dazzac1965 Posted June 24, 2010 Posted June 24, 2010 (edited) Hi, Can someone shed some light on this problem. I use cashback site for on-line shoping, but recently I get this site when I follow the required link: hxxp://www.awin1.com (replace "xx" with "tt" to get the site address but proceed with extreme caution). I have "Googled" this site, & I get the feeling it way be a bit suspect or seen to be a bit suspect. (possible phishing or malware etc site) I use mainly Opera browser but sometimes IE8 & Firefox. All 3 browsers give me this message using windows 7. If I use an old Laptop with Windows XP I get no problem. When Opera blocks it, I get a question mark in the address bar, when I click on that I get a window asking/telling me that the site is unsafe & I should perform fraud check I do this, but then it tells me to report the site for either Malware or fraud. I can't understand why I've got this issue as I have used cashback sites after I upgraded to Windows 7. There is a link to another site called "netcraft phishtank" I have a simular problem when I use IE 8 & Firefox This would tell me that Either Windows is blocking the site or I have a Virus/keylogger ETC on my PC? - but I have scanned with Kaspersky & Ad-aware with no viruses/malware ETC found! I have also been recieving some suspect E-mails off Banks that ask me to follow links to confirm details - YEAH RIGHT! particularly as I don't bank with them! Not sure if it is releated, if it is then that brings me back to the fact I may mave malware or virus ETC on PC - very frustrating! Sorry for the long winded message. Dazzac1965 Edited June 27, 2010 by Goku Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
Goku Posted June 27, 2010 Posted June 27, 2010 Hello Dazzac. Based on your symptoms, I am almost certain that this is a Malware related issue. Therefore I am moving it to the Malware removal Forums just in case. Our experts will be with you shortly so please be patient. :) -- Goku Quote
dazzac1965 Posted July 1, 2010 Author Posted July 1, 2010 Hello Dazzac. Based on your symptoms, I am almost certain that this is a Malware related issue. Therefore I am moving it to the Malware removal Forums just in case. Our experts will be with you shortly so please be patient. :) -- Goku Hi Goku, Thanks for doing this I'll keep a look out for answers. Dazzac;) Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
ExTS Admin Starbuck Posted July 2, 2010 ExTS Admin Posted July 2, 2010 (edited) Hi dazzac, Cardiff? ... just along the motorway from me. You don't say if you have MalwareBytes AntiMalware installed... i'll assume not and give you full instructions. Step 1 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab:Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Note: If you already have MBAM installed, please update it and run a scan. Step 2 Download OTL to your desktop. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in the codebox below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: MBAM scan report Both reports from OTL (if they are too big to post, please add them as attachments) Thanks. Edited July 2, 2010 by Starbuck Quote Member of:UNITE
dazzac1965 Posted July 3, 2010 Author Posted July 3, 2010 Hi Starbuck, Thanks for the advice, I do have superAntispyware installed. I have scanned using this, & it found 3 suspect items. I have quarrantined them & provided no problems with my PC, I will delete them. My problem still Exists so I'm going to install & scan using your reccomended software. I'll post results when done. Dazzac Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
ExTS Admin Starbuck Posted July 3, 2010 ExTS Admin Posted July 3, 2010 Ok, thanks dazzac, i'll wait for the reports. Quote Member of:UNITE
dazzac1965 Posted July 5, 2010 Author Posted July 5, 2010 Ok, thanks dazzac, i'll wait for the reports. Hi Starbuck, Here's the first report: Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4275 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 05/07/2010 12:39:18 mbam-log-2010-07-05 (12-39-18).txt Scan type: Full scan (C:\|) Objects scanned: 235424 Time elapsed: 2 hour(s), 0 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) As you can see, nothing found. I'm now going to try your 2nd option wilth OTL. Will post results shortly. Thanks, Dazzac Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
ExTS Admin Starbuck Posted July 5, 2010 ExTS Admin Posted July 5, 2010 Ok, thanks dazzac, The OTL reports will be a lot more detailed. Quote Member of:UNITE
dazzac1965 Posted July 5, 2010 Author Posted July 5, 2010 Ok, thanks dazzac, The OTL reports will be a lot more detailed. OTL "Extras" report: Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Add to Converter List] -- "C:\Program Files\Converter\Converter.exe" "%L" (Full Multimedia) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53 "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter "{6131E662-D675-46F1-AECD-DD8ED067759C}_is1" = Converter "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400 "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX "{9B3F9AD8-E6BC-40FA-BEF7-324D167B8889}" = PC Sync Manager "{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010 "{A182077A-8D6B-4194-B48A-B4DC37C69907}" = RealSpeak Solo for UK English Emily "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3 "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007 "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Any Video Converter_is1" = Any Video Converter 3.0.4 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 4.9.0.0 "Cashback Alerter" = Cashback Alerter "ENTERPRISE" = Microsoft Office Enterprise 2007 "Family Tree Builder" = MyHeritage Family Tree Builder "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010 "Jewel Quest Mysteries Trail of the Midnight Heart 1.00" = Jewel Quest Mysteries Trail of the Midnight Heart 1.00 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "OpenAL" = OpenAL "outlookEMLandMSGconverter_is1" = outlookEMLandMSGconverter 3.1 "Shop for HP Supplies" = Shop for HP Supplies "UseNeXT_is1" = UseNeXT "uTorrent" = µTorrent "VLC media player" = VLC media player 1.0.1 "Warzone 2100" = Warzone 2100 "Warzone2100" = Warzone2100 "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 26/06/2010 15:02:13 | Computer Name = Liz-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.1.7600.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 690 Start Time: 01cb14f792f6bcf4 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE Report Id: 03ad8394-8155-11df-81a5-0003254324bc Error - 27/06/2010 06:17:31 | Computer Name = Liz-PC | Source = Microsoft Office 12 | ID = 2000 Description = Accepted Safe Mode action : Microsoft Office Outlook. Error - 27/06/2010 10:01:15 | Computer Name = Liz-PC | Source = Google Update | ID = 20 Description = Error - 27/06/2010 10:52:25 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621 Description = Error - 28/06/2010 16:17:00 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621 Description = Error - 01/07/2010 15:56:43 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621 Description = Error - 04/07/2010 04:45:21 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621 Description = Error - 04/07/2010 05:01:06 | Computer Name = Liz-PC | Source = Google Update | ID = 20 Description = Error - 04/07/2010 16:01:10 | Computer Name = Liz-PC | Source = Google Update | ID = 20 Description = Error - 04/07/2010 16:05:03 | Computer Name = Liz-PC | Source = EventSystem | ID = 4621 Description = [ Media Center Events ] Error - 03/04/2010 14:01:14 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 19:01:14 - Error connecting to the internet. 19:01:14 - Unable to contact server.. Error - 03/04/2010 14:01:38 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 19:01:29 - Error connecting to the internet. 19:01:29 - Unable to contact server.. Error - 03/04/2010 15:15:09 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 20:13:59 - Error connecting to the internet. 20:13:59 - Unable to contact server.. Error - 03/04/2010 16:01:58 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 20:17:12 - Error connecting to the internet. 20:17:13 - Unable to contact server.. Error - 04/04/2010 13:31:40 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 18:25:44 - Error connecting to the internet. 18:25:45 - Unable to contact server.. Error - 04/04/2010 14:21:22 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 18:43:26 - Error connecting to the internet. 18:43:26 - Unable to contact server.. Error - 04/04/2010 15:30:41 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 20:29:25 - Error connecting to the internet. 20:29:25 - Unable to contact server.. Error - 04/04/2010 15:49:17 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 20:33:57 - Error connecting to the internet. 20:33:57 - Unable to contact server.. Error - 04/07/2010 04:56:15 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 09:56:15 - Error connecting to the internet. 09:56:15 - Unable to contact server.. Error - 04/07/2010 04:56:39 | Computer Name = Liz-PC | Source = MCUpdate | ID = 0 Description = 09:56:21 - Error connecting to the internet. 09:56:21 - Unable to contact server.. [ System Events ] Error - 03/07/2010 12:06:29 | Computer Name = Liz-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service. Error - 03/07/2010 12:06:59 | Computer Name = Liz-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service. Error - 03/07/2010 12:07:36 | Computer Name = Liz-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 03/07/2010 14:35:51 | Computer Name = Liz-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 19:34:47 on ?03/?07/?2010 was unexpected. Error - 03/07/2010 16:43:36 | Computer Name = Liz-PC | Source = DCOM | ID = 10010 Description = Error - 04/07/2010 04:47:23 | Computer Name = Liz-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 09:45:03 on ?04/?07/?2010 was unexpected. Error - 04/07/2010 11:16:05 | Computer Name = Liz-PC | Source = DCOM | ID = 10010 Description = Error - 04/07/2010 16:05:02 | Computer Name = Liz-PC | Source = DCOM | ID = 10010 Description = Error - 05/07/2010 06:41:47 | Computer Name = Liz-PC | Source = ACPI | ID = 327693 Description = : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error - 05/07/2010 08:50:23 | Computer Name = Liz-PC | Source = ACPI | ID = 327693 Description = : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. < End of report > Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
