I've been a happy user of Spybot for years (thank you! wonderful product!). But now my Spybot (and AVG too) seem to only do 'fake' updates - they look like they go through the motions but don't really seem to update, because now they never detect anything at all that isn't ok (which I know isn't right). So I uninstalled and reinstalled, still no luck. Jochen kindly sent an email with a link to RootAlyzer and suggested I run it and paste the log here, plus pack the suspicious files. I'm not too technical (just enough to be dangerous) but I can follow most directions :angel: I packed the suspicious files but can't figure out how to attach them (suggestions?). Here are the deep scan results. Thank you so much!

// info: Rootkit removal help file
// copyright: (c) 2008 Safer Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\WINDOWS\Internet Logs\dumpIndex"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_10_17_04_45_small.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_16_11_22_27_small.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_29_19_25_14_small.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_08_21_16_46_small.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_21_11_18_12_small.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_on_demand_thread_2008_12_15_21_51_06_full.dmp.zip"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\Contents.dat"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\global.js"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\HpuFunction.dll"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\main.hta"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\SoftwareUpdate.dll"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\unicows.dll"
File:"No admin in ACL","C:\Documents and Settings\All Users\DRM\drmv2.lic"
File:"No admin in ACL","C:\Documents and Settings\All Users\DRM\drmv2.sst"
Directory:"No admin in ACL","C:\WINDOWS\Internet Logs"
Directory:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update"

Tried again to attach the suspicious files, but couldn't (clicked on Manage Attachments, browsed, selected file and clicked on upload). First I got a message that a security token is missing. Then it's taking forever to upload files but Task Mgr shows that there's very low CPU utilization ... kinda like running fast but getting nowhere.

I feel like the malware is somehow infected into my wireless network and causes me to get false readings and/or to interfere with what I'm trying to do. Whenever I logon to my home network (a-network) via 'Wireless Connection 4' another network shows up that has all weird symbols for its name. It seems like that network is somehow 'piggybacked' or attached to my a-network. By the way my laptop is XP.

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:45 AM, on 5/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.localendar.com/elsie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: officejet 6100.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://content.ancestry.com
O15 - Trusted Zone: http://imageservice.ancestry.com
O15 - Trusted Zone: http://www.ancestry.com
O15 - Trusted Zone: http://*.ancestry.com
O15 - Trusted Zone: http://www.ticketmaster.com
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192195126528
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1228357176761&h=5696428fe7834dd6c01282c8490cc110/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component 0: (no name) - http://groups.msn.com/isapi/fetch.dll?action=MyPhotos_GetPubPhoto&PhotoID=nIgBxDgYK6YUAH0qqtWX49bUtTooltQdQDl3AVqCnTE2sHnUhfwJFnEMFUg5PgdqKTJyY2fK81mI

--
End of file - 10534 bytes

we can get another look for malware with MBAM:

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop:

http://www.malwarebytes.org/mbam.php

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click **Remove Selected.**

**A restart of your computer most likely will be required to remove some items.**

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

post the MBAM log in reply:

Shelf life, your help is appreciated very much. I ran MBAM a couple times, but here's the last time, after I had uninstalled both Spybot and AVG (the paid version which I recently purchased). AVG was crashing my system each time I tried to scan with it, so MBAM's results make sense. I allowed MBAM to fix the registry keys in conflict with Windows Security Center. There appear to be compatibility issues between the new Windows security center functions and AVG, so probably with Spybot too. I don't really know what to do now for ongoing protection. My computer seems to be running smoothly (except for the piggyback network trojan I suspect), but now I'm not protected. I had turned the Windows firewall on, but then turned it off since it seemed to be preventing me from getting to safe websites I use all the time (like Ticketmaster). I'm thinking of reinstalling Spybot first and then seeing how that goes. If that works ok, then maybe I'll try one of the lighter versions of AVG again - I had used the free version for years but lately it got weird and took 4 hours for scans, so I was hoping the paid version would work better. I'm sorry if I shouldn't talk about AVG here in SpyBot but those two programs always seemed to 'play well' together before. My laptop is older and only has 1mg memory so it can't handle these protection programs that bring all else to a halt.

