i cant do anything about them. the only button that works on the log page is "close". i've been using Avast for at least 6 months... one of my signs of infection is/was the random and unexpected password protected files.

11. i removed all programs and logs from my desktop and uninstalled our tools used. cleared Recycle bin. cleared downloads folder.

i will continue to research my Adobe Reader issue as i wait for your reply. i did successfully remove Adobe Flash 10 and installed 10.1

Thanks for everything Elise! ;)

#55 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 22 August 2010 - 01:21 PM

Hi first of all, that adobe issue is nromal. Adobe reader had a new update yesterday (got one myself as well ^_^). Adobe can fairly well be an unknown publisher. Many companies don't digitally sign their files.

What other security warnings did you get besides the one you quoted (which was from Adobe and could be allowed).

As for Avast, during startup, the program initializes, which means its services are starting up. Unless that is finished, it will show as not protecting your system.

You mention your system locked up, can you give me a bit more details as to when?
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#56 Petesnewjob

Petesnewjob

    Regular Member

  • Honorary Members
  • PipPip
  • 78 posts

Posted 22 August 2010 - 02:59 PM

computer locked yesterday twice and once this morning. the computer has been running since yesterdays lock/manual reboot, so i just touch the mouse and give it a minute to boot up. open moz and the arrow started thinking. i gave it a minute and hit Crtl alt del,.....black screen, arrow is thinking, few minutes later windows security warning dialog box opens "" red X- security failure(center of dialog page) "" i exit by either clicking the red x on the top right, or cancel/exit(even tryed hitting ok a few days ago, all w same result). then it goes back to my desktop, but no task manager opens, not even the blue page which gives me the option to choose, just back to desktop, with the thinking wheel.. i can leave it like that for a day, or 5 minutes, end result is always the same, i have to manually reboot its done this 3 or 4 times since yesterday, and honestly, this is exactly what it was doing before. wont let me open my task manager.

i erased all programs and loggs to recycle bin. one freeze happened right before i did this yesterday. all i did is try and move my recycle bin closer to the files(so i can drag and drop easier) but froze as soon as i dragged it(it didnt even move, just started thinking) screen went shadow white adn i was forced to reboot manually.

once rebooted, i tryed it again. worked. i moved the recycle bin and deleted all shortcuts. went into programs and deleted/uninstalled. went to downloads and deleted all. restarted computer. seemed fine. today i wake up, touch mouse, desktop opens. click moz browser, arrow back to thinking, then black screen, ctrl alt del didnt work, security warning again. manual reboot again.

As for Avast, during startup, the program initializes, which means its services are starting up. Unless that is finished, it will show as not protecting your system.

regarding avast...i have it open right now.....its blank..... telling me to install adobe flash... i did, yesterday. just checked my programs and flash is installed.... and i did reboot a few times....

again, where did the password protected files come from????? prior to this, i NEVER had password protected files.

a few days back you had me do some sort of restore/cleanup, that is the only 2 startups i've had that did NOT show my avast unprotected.(only 2 normal startups i've had...) i just dont understand how my internet is on, but avast has not initialized. how can i open it, see my shields down, but NOT be able to do anything about it? how does it tell me(verbally through my speakers, and visually w a green dialog box) that my system is secure, when i see a warning on the icon and have the program open looking at the 'fix all' button(which does NOTHING when pressed)

im sure im being a bit to skeptical on some of these issues, but i feel as if i'm back at square one....

********i just had to restart again. i hit preview post, comp locked(black screen). task manger didnt open. waited a few minutes and had to manually reboot. i started sending this as avast shows warning and wlan hasnt opened, but browser is open, i'm typing.?. luckily now i copy my page before i do anything........just in case this happens...

i dont understand ^_^

its never crashed so much....

