David H. Lipman

Paranoia - just another word for a heightened sense of situational awareness.

It's a case where a LNK file or a registry load statement calls RUNDLL32.EXE to load a function from a Dynamic Link Library (DLL) file. The file does not exist so RUNDLL32 generates a ERROR LOADING XXXXX message. This is often a sign where a malicious DLL was found and deleted but the loading LNK or Registry location calling RUNDLL32 was not removed and is a sign of a past or present malware infection.

Kate: I know Avira AntiVir. I have a special license for its command line scanner which is included in my Muli-AV Scanning Tool. I do NOT know of "Mask-Me" and my immediate reaction is to ignore its offering. As for the EXACT model of your HP notebook, it would be on the bottom of the notebook and may be denoted by the word MODEL on some sticker. It may also be on paperwork showing the actual purchase of the product (bill of sale). How Do I Find My Model Number or Product Number? CWB's notes about communicating your need to postpone warranty shipment due to a high priority project is a very good point. If your notebook supports PCMCIA then that provides another option, a PCMCIA to Ethernet adapter. However without knowing if your notebook supports PCMCIA I don't want you to go on a Red Herring search for a device when I know your notebook supports USB v2.0. Below is a sample PCMCIA to Ethernet adapter... I believe you noted that your project starts the 8th of March. If yes then is mail order the best way to go about this ? I think you should go to your local BestBuy (and other office supply stores that I previously listed) and get a USB 2.0 to Ethernet adapter off the shelf so you have it and know its working PRIOR to the onset of your project. BTW: I like Ron's (aka;AdvancedSetup ) Cisco-Linksys USB Ethernet Adapter solution. Another is by Belkin USB 2.0 Ethernet Adapter Based upon your going on Amazon... TRENDnet USB to 10/100Mbps Adapter TU2-ET100 FYI: The retail division of Cisco is Linksys and Belkin recently acquired the Linksys division from Cisco Belkin buying Linksys

You have alternatives such that your project is NOT affected. The problem is the identification of a HP G72 Notebook only indicates a HP notebook family. There are many sub-models in the G72 family. HP G72-120## HP G72-110## HP G72-101## HP G72-150## Where ## = SO, SB, EO, SA, SG, etc, etc... Not knowing the EXACT HP G72-XXX## model means I can't be more specific so I don't know if they support PCMCIA. However, they should all support USB v2.0. Therefore you can get a USB 2.0 to Ethernet interface. They look something like the following... This way you can use Ethernet during your project and POSTPONE sending the unit out for warranty repair. Stores such as; BestBuy, OfficeMax, Staples and other Brick & Mortar locations may have such devices on their shelves and they can also be obtained through the mail (albeit time may be a limiting factor).

PUP.Adware.RKN You aren't dealing with anything major here. PUP - Potentially Unwanted Program Basically the lowest level of malware even in the Adware sub-type of trojans.

Anvisoft - http://krebsonsecurity.com/2012/11/infamous-hacker-heading-chinese-antivirus-firm/

There are already ways to do this. 1. Encryption. Software such as TrueCrypt can protect one's data. 2. Offline storage. Don't keep your data on the computer. Keep it on removable Read/Write media such as an external hard disk which also can be encrypted. Note that I do NOT suggest using so-called Cloud Storage services.

I doubt it is a RootKit. It's too obvious. RootKits hide and are mostly inconspicuous in nature. It's just a trojan that is obfuscating its malicious intent by using the name of a legitimate file. However its loading from an illegitimate location.

That's a nice way to spread the Flu and other infections.

Please think and answer your own question.

Kate: No I am not a lawyer. I have dealt with company technicians over warranty coverage for a quite a number of years representing countless computer systems. If I prepare you for it, you can use the right set of words (language) to persuade them into warranty coverage.

Kate: The answer of warranty coverage is a tough one left up to the company offering the warranty. You have to make your move from the POV of this just happened without any negligence or a human cause. The RJ45 port is either a sub PC board or it is embedded on the notebook's motherboard (most likely). It can be fixed by a technician by replacing the associated board. However it would be up to HP to discern if the repair is covered by the warranty or if they determine, at their discretion, that it was caused by improper human treatment and isn't covered by a warranty and you'd have to pay for the service.

It sounds like you are on FiOS with a mix of TCP/IP based devices including MoCA STBs. I can't give you a best practice on managing the size of your Event Logs. You'll have to look them over and see what's going. Not just logins but failed logins and authentications that may be overly repetitive thus bloating the Event Logs. Looking at my Security Event Log its 20MB going back 1 year as a FIFO log. As I was writing this Daledoc1 posted what I would have suggested (assisted forum analysis, just that I would have not have been as eloquent albeit it's canned message) to check the state of a questionable system.

I don't know what you mean by "Both of those lights you mentioned go out..." but if that occurs at the RJ45 Ethernet port on the notebook then maybe you have damaged the RJ45 Ethernet port on the notebook. In that case, warranty service by HP would be warranted.