My gut also tells me I have some kind of 'piggyback' trojan whenever I sign on to my wireless network, as mentioned earlier. I think I need to figure out how to completely delete the existing wireless network configuration and create a clean one from scratch (I didn't set up the original one because I didn't know how, but with a little coaching I think I could do it now). Any advice/help is greatly appreciated. You people are so wonderful to help poor ignorants like moi. :thanks:

Malwarebytes' Anti-Malware 1.36
Database version: 2139
Windows 5.1.2600 Service Pack 2

5/16/2009 5:33:33 PM
mbam-log-2009-05-16 (17-33-33).txt

Scan type: Full Scan (A:\|C:\|)
Objects scanned: 173021
Time elapsed: 58 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

:confused: Well I guess I screwed up. After uninstalling Spybot and AVG I double-checked to see that all my windows patches were up to date and Belarc said I was missing only one. So I decided to install that one (maybe it was SP3? 4?). But now I ran Belarc again and it's tells me that now I'm missing 22 updates??? Here's what BelArc says (without the SW program key info!). I'm confused by this. Thanks.

Operating System System Model
Windows XP Home Edition Service Pack 3 (build 2600) Hewlett-Packard Pavilion ze5400 (DC964A) KH.F.08
System Serial Number: CNF3240HKZ
Enclosure Type: Notebook
Processor a Main Circuit Board b
2.40 gigahertz Intel Pentium 4
8 kilobyte primary memory cache
512 kilobyte secondary memory cache Board: Hewlett-Packard 0850 NS570 Version PQ1B56
BIOS: Phoenix Technologies Ltd. KF_KH.F.08 06/06/2003
Drives Memory Modules c,d
40.05 Gigabytes Usable Hard Drive Capacity
17.55 Gigabytes Hard Drive Free Space

TOSHIBA DVD-ROM SD-R2312 [CD-ROM drive]
3.5" format removeable media [Floppy drive]

SAMSUNG MP0402H [Hard drive] (40.06 GB) -- drive 0, s/n S03WJ20XB65141, rev UC100-14, SMART Status: Healthy 960 Megabytes Installed Memory

Slot 'J400' has 512 MB
Slot 'J401' has 512 MB
Local Drive Volumes


c: (NTFS on drive 0) 40.05 GB 17.55 GB free
Network Drives
None detected
Users (mouse over user name for details) Printers
local user accounts last logon
Administrator 8/27/2008 8:01:05 AM (admin)
Owner 5/17/2009 9:31:26 AM (admin)
local system accounts
Guest 2/12/2009 7:07:57 PM
HelpAssistant never
SUPPORT_388945a0 never
SUPPORT_b326ad0c never

DISABLED Marks a disabled account; LOCKED OUT Marks a locked account

eFax 4.2 on eFax_4_2_Port
HP DeskJet 890C on LPT1:
HP DeskJet 890C on LPT1:
hp officejet 6100 series on USB001
HP Officejet Pro L7600 S... fax on USB002
HP Officejet Pro L7600 Series on USB002
Microsoft XPS Document Writer on XPSPort:
Controllers Display
Standard floppy disk controller
ALi M5229 PCI Bus Master IDE Controller
Primary IDE Channel [Controller]
Secondary IDE Channel [Controller] RADEON IGP 345M [Display adapter]
Digital Flat Panel (1024x768) [Monitor] (19.7"vis)
Bus Adapters Multimedia
O2Micro OZ6912 CardBus Controller
VIA Rev 5 or later USB Universal Host Controller (2x)
VIA USB Enhanced Host Controller Conexant AC-Link Audio
Unimodem Half-Duplex Audio Device
Communications Other Devices
Conexant 56K ACLink Modem