#57 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 22 August 2010 - 03:13 PM

Lets first check for a common bug:


UPLOAD A FILE
--------------------
We need to check a file. Please click this link VirusTotal

When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

c:\windows\explorer.exe

If you get the message that the file has already been scanned before, please click Reanalyse file now.
Please post back the results of the scan in your next post.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#58 Petesnewjob

Petesnewjob

    Regular Member

  • Honorary Members
  • PipPip
  • 78 posts

Posted 22 August 2010 - 03:38 PM

didnt know if you needed the additiona info, so i added it anyway.

thanks again!


0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
explorer.exe
Submission date:
2010-08-22 20:33:15 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 40 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.08.22.00 2010.08.21 -
AntiVir 8.2.4.38 2010.08.20 -
Antiy-AVL 2.0.3.7 2010.08.16 -
Authentium 5.2.0.5 2010.08.22 -
Avast 4.8.1351.0 2010.08.22 -
Avast5 5.0.332.0 2010.08.22 -
AVG 9.0.0.851 2010.08.22 -
BitDefender 7.2 2010.08.22 -
CAT-QuickHeal 11.00 2010.08.21 -
ClamAV 0.96.2.0-git 2010.08.22 -
Comodo 5821 2010.08.22 -
DrWeb 5.0.2.03300 2010.08.22 -
Emsisoft 5.0.0.37 2010.08.22 -
eSafe 7.0.17.0 2010.08.22 -
eTrust-Vet 36.1.7804 2010.08.21 -
F-Prot 4.6.1.107 2010.08.22 -
F-Secure 9.0.15370.0 2010.08.22 -
GData 21 2010.08.22 -
Ikarus T3.1.1.88.0 2010.08.22 -
Jiangmin 13.0.900 2010.08.21 -
Kaspersky 7.0.0.125 2010.08.22 -
McAfee 5.400.0.1158 2010.08.22 -
Microsoft 1.6103 2010.08.22 -
NOD32 5386 2010.08.22 -
Norman 6.05.11 2010.08.22 -
nProtect 2010-08-22.01 2010.08.22 -
Panda 10.0.2.7 2010.08.22 -
PCTools 7.0.3.5 2010.08.22 -
Prevx 3.0 2010.08.22 -
Rising 22.61.06.04 2010.08.22 -
Sophos 4.56.0 2010.08.22 -
Sunbelt 6776 2010.08.22 -
SUPERAntiSpyware 4.40.0.1006 2010.08.22 -
Symantec 20101.1.1.7 2010.08.22 -
TheHacker 6.5.2.1.353 2010.08.22 -
TrendMicro 9.120.0.1004 2010.08.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.22 -
VBA32 3.12.14.0 2010.08.20 -
ViRobot 2010.8.18.3995 2010.08.22 -
VirusBuster 5.0.27.0 2010.08.21 -
Additional information
Show all
MD5 : d07d4c3038f3578ffce1c0237f2a1253
SHA1 : 4b3bd605b63749ff255e048ca6f27aff95aec24a
SHA256: 135dd05678c8997b45982d77298dbdd98061c9d4fe43d77866846012eb061a04
ssdeep: 24576:5d8uxOc/QpDk5pGYCW5uXSA7jTeFadRsxFb/g/J/ulZl:TOcLC8A7/eFwY3l/
File size : 2926592 bytes
First seen: 2009-05-24 18:27:11
Last seen : 2010-08-22 20:33:15
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Explorer
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x25E33
timedatestamp....: 0x49E01DA5 (Sat Apr 11 04:33:41 2009)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x6BD15, 0x6BE00, 6.42, 65eba3253a27a14fe8b3534030b7be61
.data, 0x6D000, 0x2164, 0x2000, 0.83, 8d2597b8ca27314e6e6987b53b153d90
.rsrc, 0x70000, 0x2566A0, 0x256800, 7.04, e9c988e2d7bc4683dcec8a4fcb4b5c6d
.reloc, 0x2C7000, 0x5A20, 0x5C00, 6.74, a3b567255330d05abe32eb8a34f61792

