Jump to content

dazzac1965

Members
 View Profile  See their activity

  • Posts

    59

  • Joined

  • Last visited

About dazzac1965

  • Birthday 11/7/1965

Personal Information

  • Occupation
    Quality Technician

Tech Info

  • Experience
    some_experience
  • System: some_experience

dazzac1965's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. dazzac1965
    Hi All, Long time no speak....... I got a 2nd hand Tablet. Is there a separate forum on this site for them? & can anyone help me with it. I've Googled the Android Tablet and there seems to be issues with older Chinese ones. Guess what I've got?? Before I post too much info, I'll see if anyone can help first. Thanks! Dazzac1965
  2. dazzac1965
    Hi, Yeah I've looked all settings & changed a few but to no avail. I added the awin.com site as a safe site as well as the cashback site. I don't really understand all the settings any way. Maybe i'll contact their support. Perhaps there is a conflict somewhere.... I'll keep this post updated in case it helps someone else too
  3. dazzac1965
    Hi Starbuck, The fault is still bugging me. I now think its Anti - virus related - I can use cashback sites only if I switch off AV & use IE?
  4. dazzac1965
    I can't seem to disable add-ons in Opeera any ideas? Tried Firefox & this is OK when I run it off my memory stick with it configured to "private browsing" I.E. won't store cookies & delete history on exit ETC. Dazzac
  5. dazzac1965
    OK I've tried IE. Ive followed your instructions & the problem still occurs. I have tried going into Add-ons manager and individually disabling each Add - On. Firefox I do not use that often, but I'll try it any way. I use Opera more - this is my main browser. Thanks again for your help Dazzac
  6. dazzac1965
    OK That's re-assuring to know. But how do I stop this awin1.com & netcraft fishtank from blocking all access to these sites.? It's just started to block virginmedia.com too which is frustrating as I can't seem to find away round it. Virginmedia is my ISP, so I use it quite often Thanks Dazzac
  7. dazzac1965
    Hi Starbuck, Here is Combofix report - run in safe mode. ((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 ))))))))))))))))))))))))))))))) . 2010-07-27 10:44 . 2010-07-27 10:44 -------- d-----w- C:\32788R22FWJFW 2010-07-13 15:33 . 2010-07-13 15:33 -------- d-----w- c:\users\Liz\AppData\Roaming\Template 2010-07-06 08:01 . 2010-07-06 08:01 -------- d-----w- C:\_OTL 2010-07-03 19:47 . 2010-07-03 19:47 -------- d-----w- c:\users\Liz\AppData\Roaming\Malwarebytes 2010-07-03 18:21 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-03 18:20 . 2010-07-03 18:20 -------- d-----w- c:\programdata\Malwarebytes 2010-07-03 18:20 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-03 18:20 . 2010-07-03 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-27 09:06 . 2010-02-27 19:35 -------- d-----w- c:\programdata\Kaspersky Lab 2010-07-25 16:41 . 2010-02-27 19:27 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2010-07-25 16:40 . 2010-05-19 09:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2010-07-25 16:40 . 2010-04-05 15:29 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2010-07-18 14:25 . 2010-02-27 19:31 -------- d-----w- c:\users\Liz\AppData\Roaming\UseNeXT 2010-07-14 10:52 . 2010-02-27 17:32 -------- d-----w- c:\program files\Opera 2010-07-13 16:03 . 2010-07-13 15:24 102 ----a-w- c:\users\Liz\AppData\Roaming\wklnhst.dat 2010-07-13 15:24 . 2010-02-27 17:09 111680 ----a-w- c:\users\Liz\AppData\Local\GDIPFONTCACHEV1.DAT 2010-07-13 15:19 . 2010-02-27 18:34 -------- d-----w- c:\program files\Microsoft Works 2010-07-04 09:57 . 2010-04-05 15:30 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2010-07-04 09:57 . 2010-05-20 17:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2010-07-04 09:57 . 2010-02-27 19:26 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-07-03 18:20 . 2010-06-02 19:27 -------- d-----w- c:\program files\Warzone 2100 2010-06-27 14:48 . 2010-02-27 21:34 -------- d-----w- c:\users\Liz\AppData\Roaming\vlc 2010-06-27 14:47 . 2010-06-23 18:50 -------- d-----w- c:\programdata\Lavasoft 2010-06-27 09:15 . 2010-02-27 18:31 -------- d-----w- c:\program files\Microsoft.NET 2010-06-24 10:34 . 2010-06-24 10:34 63488 ----a-w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-24 10:34 . 2010-06-24 10:34 52224 ----a-w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-06-24 10:34 . 2010-06-24 10:34 117760 ----a-w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-24 10:33 . 2010-06-24 10:33 -------- d-----w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com 2010-06-23 18:54 . 2010-06-23 18:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-15 11:13 . 2010-06-15 11:13 133648 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll 2010-06-15 11:13 . 2010-06-15 11:13 133720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll 2010-06-04 08:52 . 2010-06-04 08:40 -------- d-----w- c:\users\Liz\AppData\Roaming\DAEMON Tools Pro 2010-06-04 08:42 . 2010-06-04 08:40 -------- d-----w- c:\program files\DAEMON Tools Pro 2010-06-04 08:41 . 2010-06-04 08:41 697328 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-06-04 08:40 . 2010-06-04 08:40 -------- d-----w- c:\programdata\DAEMON Tools Pro 2010-06-02 19:28 . 2010-03-08 20:44 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2010-06-02 19:28 . 2010-03-08 20:44 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2010-05-27 07:24 . 2010-06-09 09:27 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49 . 2010-06-09 09:27 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 13:14 . 2010-02-27 17:43 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-21 05:18 . 2010-06-09 10:48 977920 ----a-w- c:\windows\system32\wininet.dll 2010-05-09 09:14 . 