1394 Net Adapter
LAN-Express IEEE 802.11 PCI Adapter
primary Auto IP Address: 10.0.0.2 / 24
Gateway: 10.0.0.1
Dhcp Server: 10.0.0.1
Physical Address: 00:02:8A:99:E5:64
National Semiconductor Corp. DP83815/816 10/100 MacPhyter PCI Adapter
Dhcp Server: 192.168.1.254
Physical Address: 00:0B:CD:A8:E3:48

Networking Dns Server: 10.0.0.1
Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Microsoft AC Adapter
Microsoft ACPI-Compliant Control Method Battery
ALi Fast Infrared Controller
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Synaptics PS/2 Port TouchPad [Mouse]
USB Root Hub (3x)
Virus Protection [Back to Top]
No details available
Missing Microsoft Security Hotfixes [Back to Top]
These required security hotfixes (using the 05/12/2009 Microsoft Security Bulletin Summary) were not found installed. Note: CIS benchmarks require that Critical and Important severity security hotfixes must be installed.
KB954459 - Important (details...)
KB923561 - Important (details...)
KB946648 - Important (details...)
KB950762 - Important (details...)
KB950974 - Important (details...)
KB951066 - Important (details...)
KB951376 - Critical (details...)
KB951376-V2 - Critical (details...)
KB951748 - Important (details...)
KB952004 - Important (details...)
KB952954 - Critical (details...)
KB956572 - Important (details...)
KB956802 - Critical (details...)
KB957097 - Important (details...)
KB958644 - Critical (details...)
KB958687 - Critical (details...)
KB958690 - Critical (details...)
KB959426 - Moderate (details...)
KB960225 - Important (details...)
KB960803 - Critical (details...)
KB961373 - Critical (details...)
Q960003 - Important (details...)
Installed Microsoft Hotfixes [Back to Top]
.NETFramework
1.0
no verification data S867461 on 2/9/2005 (details...)
no verification data M928367 on 7/12/2007 (details...)
1.1
no verification data S867460 on 11/13/2008 (details...)
no verification data M928366 on 11/18/2008 (details...)
CAPICOM
no verification data KB931906 on 10/12/2007 (details...)
Compatibility Pack for the 2007 Office system
no verification data KB940289[SP] on 3/2/2009 (details...)
no verification data KB951550 on 3/2/2009 (details...)
no verification data KB951944 on 3/2/2009 (details...)
no verification data KB954326 on 3/2/2009 (details...)
no verification data KB956828 on 3/2/2009 (details...)
no verification data KB958439 on 3/2/2009 (details...)
no verification data KB969618 on 5/14/2009 (details...)
MSXML 6 Service Pack 2 (KB954459)
no verification data KB954459 on 11/13/2008 (details...)
MSXML4SP2
no verification data KB927978 on 11/16/2006 (details...)
no verification data KB936181 on 8/15/2007 (details...)
no verification data KB954430 on 11/13/2008 (details...)
Office XP Standard for Students and Teachers
no verification data KB904018 on 10/12/2007 (details...)
no verification data KB905649 on 10/12/2007 (details...)
no verification data KB905758 on 10/12/2007 (details...)
no verification data KB910619 on 2/27/2007 (details...)
no verification data KB911701 on 10/12/2007 (details...)
no verification data KB913471 on 10/12/2007 (details...)
no verification data KB920816 on 10/12/2007 (details...)
no verification data KB921596 on 8/15/2008 (details...)
no verification data KB932031 on 3/13/2008 (details...)
no verification data KB933399 on 5/3/2009 (details...)
no verification data KB944423 on 2/14/2008 (details...)
no verification data KB946985 on 3/13/2008 (details...)
no verification data KB950129 on 5/15/2008 (details...)
no verification data KB953405 on 9/11/2008 (details...)
no verification data KB956329 on 12/30/2008 (details...)
no verification data KB956464 on 10/16/2008 (details...)
no verification data KB957781 on 5/14/2009 (details...)
no verification data KB959988 on 5/3/2009 (details...)
Step By Step Interactive Training
SP2
passed verification KB898458 on 6/15/2005 (details...)
passed verification KB923723 on 2/16/2007 (details...)
WGA
SP0
passed verification KB892130 on 10/12/2007 (details...)
Windows Media Format 11 SDK
no verification data KB929399 (details...)
SP0
passed verification KB929399 on 4/8/2008 (details...)
Windows Media Player 10
no verification data KB936782_WMP10 (details...)
SP2
passed verification KB936782_WMP10 on 8/17/2007 (details...)
Windows Media Player 11
no verification data KB936782_WMP11 (details...)
no verification data KB939683 (details...)
no verification data KB954154_WM11 (details...)
no verification data KB959772_WM11 (details...)
SP0
passed verification KB939683 on 4/8/2008 (details...)
passed verification KB954154_WM11 on 9/11/2008 (details...)
passed verification KB959772_WM11 on 4/1/2009 (details...)
SP2
passed verification KB936782_WMP11 on 4/8/2008 (details...)
Windows Media Player 6.4
no verification data KB925398_WMP64 (details...)
SP0
passed verification KB925398_WMP64 on 12/14/2006 (details...)