dazzac1965 Posted July 5, 2010 Author Posted July 5, 2010 (edited) OTL Report: ========== Processes (SafeList) ========== PRC - C:\Users\Liz\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Liz\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Opera\opera.exe (Opera Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Converter\WatcherService.exe (Ata alla zangenh madar) PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Liz\My Documents\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (WatcherService) -- C:\Program Files\Converter\WatcherService.exe (Ata alla zangenh madar) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek Semiconductor Corporation ) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "MDKTagged Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2562131&SearchSource=3&q={searchTerms}" FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {5d3caffe-04f1-4a3c-9012-d76f9467dbf0}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/07 13:23:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/02/27 20:36:23 | 000,000,000 | ---D | M] [2010/04/14 20:39:49 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Mozilla\Extensions [2010/05/18 13:50:00 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\2i3cdl6c.default\extensions [2010/04/21 12:50:10 | 000,000,000 | ---D | M] (MDKTagged Toolbar) -- C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\2i3cdl6c.default\extensions\{5d3caffe-04f1-4a3c-9012-d76f9467dbf0} [2010/05/18 13:48:13 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\2i3cdl6c.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010/04/21 12:53:22 | 000,000,921 | ---- | M] () -- C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\2i3cdl6c.default\searchplugins\conduit.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll () O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (SWWBHO) - {6BFBC258-01EC-4d21-9E73-085E2F73EFDD} - C:\Program Files\Cashback Alerter\CA.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll () O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010/07/03 20:47:40 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\Malwarebytes [2010/07/03 19:21:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/07/03 19:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/07/03 19:20:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/07/03 19:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/06/26 22:03:30 | 000,000,000 | ---D | C] -- C:\f1807a55de47a6d282b8 [2010/06/24 11:33:30 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\SUPERAntiSpyware.com [2010/06/23 22:34:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010/06/23 22:34:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010/06/23 22:34:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010/06/23 19:55:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010/06/23 19:54:57 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010/06/23 19:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010/06/23 12:52:22 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010/06/23 12:52:10 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010/06/23 12:52:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010/06/23 12:52:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010/06/09 11:48:46 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010/06/09 11:48:37 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/06/09 11:48:31 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010/06/09 11:48:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/06/09 10:40:55 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010/06/09 10:39:09 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010/06/09 10:27:08 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010/06/09 10:27:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll ========== Files - Modified Within 30 Days ========== [2010/07/05 14:21:35 | 002,621,440 | -HS- | M] () -- C:\Users\Liz\NTUSER.DAT [2010/07/05 14:01:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3383659457-3569163513-4250823581-1002UA.job [2010/07/05 08:36:00 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/05 08:36:00 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/05 08:27:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/05 08:27:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/05 08:27:01 | 1558,794,240 | -HS- | M] () -- C:\hiberfil.sys [2010/07/04 21:05:00 | 001,338,852 | -H-- | M] () -- C:\Users\Liz\AppData\Local\IconCache.db [2010/07/04 20:01:02 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3383659457-3569163513-4250823581-1002Core.job [2010/07/03 19:22:59 | 000,001,007 | ---- | M] () -- C:\Users\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2010/07/03 19:22:20 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/02 15:57:56 | 000,730,320 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/07/02 15:57:56 | 000,631,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/07/02 15:57:56 | 000,111,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/07/01 09:04:24 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/27 09:38:13 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010/06/23 19:54:56 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010/06/22 20:37:42 | 000,005,120 | ---- | M] () -- C:\Users\Liz\Documents\CF3 0JD to Kirkcudbright.axe [2010/06/12 16:52:57 | 000,284,160 | ---- | M] () -- C:\Users\Liz\Documents\2010SHIFT PATTERN.xls [2010/06/09 19:07:00 | 000,415,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2010/07/03 19:22:40 | 000,001,007 | ---- | C] () -- C:\Users\Liz\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2010/07/03 19:22:00 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/06/27 09:38:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010/06/22 20:37:42 | 000,005,120 | ---- | C] () -- C:\Users\Liz\Documents\CF3 0JD to Kirkcudbright.axe [2010/06/04 09:41:57 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010/02/27 18:33:35 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll [2009/09/28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007/01/25 22:11:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll ========== LOP Check ========== [2010/04/05 16:48:28 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\AnvSoft [2010/04/14 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\CashbackAlerter [2010/06/04 09:52:07 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\DAEMON Tools Pro [2010/03/29 16:03:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ImTOO Software Studio [2010/02/28 22:10:47 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\MyHeritage [2010/02/27 18:33:01 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Opera [2010/02/27 18:33:35 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\The Complete Genealogy Reporter - FTB [2010/07/02 15:53:05 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\UseNeXT [2010/04/19 21:07:45 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\uTorrent [2010/06/27 09:38:13 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2010/06/04 12:26:29 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2008/04/14 06:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\RECYCLER\S-1-5-21-57989841-117609710-1606980848-1003\Dc13\Backup\Driver Backup 1-4-2010-182534\Primary IDE Channel\atapi.sys [2008/04/14 06:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\RECYCLER\S-1-5-21-57989841-117609710-1606980848-1003\Dc13\Backup\Driver Backup 1-4-2010-182534\Secondary IDE Channel\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010/06/04 09:41:57 | 000,697,328 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C5CE2DF6 < End of report > Both reports listed - no prompts given after scans Cheers, Dazzac Edited July 5, 2010 by dazzac1965 Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
ExTS Admin Starbuck Posted July 5, 2010 ExTS Admin Posted July 5, 2010 Hi dazzac, There's nothing actually bad showing in the reports, but there are some entries that are 'open to debate': We'll run a small fix and then take a closer look: These entries.... O2 - BHO: (SWWBHO) - {6BFBC258-01EC-4d21-9E73-085E2F73EFDD} - C:\Program Files\Cashback Alerter\CA.dll File not found O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll () relate to: MyHeritage.com Family / Celebrity Toolbar - a Softomate/Besttoolbars Toolbar variant - Softomate customizes toolbars to customers needs. The dll files for their toolbars can contain some spyware/adware functionality, although not all of the toolbars use this. Your choice. i've added the 1st one to the fix because part of the BHO is missing, so it won't work properly anyway. Step 1 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (SWWBHO) - {6BFBC258-01EC-4d21-9E73-085E2F73EFDD} - C:\Program Files\Cashback Alerter\CA.dll File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C5CE2DF6 :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista, you may not see this screen Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. In your next reply, please submit: Otl fix report Combofix.txt Thanks. Quote Member of:UNITE
dazzac1965 Posted July 6, 2010 Author Posted July 6, 2010 Hi Starbuck, OTL report: Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Registry entries deleted on Reboot... Combofix report to follow shortly. Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
ExTS Admin Starbuck Posted July 6, 2010 ExTS Admin Posted July 6, 2010 Hi dazzac, Can you take a look here: C:\_OTL\MovedFiles and see if the OTL fix report is there, if so please post the whole report. Thanks. Quote Member of:UNITE
dazzac1965 Posted July 7, 2010 Author Posted July 7, 2010 Hi Starbuck, That is the full report. Combofix crashed during running. Windows gave me an error saying it had stopped working & had to re-boot PC. On restart, it booted into safe mode & promted me to restore from last restore point. Dazzac Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
ExTS Admin Starbuck Posted July 7, 2010 ExTS Admin Posted July 7, 2010 Hi dazzac, Combofix crashed during running. Windows gave me an error saying it had stopped working & had to re-boot PC. There could be a number of reasons for this. Can you remember at what point did Combofix crash? Can you remember the 'stage n/o'? Was combofix at the stage of preparing the report? Were you running any other programs? Did you click on the screen at any time once the program was running? Had you stopped your resident Anti Virus? Have you tried running it again since the problem? ... if not try running it in Safe mode. ( i see you have Daemon Tools running, this has been known to cause problems in the past) Quote Member of:UNITE