[[ 19 import(s) ]]
ADVAPI32.dll: RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, EventUnregister, EventRegister, GetUserNameW, RegDeleteValueW, RegEnumKeyExW, RegQueryInfoKeyW, TraceMessage, RegOpenKeyW, RegEnumKeyW, RegEnumValueW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, QueryServiceStatus, CheckTokenMembership, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, ConvertSidToStringSidW, StartServiceW, CreateWellKnownSid
KERNEL32.dll: GetSystemTime, GetFileAttributesW, FindClose, FindNextFileW, FindFirstFileW, GetLocalTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, FlushInstructionCache, RaiseException, GetSystemWindowsDirectoryW, SetLastError, ReadFile, GetFileSize, CreateFileW, InterlockedCompareExchange, LoadLibraryA, SystemTimeToFileTime, ExpandEnvironmentStringsW, GlobalGetAtomNameW, MultiByteToWideChar, GetEnvironmentVariableW, GetCurrentProcessId, GetModuleHandleW, lstrlenW, OpenEventW, SetEvent, GetBinaryTypeW, EnterCriticalSection, LeaveCriticalSection, GetSystemTimeAsFileTime, CompareFileTime, GlobalFree, GetTickCount, MulDiv, GetUserDefaultLangID, GetPrivateProfileIntW, GetCurrentThread, GetThreadPriority, GetCurrentThreadId, SetThreadPriority, CompareStringOrdinal, lstrcmpiW, HeapSetInformation, SetErrorMode, CreateMutexW, ReleaseMutex, GetTimeZoneInformation, SetFilePointer, SetProcessShutdownParameters, GetSystemDirectoryW, CreateEventW, SetTermsrvAppInstallMode, RegisterApplicationRestart, ExitProcess, GetModuleFileNameW, GetPrivateProfileStringW, HeapDestroy, InitializeCriticalSection, DeleteCriticalSection, GetCurrentProcess, GetProcessHeap, HeapAlloc, QueryPerformanceFrequency, GetFileAttributesExW, QueueUserWorkItem, GetLongPathNameW, GetProcessTimes, TerminateThread, GetProcessId, CreateIoCompletionPort, GetQueuedCompletionStatus, GetWindowsDirectoryW, FormatMessageW, QueryFullProcessImageNameW, GlobalAlloc, DuplicateHandle, GetCurrentDirectoryW, WideCharToMultiByte, WriteFile, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, GetUserDefaultUILanguage, LoadLibraryW, GetProcAddress, FreeLibrary, WaitForSingleObject, CreateProcessW, GetCommandLineW, GetStartupInfoW, CreateThread, AssignProcessToJobObject, ResumeThread, Sleep, QueryInformationJobObject, LocalAlloc, LocalFree, CloseHandle, OpenProcess, SetPriorityClass, GetPriorityClass, CreateJobObjectW, SetInformationJobObject, GetLastError, InterlockedDecrement, InterlockedIncrement, HeapFree, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, DelayLoadFailureHook
GDI32.dll: GetStockObject, CombineRgn, GetLayout, CreatePatternBrush, OffsetViewportOrgEx, GdiAlphaBlend, GetTextExtentPoint32W, ExtTextOutW, SetWindowOrgEx, GetPixel, PatBlt, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, CreateRectRgnIndirect, SetTextColor, SetBkMode, GetTextMetricsW, CreateFontIndirectW, CreateSolidBrush, GetObjectW, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, DeleteDC, GetDeviceCaps
USER32.dll: GetDlgItem, LoadCursorW, RegisterClassW, IsChild, SetTimer, MonitorFromRect, SetWindowTextW, SetClassLongW, GetClassInfoW, GetClassLongW, KillTimer, GetClassInfoExW, IsWindowEnabled, GetShellWindow, GetIconInfo, SetScrollInfo, GetLastActivePopup, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, IsWindowVisible, IsWindow, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, SetFocus, SetForegroundWindow, LoadMenuW, SetMenuInfo, SetMenuDefaultItem, GetSubMenu, TrackPopupMenuEx, LoadImageW, InsertMenuItemW, DestroyIcon, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharUpperBuffW, PostQuitMessage, LoadStringW, ShutdownBlockReasonCreate, GetWindowLongA, SetWindowLongW, UnregisterDeviceNotification, RegisterDeviceNotificationW, RegisterWindowMessageW, SetWindowPos, RegisterClassExW, GetDesktopWindow, UpdateWindow, InvalidateRect, BeginPaint, LoadBitmapW, SetLayeredWindowAttributes, EndPaint, ShowWindow, DefWindowProcW, MoveWindow, DestroyWindow, UnregisterClassW, SetProcessDPIAware, PeekMessageW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, GetKeyboardLayout, ActivateKeyboardLayout, IsProcessDPIAware, PrintWindow, GetDCEx, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, GetDlgCtrlID, ChildWindowFromPointEx, GetCapture, GetGUIThreadInfo, SetWindowLongA, CharUpperW, GetWindowDC, RegisterClipboardFormatW, UnhookWinEvent, SetWinEventHook, ReleaseCapture, GetUserObjectInformationW, GetProcessWindowStation, FlashWindowEx, GetForegroundWindow, PostMessageW, CreatePopupMenu, GetWindowThreadProcessId, MsgWaitForMultipleObjectsEx, CharPrevW, CharNextW, DispatchMessageW, TranslateMessage, GetMessageW, EqualRect, UnionRect, MapWindowPoints, GetClientRect, EnumWindows, EndTask, SetThreadDesktop, GetThreadDesktop, GetMenuItemID, IsHungAppWindow, DrawTextW, GetSysColor, TrackPopupMenu, SendMessageCallbackW, DeregisterShellHookWindow, EndDialog, IsDlgButtonChecked, LoadIconW, GetSysColorBrush, CloseDesktop, OpenInputDesktop, SetActiveWindow, IsRectEmpty, GetAsyncKeyState, RegisterShellHookWindow, FillRect, GetCursorPos, SetPropW, CopyRect, LockSetForegroundWindow, MonitorFromPoint, InflateRect, GetClassNameW, SubtractRect, RedrawWindow, EnumDisplayMonitors, OffsetRect, IntersectRect, SetWindowRgn, GetMenuState, GhostWindowFromHungWindow, HungWindowFromGhostWindow, GetWindowPlacement, RemovePropW, SendMessageTimeoutW, UnregisterHotKey, RegisterHotKey, InsertMenuW, ModifyMenuW, ClientToScreen, ScreenToClient, GetMenuItemCount, GetFocus, GetScrollInfo, InternalGetWindowText, GetKeyState, ChangeDisplaySettingsW, GetWindowLongW, EnumChildWindows, SendMessageW, GetWindow, GetWindowRect, PtInRect, SetCursor, ChildWindowFromPoint, SetCursorPos, GetMessagePos, LoadAcceleratorsW, WaitMessage, TranslateAcceleratorW, GetWindowRgnBox, GetActiveWindow, MessageBeep, SetWindowPlacement, SetRect, SendNotifyMessageW, UpdateLayeredWindow, GetLastInputInfo, SendDlgItemMessageW, AllowSetForegroundWindow, RemoveMenu, SetParent, CallWindowProcW, EnableWindow, GetDlgItemInt, SetDlgItemInt, CheckDlgButton, CopyIcon, DrawFocusRect, NotifyWinEvent, ExitWindowsEx, DrawEdge, WindowFromPoint, GetDoubleClickTime, SetCapture, TrackMouseEvent, LockWorkStation, AppendMenuW, GetParent, SetScrollPos, SetRectEmpty, AdjustWindowRectEx, BringWindowToTop, CascadeWindows, GetSystemMetrics, SystemParametersInfoW, FindWindowW, ReleaseDC, GetDC, DestroyMenu, GetMenuDefaultItem, TileWindows, GetAncestor, SwitchToThisWindow, CheckMenuItem, ShowWindowAsync
msvcrt.dll: memset, _unlock, _ftol2_sse, _except_handler4_common, __set_app_type, memcpy, free, memmove, realloc, __dllonexit, _lock, _onexit, _terminate@@YAXXZ, _controlfp, _vsnwprintf, malloc, __wgetmainargs, _cexit, _exit, __p__fmode, _XcptFilter, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode
ntdll.dll: NtOpenThreadToken, NtOpenProcessToken, RtlGetProductInfo, NtQueryInformationToken, NtClose, NtQueryInformationProcess, NtSetInformationProcess, WinSqmAddToStream, NtSetSystemInformation