2010-06-23 11:52 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-05-09 09:14 . 2010-06-23 11:52 417792 ----a-w- c:\windows\system32\msdri.dll 2010-05-05 16:12 . 2010-02-27 19:37 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-05-05 16:12 . 2010-02-27 19:37 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-05-01 14:49 . 2010-06-09 09:40 2326528 ----a-w- c:\windows\system32\win32k.sys 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840] [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}] [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}] [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}] 2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432] [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432] [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\Liz\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-25 136176] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-04 697328] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 WatcherService;WatcherService;c:\program files\Converter\WatcherService.exe [2008-09-04 16384] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472] R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1812512] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383659457-3569163513-4250823581-1002Core.job - c:\users\Liz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 08:34] 2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383659457-3569163513-4250823581-1002UA.job - c:\users\Liz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 08:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.myheritage.com mStart Page = hxxp://search.myheritage.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab . - - - - ORPHANS REMOVED - - - - BHO-{6BFBC258-01EC-4d21-9E73-085E2F73EFDD} - c:\program files\Cashback Alerter\CA.dll HKLM-RunOnce-<NO NAME> - (no file) AddRemove-Cashback Alerter - c:\program files\Cashback Alerter\uninstall.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-07-27 11:55:07 ComboFix-quarantined-files.txt 2010-07-27 10:55 Pre-Run: 15,214,579,712 bytes free Post-Run: 18,640,953,344 bytes free - - End Of File - - 0D23513D5B80448E1F53AD6EA633B7BD The problem has not gone away before I ran Combo-fix. It seems to affect any shopping site. Cheers, Dazzac
  8. dazzac1965
    Sure no probs, Im away for a few days so I'll post the report as soon as I sort it out - might be a while. Although the problem seems to have gone??! Dazzac
  9. dazzac1965
    - No not tried it again
  10. dazzac1965
    Hi Starbuck, That is the full report. Combofix crashed during running. Windows gave me an error saying it had stopped working & had to re-boot PC. On restart, it booted into safe mode & promted me to restore from last restore point. Dazzac
  11. dazzac1965
    Hi Starbuck, OTL report: Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Registry entries deleted on Reboot... Combofix report to follow shortly.
  12. dazzac1965
    OTL Report: ========== Processes (SafeList) ========== PRC - C:\Users\Liz\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Liz\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Opera\opera.exe (Opera Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Converter\WatcherService.exe (Ata alla zangenh madar) PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Liz\My Documents\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (WatcherService) -- C:\Program Files\Converter\WatcherService.exe (Ata alla zangenh madar) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek Semiconductor Corporation ) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "MDKTagged Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2562131&SearchSource=3&q={searchTerms}" FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {5d3caffe-04f1-4a3c-9012-d76f9467dbf0}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/07 13:23:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/02/27 20:36:23 | 000,000,000 | ---D | M] [2010/04/14 20:39:49 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Mozilla\Extensions [2010/05/18 13:50:00 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\2i3cdl6c.default\extensions [2010/04/21 12:50:10 | 000,000,000 | ---D | M] (MDKTagged Toolbar) -- C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\2i3cdl6c.default\extensions\{5d3caffe-04f1-4a3c-9012-d76f9467dbf0} [2010/05/18 13:48:13 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\2i3cdl6c.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010/04/21 12:53:22 | 000,000,921 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\2i3cdl6c.default\searchplugins\conduit.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll () O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (SWWBHO) - {6BFBC258-01EC-4d21-9E73-085E2F73EFDD} - C:\Program Files\Cashback Alerter\CA.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll () O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010/07/03 20:47:40 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\Malwarebytes [2010/07/03 19:21:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/07/03 19:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/07/03 19:20:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/07/03 19:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/06/26 22:03:30 | 000,000,000 | ---D | C] -- C:\f1807a55de47a6d282b8 [2010/06/24 11:33:30 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\SUPERAntiSpyware.com [2010/06/23 22:34:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010/06/23 22:34:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010/06/23 22:34:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010/06/23 19:55:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010/06/23 19:54:57 