A more detailed analysis of the computers can determine if there are "other" issues at hand. Those that may exist can be coincidental. There are situations where webmail accounts are compromised and are used to generate spam. In that case the sending account would get failed mail messages. However in that case the account holder's computer doesn't have to be compromised either. Reading your first post leaves me a bit confused 'cause 'moe', "alvin" and 'abbey' are not well defined into context. If they are the names of Windows computers with NT Shares being accessed from peer systems on a SOHO network, one can expect events showing logins in the Event Log. You also stated.... "I also have several TB of external storage that mbam will probably need all night to examine." Not really. MBAM isn't an anti virus and doesn't target file types other than executables. If you have data on the external drive you need to scan it with a traditional anti virus application such as Avast, not MBAM.

This is not necessarily the action of a SpamBOT. All that is needed is a 3rd party generating spam and USING the email address in the "From" or "Reply To" fields. Thus if a failed mail message is generated by the recipient's email server the failed mail message will be sent to the "From" or "Reply To" address.

Skimmers are and have been a problem. They are strategically placed in front of the card port on an ATM or a simple hand held unit. In all cases, it is up to the user of ATM cards and Credit Cards to use "due diligence" and take the time to examine card reader before insertion, watch carefully the actual use of a card reader and *NEVER* let the card out of your site. For example: You are on an automobile trip and are outside of your normal domain and stop to refuel. Do NOT let an attendant take the card and go inside the booth or office without you following and watching the attendant and your card very carefully.

This is a case of malware using "Self Preservation" techniques. Malicious actors put in their software the ability to block the execution of legitimate software and use Operating System constructs called Local and Group Policies to inhibit the computer owner from removing the malicious software on their computer. The reason being the actor wants his/her software to run what is called a "payload" as long as they can on your computer. For example: There are utilities that are used called; tcpview.exe, autoruns.exe and procexp.exe. The software creator can explicitly write code that will not allow their execution. However we use tricks like renaming these files such as renaming; procexp.exe to iexplore.exe to defeat that. Likewise the software creator can explicitly write code to block the execution of; mbam.exe, mbamgui.exe and mbamservice.exe thinking it will help protect their software from removal by MalwareBytes' Anti-Malware (aka; MBAM). To help deal with this the MalwareBytes' programming team have created the Chameleon utilities to thwart this activity. Read about it: "C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm"

Kate: To me it does NOT sound like a hardware issue. Replacing the Ethernet cable proved it. What you describe does not sound like it could have damaged the contacts in the RJ45 Ethernet port on the laptop. It all sounds coincidental. This can be confirmed through LEDs that are on the RJ45 Ethernet port on the laptop and are on the RJ45 Ethernet port on the Westelll modem+Router. I'd like for you to post the model of the Westell modem+Router as well as the model of the HP laptop. That will help provide exactly what LEDs are available, their states and other factors that could be used for problem isolation and identification. When the Ethernet cable is plugged into the Westell modem+Router and the laptop it should initiate a LED on the Westell and on the HP. Chances are the Westell LAN port is 10/100Mb/s Ethernet. Depending on the model it may have a LED for 10Mb/s or 100Mb/s or change colour for 10Mb/s vs. 100Mb/s. In either case there will be a "connectivity LED." Likewise on the laptop. Additionally when the laptop is in communication with the Westell there will be an "Activity LED" and shall blink when communicating. * If there is a physical issue with the Ethernet port on the notebook, the "Connectivity LED" will not be "on" when the laptop losses connection. * If there is a physical issue with the Ethernet port on the Westell modem+Router, the "Connectivity LED" will not be "on" when the laptop losses connection. * If BOTH "Connectivity LEDs" are "on" and the "Acitivity LEDs" blink and you do NOT have a connection then there is no physical Ethernet problem with the hardware, we are talking about a logical problem such as interference or a hardware problem at the TelCo, etc, that I previously elaborated on. Again... DSL technology is more prone to this kind of behaviour and unless we can get another computer on the circuit to test, we can't rule out external influences. EDIT: BTW: Oracle Java is now at v7 update 17 http://www.oracle.co...ds-1880261.html 64bit OS: download... jre-7u17-windows-x64.exe 32bit OS: download... jre-7u17-windows-i586.exe

No. It's passive, not active. It only gathers and displays.

Let's be perfectly clear that CurrPort and TCPView are the same class of utility to show what UDP and TCP connections are currently opened and/or closed. Wireshark (the successor to Ethereal) is a Packet Capture and Protocol Decoder. While TCPView might show that a FTP connection exists between the current PC and a remote computer, Wireshark will allow you to not only capture the packets for a given time period which may include a FTP session, shown by the connection in TCPView, but will allow you to actually see what is being read and/or transferred which includes the authentication process providing the FTP User Name and FTP Password.

Each has their strengths such as TCPView does IPv6. I use both.

A device like this... Is good for general access. I know I use one. However if you get a USB to IDE chassis not only do you get the ability to obtain the data on the drive but now can use it regularly as an external hard disk. Just a thought...

I am almost afraid to ask... What does he use for a table ?

Nir Softer's CurrPort Utility SysInternal's TCPView