SHLWAPI.dll: PathGetDriveNumberW, -, -, PathRemoveFileSpecW, -, -, SHRegGetUSValueW, -, StrDupW, PathQuoteSpacesW, -, -, -, -, StrChrIW, -, -, -, SHRegOpenUSKeyW, SHRegQueryUSValueW, StrCmpW, AssocQueryStringW, -, -, -, -, -, AssocQueryKeyW, PathParseIconLocationW, PathIsPrefixW, -, PathRemoveExtensionW, SHOpenRegStream2W, PathFileExistsW, -, -, -, -, PathFindExtensionW, SHQueryInfoKeyW, -, -, -, -, -, -, -, -, SHDeleteKeyW, PathAppendW, SHDeleteValueW, -, -, -, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, PathFindFileNameW, -, SHSetValueW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, -, -, PathCombineW, SHRegGetValueW, StrToIntW, -, -, -, PathGetArgsW, StrChrW, -, -, -, -, SHStrDupW, -, -, -, -, -, StrRetToBufW, -, -, -, -, -, -, StrRetToStrW, -, -, StrStrIW, -, -, PathMatchSpecW, PathIsRootW, PathIsNetworkPathW, SHQueryValueExW, AssocCreate, StrCmpIW, -, -, -, StrCmpNW, -, -, StrPBrkW, -, -, -, PathStripToRootW, -, PathIsDirectoryW, -
SHELL32.dll: -, -, -, -, -, -, -, -, SHGetDesktopFolder, -, SHBindToFolderIDListParent, -, -, -, -, -, -, SHGetIDListFromObject, -, -, -, -, -, -, SHCreateShellItemArrayFromIDLists, -, -, SHCreateItemFromIDList, SHCreateShellItemArrayFromShellItem, -, -, SHBindToFolderIDListParentEx, SHChangeNotify, SHAddToRecentDocs, DuplicateIcon, -, -, -, ShellExecuteW, -, -, SHGetPathFromIDListA, SHUpdateRecycleBinIcon, SHGetKnownFolderIDList, SHGetFolderPathEx, SHFileOperationW, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, ExtractIconExW, -, -, -, -, SHGetSpecialFolderLocation, -, -, SHBindToParent, Shell_NotifyIconW, SHGetFolderPathAndSubDirW, Shell_GetCachedImageIndexW, SHGetFolderPathW, -, SHEvaluateSystemCommandTemplate, -, -, -, -, -, -, -, -, -, -, -, SHBindToObject, -, ShellExecuteExW, -, -, SHGetSpecialFolderPathW, -, SHParseDisplayName, -, SHGetFolderLocation, -, -, -, -, -
ole32.dll: CoTaskMemFree, CoCreateInstance, CoRegisterClassObject, CoRevokeClassObject, CoGetClassObject, OleInitialize, OleUninitialize, CoGetObject, StringFromGUID2, CoUninitialize, CoInitialize, RevokeDragDrop, RegisterDragDrop, CoRegisterMessageFilter, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler, DoDragDrop, CoInitializeEx, CreateBindCtx, CoFreeUnusedLibraries, PropVariantClear
OLEAUT32.dll: -, -, -, -, -, -
SHDOCVW.dll: -, -
UxTheme.dll: IsCompositionActive, IsAppThemed, GetThemeMargins, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, DrawThemeTextEx, GetThemeFont, GetThemeColor, GetThemeBool, GetThemeInt, SetWindowTheme, DrawThemeText, GetThemeTextExtent, DrawThemeBackground, CloseThemeData, OpenThemeData, DrawThemeParentBackground, GetThemePartSize, GetThemeMetric, GetThemeBackgroundContentRect
POWRPROF.dll: GetPwrCapabilities
dwmapi.dll: DwmIsCompositionEnabled, -, DwmSetWindowAttribute, DwmEnableBlurBehindWindow, DwmQueryThumbnailSourceSize, DwmGetColorizationColor, DwmUpdateThumbnailProperties, DwmRegisterThumbnail, DwmUnregisterThumbnail
gdiplus.dll: GdiplusShutdown, GdipCloneImage, GdipDrawImageRectI, GdipSetInterpolationMode, GdiplusStartup, GdipCreateFromHDC, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipGetImageHeight, GdipGetImageWidth, GdipDisposeImage, GdipLoadImageFromFileICM, GdipLoadImageFromFile, GdipDeleteGraphics, GdipFree, GdipAlloc, GdipSetCompositingMode
slc.dll: SLGetWindowsInformationDWORD
RPCRT4.dll: RpcBindingFree, RpcStringFreeW, RpcBindingFromStringBindingW, NdrClientCall2, RpcStringBindingComposeW, I_RpcExceptionFilter, RpcBindingSetAuthInfoExW
PROPSYS.dll: PSGetPropertyKeyFromName, PSPropertyKeyFromString, PSGetPropertyDescription, PSGetNameFromPropertyKey, VariantToBooleanWithDefault, VariantToInt32WithDefault, VariantToStringWithDefault, PSCreateMemoryPropertyStore, VariantToStringAlloc, PropVariantToStringAlloc
BROWSEUI.dll: -, -