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010/06/23 19:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010/06/23 12:52:22 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010/06/23 12:52:10 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010/06/23 12:52:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010/06/23 12:52:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010/06/09 11:48:46 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010/06/09 11:48:37 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/06/09 11:48:31 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010/06/09 11:48:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/06/09 10:40:55 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010/06/09 10:39:09 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010/06/09 10:27:08 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010/06/09 10:27:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll ========== Files - Modified Within 30 Days ========== [2010/07/05 14:21:35 | 002,621,440 | -HS- | M] () -- C:\Users\Liz\NTUSER.DAT [2010/07/05 14:01:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3383659457-3569163513-4250823581-1002UA.job [2010/07/05 08:36:00 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/05 08:36:00 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/05 08:27:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/05 08:27:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/05 08:27:01 | 1558,794,240 | -HS- | M] () -- C:\hiberfil.sys [2010/07/04 21:05:00 | 001,338,852 | -H-- | M] () -- C:\Users\Liz\AppData\Local\IconCache.db [2010/07/04 20:01:02 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3383659457-3569163513-4250823581-1002Core.job [2010/07/03 19:22:59 | 000,001,007 | ---- | M] () -- C:\Users\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2010/07/03 19:22:20 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/02 15:57:56 | 000,730,320 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/07/02 15:57:56 | 000,631,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/07/02 15:57:56 | 000,111,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/07/01 09:04:24 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/27 09:38:13 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010/06/23 19:54:56 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010/06/22 20:37:42 | 000,005,120 | ---- | M] () -- C:\Users\Liz\Documents\CF3 0JD to Kirkcudbright.axe [2010/06/12 16:52:57 | 000,284,160 | ---- | M] () -- C:\Users\Liz\Documents\2010SHIFT PATTERN.xls [2010/06/09 19:07:00 | 000,415,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2010/07/03 19:22:40 | 000,001,007 | ---- | C] () -- C:\Users\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2010/07/03 19:22:00 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/06/27 09:38:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010/06/22 20:37:42 | 000,005,120 | ---- | C] () -- C:\Users\Liz\Documents\CF3 0JD to Kirkcudbright.axe [2010/06/04 09:41:57 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010/02/27 18:33:35 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll [2009/09/28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007/01/25 22:11:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll ========== LOP Check ========== [2010/04/05 16:48:28 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\AnvSoft [2010/04/14 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\CashbackAlerter [2010/06/04 09:52:07 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DAEMON Tools Pro [2010/03/29 16:03:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ImTOO Software Studio [2010/02/28 22:10:47 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\MyHeritage [2010/02/27 18:33:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Opera [2010/02/27 18:33:35 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\The Complete Genealogy Reporter - FTB [2010/07/02 15:53:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\UseNeXT [2010/04/19 21:07:45 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\uTorrent [2010/06/27 09:38:13 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2010/06/04 12:26:29 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2008/04/14 06:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\RECYCLER\S-1-5-21-57989841-117609710-1606980848-1003\Dc13\Backup\Driver Backup 1-4-2010-182534\Primary IDE Channel\atapi.sys [2008/04/14 06:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\RECYCLER\S-1-5-21-57989841-117609710-1606980848-1003\Dc13\Backup\Driver Backup 1-4-2010-182534\Secondary IDE Channel\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010/06/04 09:41:57 | 000,697,328 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C5CE2DF6 < End of report > Both reports listed - no prompts given after scans Cheers, Dazzac
  13. dazzac1965
    OTL "Extras" report: Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Add to Converter List] -- "C:\Program Files\Converter\Converter.exe" "%L" (Full Multimedia) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53 "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter "{6131E662-D675-46F1-AECD-DD8ED067759C}_is1" = Converter "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400 "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX "{9B3F9AD8-E6BC-40FA-BEF7-324D167B8889}" = PC Sync Manager "{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010 "{A182077A-8D6B-4194-B48A-B4DC37C69907}" = RealSpeak Solo for UK English Emily "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3 "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007 "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Any Video Converter_is1" = Any Video Converter 3.0.4 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 4.9.0.0 "Cashback Alerter" = Cashback Alerter "ENTERPRISE" = Microsoft Office Enterprise 2007 "Family Tree Builder" = MyHeritage Family Tree Builder "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010 "Jewel Quest Mysteries Trail of the Midnight Heart 1.00" = Jewel Quest Mysteries Trail of the Midnight Heart 1.00 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "OpenAL" = OpenAL "outlookEMLandMSGconverter_is1" = outlookEMLandMSGconverter 3.1 "Shop for HP Supplies" = Shop for HP Supplies "UseNeXT_is1" = UseNeXT "uTorrent" = µTorrent "VLC media player" = VLC media player 1.0.1 "Warzone 2100" = Warzone 2100 "Warzone2100" = Warzone2100 "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 26/06/2010 15:02:13 | Computer Name = Liz-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.1.7600.