Windows Media Player 9
no verification data KB917734_WMP9 (details...)
no verification data KB936782_WMP9 (details...)
SP0
passed verification KB911565 on 2/17/2006 (details...)
passed verification KB917734_WMP9 on 6/19/2006 (details...)
SP2
passed verification KB936782_WMP9 on 8/15/2007 (details...)
Windows Media Player
no verification data KB952069_WM9 (details...)
SP0
passed verification KB911564 on 2/17/2006 (details...)
passed verification KB952069_WM9 on 12/30/2008 (details...)
Windows XP
no verification data KB923689 (details...)
no verification data KB941569 (details...)
SP-1
passed verification KB909520 on 11/13/2008 (details...)
SP0
passed verification KB923689 on 12/14/2006 (details...)
passed verification KB929969 on 1/12/2007 (details...)
passed verification KB933566-IE7 on 6/14/2007 (details...)
passed verification KB938127-IE7 on 8/15/2007 (details...)
passed verification KB938127-V2-IE7 on 1/22/2009 (details...)
passed verification KB941569 on 12/15/2007 (details...)
passed verification KB944533-IE7 on 2/28/2008 (details...)
passed verification KB950759-IE7 on 6/12/2008 (details...)
passed verification KB958215-IE7 on 12/30/2008 (details...)
passed verification KB960714-IE7 on 1/22/2009 (details...)
passed verification KB961260-IE7 on 2/17/2009 (details...)
passed verification KB963027-IE7 on 5/3/2009 (details...)
SP10
passed verification MSCOMPPACKV1 on 4/6/2008 (Microsoft Compression Client Pack 1.0 for Windows XP)
SP2
no verification data KB811113[SP] on 2/9/2005 (details...)
SP3
no verification data KB936929[SP] on 5/17/2009 (details...)
SP4
passed verification KB915800-V4 on 5/17/2009 (details...)
passed verification KB923561 on 5/3/2009 (details...)
no verification data KB938464 on 11/3/2008 (details...)
failed verification KB946648 on 11/3/2008 (details...) Reinstall!
no verification data KB950760 on 6/12/2008 (details...)
passed verification KB950762 on 6/12/2008 (details...)
passed verification KB950974 on 11/3/2008 (details...)
passed verification KB951066 on 11/3/2008 (details...)
passed verification KB951376 on 6/12/2008 (details...)
passed verification KB951376-V2 on 6/20/2008 (details...)
passed verification KB951698 on 6/12/2008 (details...)
passed verification KB951748 on 1/24/2009 (details...)
passed verification KB952004 on 5/3/2009 (details...)
passed verification KB952287 on 11/3/2008 (details...)
passed verification KB952954 on 11/3/2008 (details...)
passed verification KB954211 on 11/3/2008 (details...)
passed verification KB954600 on 12/30/2008 (details...)
passed verification KB955069 on 11/13/2008 (details...)
passed verification KB955839 on 12/30/2008 (details...)
no verification data KB956391 on 11/3/2008 (details...)
passed verification KB956572 on 5/3/2009 (details...)
passed verification KB956802 on 12/30/2008 (details...)
passed verification KB956803 on 1/24/2009 (details...)
passed verification KB956841 on 11/3/2008 (details...)
passed verification KB957095 on 11/3/2008 (details...)
passed verification KB957097 on 11/13/2008 (details...)
passed verification KB958644 on 11/3/2008 (details...)
passed verification KB958687 on 1/22/2009 (details...)
passed verification KB958690 on 4/1/2009 (details...)
passed verification KB959426 on 5/3/2009 (details...)
passed verification KB960225 on 4/1/2009 (details...)
no verification data KB960715 on 2/17/2009 (details...)
passed verification KB960803 on 5/3/2009 (details...)
passed verification KB961373 on 5/3/2009 (details...)
passed verification KB967715 on 3/2/2009 (details...)
Windows
SP1
passed verification IDNMITIGATIONAPIS on 1/9/2007 (Microsoft Internationalized Domain Names Mitigation APIs)
passed verification NLSDOWNLEVELMAPPING on 1/9/2007 (Microsoft National Language Support Downlevel APIs)
XML Paper Specification Shared Components Pack 1.0
no verification data XPSEPSC (XML Paper Specification Shared Components Pack 1.0)