#59 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 23 August 2010 - 01:51 AM

Can you please reboot in safe mode with networking and see if things lock up there as well?
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#60 Petesnewjob

Petesnewjob

    Regular Member

  • Honorary Members
  • PipPip
  • 78 posts

Posted 23 August 2010 - 12:39 PM

sure, i'll do it now.

by the way, i used this laptop yesterday for a few hours. 1st, i googled "running programs"....and found bleeping computers web page. also looked at auto parts(1st for a few weeks) also google. 2 browsers open, one had car page and this site(my post) the other had bleeping computer info.

after an hour or so, i click on my 2nd browser and see a pop up on bleeping computer's website, "intel advertisement" i checked the page to see if i scrolled over a word that activated it, but no. i did not touch it, just closed the browser. now the 1st browser, which had an hp popup for a split second(disappeared so fast all i saw was hp.) anyway, closed that as well(both tabs, quit without saving/remembering)

everything is fine, windows closed w no problems.

i decide to click adobe reader before i walk away from the computer..... FROZE! arrow started thinking....

ok, so i manually reboot(again).... but it went to standby?..?... i held down the power button as i have become very good at it, but it went to standby. i turn it on again, hold down the power button, and it turned off.

i restarted, then shut down. just in case. just turned it on this morning to check if you responded. turned on ok, but my blue "I" on the computer that shows the wireless card turned orange(off) halfway through this post, but i'm still online...

i will do what you asked now.

**************

started in safe mode w networking. internet did not connect. when i attempted to connect i was prompted for my password(for internet). i did not enter it.

opened some programs, etc, seemed fine.

rebooted to normal mode, enter password, desktop shows for about 2 seconds, then computer shut down on its own. no freeze, just off.

restart, enter pw, desktop shows. i wait and observe and watched my power indicator go from 40% charge to battery instantly dead..computer shut off again...all within a second or 2 (by the way, this is the 1st time my computer was unplugged during use) now bat is at 30%(i plugged it in) and its been 10 minutes. and my orange "I" came back about halfway through typing this 2nd post. computer was unplugged from power cord for maybe 30 minutes. i know my battery life isnt good, but i know it has never done that before. and its already at 48% charged... total charge time since i plugged it in...15 to 20 minutes tops.


thank you for your patience Elise! sorry for the long post....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users