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 690 Start Time: 01cb14f792f6bcf4 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE Report Id: 03ad8394-8155-11df-81a5-0003254324bc Error - 27/06/2010 06:17:31 | Computer Name = Liz-PC | Source = Microsoft Office 12 | ID = 2000 Description = Accepted Safe Mode action : Microsoft Office Outlook. Error - 27/06/2010 10:01:15 | Computer Name = Liz-PC | Source = Google Update | ID = 20 Description = Error - 27/06/2010 10:52:25 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621 Description = Error - 28/06/2010 16:17:00 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621 Description = Error - 01/07/2010 15:56:43 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621 Description = Error - 04/07/2010 04:45:21 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621 Description = Error - 04/07/2010 05:01:06 | Computer Name = Liz-PC | Source = Google Update | ID = 20 Description = Error - 04/07/2010 16:01:10 | Computer Name = Liz-PC | Source = Google Update | ID = 20 Description = Error - 04/07/2010 16:05:03 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621 Description = [ Media Center Events ] Error - 03/04/2010 14:01:14 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 19:01:14 - Error connecting to the internet. 19:01:14 - Unable to contact server.. Error - 03/04/2010 14:01:38 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 19:01:29 - Error connecting to the internet. 19:01:29 - Unable to contact server.. Error - 03/04/2010 15:15:09 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 20:13:59 - Error connecting to the internet. 20:13:59 - Unable to contact server.. Error - 03/04/2010 16:01:58 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 20:17:12 - Error connecting to the internet. 20:17:13 - Unable to contact server.. Error - 04/04/2010 13:31:40 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 18:25:44 - Error connecting to the internet. 18:25:45 - Unable to contact server.. Error - 04/04/2010 14:21:22 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 18:43:26 - Error connecting to the internet. 18:43:26 - Unable to contact server.. Error - 04/04/2010 15:30:41 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 20:29:25 - Error connecting to the internet. 20:29:25 - Unable to contact server.. Error - 04/04/2010 15:49:17 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 20:33:57 - Error connecting to the internet. 20:33:57 - Unable to contact server.. Error - 04/07/2010 04:56:15 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 09:56:15 - Error connecting to the internet. 09:56:15 - Unable to contact server.. Error - 04/07/2010 04:56:39 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 09:56:21 - Error connecting to the internet. 09:56:21 - Unable to contact server.. [ System Events ] Error - 03/07/2010 12:06:29 | Computer Name = Liz-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service. Error - 03/07/2010 12:06:59 | Computer Name = Liz-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service. Error - 03/07/2010 12:07:36 | Computer Name = Liz-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 03/07/2010 14:35:51 | Computer Name = Liz-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 19:34:47 on ?03/?07/?2010 was unexpected. Error - 03/07/2010 16:43:36 | Computer Name = Liz-PC | Source = DCOM | ID = 10010 Description = Error - 04/07/2010 04:47:23 | Computer Name = Liz-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 09:45:03 on ?04/?07/?2010 was unexpected. Error - 04/07/2010 11:16:05 | Computer Name = Liz-PC | Source = DCOM | ID = 10010 Description = Error - 04/07/2010 16:05:02 | Computer Name = Liz-PC | Source = DCOM | ID = 10010 Description = Error - 05/07/2010 06:41:47 | Computer Name = Liz-PC | Source = ACPI | ID = 327693 Description = : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error - 05/07/2010 08:50:23 | Computer Name = Liz-PC | Source = ACPI | ID = 327693 Description = : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. < End of report >
  14. dazzac1965
    Hi Starbuck, Here's the first report: Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4275 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 05/07/2010 12:39:18 mbam-log-2010-07-05 (12-39-18).txt Scan type: Full scan (C:\|) Objects scanned: 235424 Time elapsed: 2 hour(s), 0 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) As you can see, nothing found. I'm now going to try your 2nd option wilth OTL. Will post results shortly. Thanks, Dazzac
  15. dazzac1965
    Hi Starbuck, Thanks for the advice, I do have superAntispyware installed. I have scanned using this, & it found 3 suspect items. I have quarrantined them & provided no problems with my PC, I will delete them. My problem still Exists so I'm going to install & scan using your reccomended software. I'll post results when done. Dazzac
×
×
  • Create New...