Click here to see all available Microsoft security hotfixes for this computer.

[installed security hotfix] Marks a security hotfix (using the 05/12/2009 Microsoft Security Bulletin Summary)
[failing installed security hotfix] Marks a security hotFix that fails verification (a security vulnerability)
verifies OK Marks a hotfix that verifies correctly
fails verification Marks a hotfix that fails verification (note that failing hotfixes need to be reinstalled)
Unmarked hotfixes lack the data to allow verification

... and all seems to be running pretty well :bigthumb: Spybot updated properly (I didn't activate teatimer or the other realtime feature). The scan seemed to work properly as well. I'm going to live with this for a couple days and then see about reinstalling AVG. Maybe it was AVG causing compatibility problems. Thank you!

ok good. Unless you practice 'safe hex' you really should have a AV solution on your machine. I would get AVg re-installed and updated and see how things go from there-- like you said maybe a compatibility thing. did you have tea timer or the immunization feature turned on before? You could try turning tea timer back on after avg is installed to narrow things down. You must have a router. Is your network password protected? This would be done to ensure nobody else with in the signal range of your router could join/use it. Other computers, if any are in range could 'see' your network but not be able to join or use your connection if your router is password protected.

OK, here's where I'm at. Spybot was running smoothly. I've never used teatimer and not using it now either, on the advice of a friend (resource intensive and my old laptop only has 1mg memory). I have immunized my system now, although I didn't used to use that feature either. I did notice the following messages in the 'Ignore System Internals' area of Spybots settings - am including them in case they're meaningful to you:

%JavaDir%\QTJava.zip Missing Shared DLL
install.exe Wrong app path
MsoHtmEd.exe Wrong app path
winnt32.exe Wrong app path

The MS updates for XP to SP3 seemed to be running smoothly also (I think these included some compatibility updates for my Outlook2002 which helps it work with Hotmail's latest version that is made for only Outlook2003 and 2007). Since all seemed smooth I reinstalled AVG 8.5. Decided not to install the Firewall part because it turns off the MS firewall and I don't want the nasty red warning sign on my screen all the time. I was able to get through the first full scan on AVG smoothly, so that was encouraging because I couldn't do that before without a crash. The results were good and all seemed to be well. And then last night my system crashed with a white error message on a black screen that said something about an IRQ L error? The message was kinda fast so I couldn't read it very well, but that's the type of crash message I was getting before, when all this started. I googled on that and read where that kind of message usually refers to drivers that are out of date. HP indicates that all my drivers are up to date. This morning I ran an MBAM Quickscan, results below. I did notice the following messages in the 'Ignore System Internals' area of Spybots settings - am including them in case they're meaningful to you:

%JavaDir%\QTJava.zip Missing Shared DLL
install.exe Wrong app path
MsoHtmEd.exe Wrong app path
winnt32.exe Wrong app path

Any ideas what I should do to identify and resolve the cause of the crash? I assume it's going to keep crashing until I figure it out. Regarding my networking: yes I have a wireless router Netgear WPN824 on my DSL line and it's password protected. I still feel that it's been hacked somehow which is why I think I need to 'wipe the slate clean and start from scratch to define a new user network, but I don't know how. If there's a site you can suggest that explains how to do that I would be grateful for a referral. I'm afraid to delete the existing one and risk not being able to get online, because I have to be able to. Thank you so much for helping me!

Malwarebytes' Anti-Malware 1.36
Database version: 2162
Windows 5.1.2600 Service Pack 3

5/21/2009 9:08:20 AM
mbam-log-2009-05-21 (09-08-20).txt

Scan type: Quick Scan
Objects scanned: 90660
Time elapsed: 9 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

hi DreamCatcher8,


Ignore System Internals'
i believe these are just inconsistencies in the registry. you can ignore them.


it turns off the MS firewall
installing a third party firewall will turn off the MS firewall. you shouldnt be getting any warning signs. The windows firewall is sufficient for the purpose it was intended for--blocking unsolicited incoming traffic.

there can be many reasons for crashes or BSOD, malware may not be responsible for this. there are web sites dedicated to BSODs

http://www.updatexp.com/stop-messages.html
http://aumha.org/a/stop.htm



Is your network password protected?
i didnt mean a password to log in to your routers web interface using http://192.168... what i should have asked is you router using WEP or WPA.
a good place to start would be the routers manuf. web page;

http://kb.netgear.com/app/home
look on the right under 'most popular answers'

http://www.practicallynetworked.com/support/wireless_secure.htm

http://www.microsoft.com/windowsxp/using/networking/security/wireless.mspx

hi shelf life, thank you for the links (which educate me) and your patience. it's very helpful to know what is and isn't important.

regarding firewalls, i was a happy user of zonealarm for a long time but i uninstalled it after compatibility issues arose with avg some time ago (on the advice of the guy who used to take care of my system for me). i understand i need a better firewall than the basic ms one, so i can monitor outgoing traffic as well as incoming. i purchased the fullblown avg 8.5 version with the firewall for that reason. the 'warning' message i was referring to is the resident MS 'shield' on the bottom right bar of my screen - the shield is usually yellow but turns to red when it senses a problem (such as the MS firewall being turned off, or no antivirus installed, or MS updates need to be installed). for example, if I turn off the Link Scanner or Resident Shield modules of AVG I have to live with the annoying MS red shield (i do practice 'safe hex' LOL and wanted to improve my system performance by turning off those features). i guess i'll have to learn to live with that and will reinstall the avg firewall module after i get the current crash problem resolved. i don't want to disable that feature entirely because it does prompt me when there are system updates i need to perform.

last night i had another crash, but i think it was a black screen crash instead of a blue screen. it happened so fast i couldn't read what it said (is that recorded somewhere?) but it definitely was not saying the same thing as the BSOD message. i did observe that i was playing spider solitaire (giggle) each time the crashes happened but that's probably coincidence? this morning i ran the RegAlyzer tool again, results below. i read that vsmon files are from zonealarm so i'm thinking maybe the crashes are being caused by a compatibility issue between them and the MS firewall and/or the avg firewall. any thoughts on this? maybe deleting them will resolve? i have no clue what to do with the results ... suggestions welcome.

File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_08_21_16_46_small.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_21_11_18_12_small.dmp.zip"
File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_on_demand_thread_2008_12_15_21_51_06_full.dmp.zip"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\Contents.dat"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\global.js"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\HpuFunction.dll"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\main.hta"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\SoftwareUpdate.dll"
File:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update\unicows.dll"
File:"No admin in ACL","C:\Documents and Settings\All Users\DRM\drmv2.lic"
File:"No admin in ACL","C:\Documents and Settings\All Users\DRM\drmv2.sst"
Directory:"No admin in ACL","C:\WINDOWS\Internet Logs"
Directory:"No admin in ACL","C:\Program Files\Hewlett-Packard\HP Software Update"

yes i do have a wep key on my wireless router. i think my wireless network may have some kind of configuration problem and might be related to me having xp home edition instead of pro (maybe something to do with IPsec?). i'll see if i can figure out how to delete my current config and create a fresh one, based on the links you provided. my other wireless network problem started quite some time ago after the (paid) guy who used to take care of my computer had done maintenance work on it (like some windows updates) ... but after that visit my network never worked right again - it would disconnect me after a few minutes for a reason we could never figure out. hp gave me a net bios update but that didn't work. i finally figured out a work-around myself: after i'm on the wireless network i go into Services and turn off WZC and that solves it, though it's annoying to have to do that all the time. (back then i didn't know i could've just done a system restore, if he set a restore point). so i've learned to live with it, but would still like to solve the root cause of the problem someday because my wireless network used to work flawlessly once-upon-a-time. but that experience taught me that i should rely on myself and learn to take care of my own computer, trying to get smarter about these things, slowly but surely. it also taught me that MS updates are not always a good thing, which is why i had uninstalled SP3 after i experienced constant crashes from it the first time i installed. but these recent updates were SP2 to SP3 and it is running better this time, if i can just figure out how to eliminite these crashes now. there are fewer of them than before at least. hope you're having a good day shelf life. people like you are such a blessing to people like me. :angel:

hey. just crashed again but got error codes ... can you decipher?

BCCode : 100000d1 BCP1 : 00000000 BCP2 : 000000FF BCP3 : 00000001
BCP4 : 8638555C OSVer : 5_1_2600 SP : 3_0 Product : 768_1

hi DreamCatcher8,


'warning' message i was referring to is the resident MS 'shield' on the bottom right bar of my screen
This is supposed to monitor AV, Firewall and auto updates.
If you keep your AV updated, have a third party firewall or have the MS FW turned on (but not both) and visit Windows updates to download and install 'patches' then you can turn this monitoring feature off so it wont display the icon in the system tray.


Your log from Rootalyzer looks ok. This tool is used to check for possible root kit like activity on your computer. Root kits are malware and can hide from traditional antivirus and antimalware tools. This tool wont help with whats causing your crashes.


vsmon files are from zonealarm
If you uninstalled it via add/remove programs panel then it should be gone.
these:

File:"No admin in ACL","C:\WINDOWS\Internet Logs\vsmon_2nd_2007_03_08_21_16_46_small.dmp.zip"

look like leftover logs or text files.


related to me having xp home edition instead of pro
This is determined by what version of windows is installed on your machine


after i'm on the wireless network i go into Services and turn off WZC and that solves it
Have you tried setting the start up to manual so it wont auto start when you boot up. right click on the WZC in the service panel, select properties. cilck the stop button if its running, next change the start up type to manual, click apply then ok.

Crashes can be hard to isolate as for whats causing it. did it just start all of a sudden?
the default is to have windows reboot on a crash. you can change it in hopes that it will display the error which you can write down then do a hard reboot to get going again.

1. Click Start, and then right-click My Computer.
2. Click Properties.
3. Click the Advanced tab, and then click Settings under Startup and Recovery.
4. Under System failure, click on the small box beside Automatically restart to remove the checkmark.
5. Click OK, and then click OK. hopefully it will dispaly the error and not reboot.

you could also visit the HP website. Most computer vendors have excellent information/troubleshooting sections and even forums for all kinds of problems.