dazzac1965 Posted July 8, 2010 Author Posted July 8, 2010 Hi dazzac, There could be a number of reasons for this. Can you remember at what point did Combofix crash? - Near the end of the green bar (loading??) Can you remember the 'stage n/o'? - No stage No. displayed. Was combofix at the stage of preparing the report? - No Were you running any other programs? - No Did you click on the screen at any time once the program was running? - Don't think so Had you stopped your resident Anti Virus? - Yes Have you tried running it again since the problem? ... if not try running it in Safe mode. ( i see you have Daemon Tools running, this has been known to cause problems in the past) - No not tried it again Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
ExTS Admin Starbuck Posted July 8, 2010 ExTS Admin Posted July 8, 2010 No not tried it again Ok, please try running Combofix in safe mode then. Quote Member of:UNITE
dazzac1965 Posted July 14, 2010 Author Posted July 14, 2010 Ok, please try running Combofix in safe mode then. Sure no probs, Im away for a few days so I'll post the report as soon as I sort it out - might be a while. Although the problem seems to have gone??! Dazzac Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
ExTS Admin Starbuck Posted July 14, 2010 ExTS Admin Posted July 14, 2010 Hi Dazzac, I'll post the report as soon as I sort it out - might be a while. No problem at all. Although the problem seems to have gone It may well be ok now, the CF scan is a double check just to make sure. Best to be safe than sorry. :) Quote Member of:UNITE
dazzac1965 Posted July 27, 2010 Author Posted July 27, 2010 Hi Starbuck, Here is Combofix report - run in safe mode. ((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 ))))))))))))))))))))))))))))))) . 2010-07-27 10:44 . 2010-07-27 10:44 -------- d-----w- C:\32788R22FWJFW 2010-07-13 15:33 . 2010-07-13 15:33 -------- d-----w- c:\users\Liz\AppData\Roaming\Template 2010-07-06 08:01 . 2010-07-06 08:01 -------- d-----w- C:\_OTL 2010-07-03 19:47 . 2010-07-03 19:47 -------- d-----w- c:\users\Liz\AppData\Roaming\Malwarebytes 2010-07-03 18:21 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-03 18:20 . 2010-07-03 18:20 -------- d-----w- c:\programdata\Malwarebytes 2010-07-03 18:20 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-03 18:20 . 2010-07-03 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-27 09:06 . 2010-02-27 19:35 -------- d-----w- c:\programdata\Kaspersky Lab 2010-07-25 16:41 . 2010-02-27 19:27 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2010-07-25 16:40 . 2010-05-19 09:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2010-07-25 16:40 . 2010-04-05 15:29 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2010-07-18 14:25 . 2010-02-27 19:31 -------- d-----w- c:\users\Liz\AppData\Roaming\UseNeXT 2010-07-14 10:52 . 2010-02-27 17:32 -------- d-----w- c:\program files\Opera 2010-07-13 16:03 . 2010-07-13 15:24 102 ----a-w- c:\users\Liz\AppData\Roaming\wklnhst.dat 2010-07-13 15:24 . 2010-02-27 17:09 111680 ----a-w- c:\users\Liz\AppData\Local\GDIPFONTCACHEV1.DAT 2010-07-13 15:19 . 2010-02-27 18:34 -------- d-----w- c:\program files\Microsoft Works 2010-07-04 09:57 . 2010-04-05 15:30 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2010-07-04 09:57 . 2010-05-20 17:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2010-07-04 09:57 . 2010-02-27 19:26 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-07-03 18:20 . 2010-06-02 19:27 -------- d-----w- c:\program files\Warzone 2100 2010-06-27 14:48 . 2010-02-27 21:34 -------- d-----w- c:\users\Liz\AppData\Roaming\vlc 2010-06-27 14:47 . 2010-06-23 18:50 -------- d-----w- c:\programdata\Lavasoft 2010-06-27 09:15 . 2010-02-27 18:31 -------- d-----w- c:\program files\Microsoft.NET 2010-06-24 10:34 . 2010-06-24 10:34 63488 ----a-w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-24 10:34 . 2010-06-24 10:34 52224 ----a-w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-06-24 10:34 . 2010-06-24 10:34 117760 ----a-w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-24 10:33 . 2010-06-24 10:33 -------- d-----w- c:\users\Liz\AppData\Roaming\SUPERAntiSpyware.com 2010-06-23 18:54 . 2010-06-23 18:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-15 11:13 . 2010-06-15 11:13 133648 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll 2010-06-15 11:13 . 2010-06-15 11:13 133720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll 2010-06-04 08:52 . 2010-06-04 08:40 -------- d-----w- c:\users\Liz\AppData\Roaming\DAEMON Tools Pro 2010-06-04 08:42 . 2010-06-04 08:40 -------- d-----w- c:\program files\DAEMON Tools Pro 2010-06-04 08:41 . 2010-06-04 08:41 697328 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-06-04 08:40 . 2010-06-04 08:40 -------- d-----w- c:\programdata\DAEMON Tools Pro 2010-06-02 19:28 . 2010-03-08 20:44 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2010-06-02 19:28 . 2010-03-08 20:44 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2010-05-27 07:24 . 2010-06-09 09:27 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 03:49 . 2010-06-09 09:27 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-05-21 13:14 . 2010-02-27 17:43 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-21 05:18 . 2010-06-09 10:48 977920 ----a-w- c:\windows\system32\wininet.dll 2010-05-09 09:14 . 2010-06-23 11:52 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-05-09 09:14 . 2010-06-23 11:52 417792 ----a-w- c:\windows\system32\msdri.dll 2010-05-05 16:12 . 2010-02-27 19:37 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-05-05 16:12 . 2010-02-27 19:37 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-05-01 14:49 . 2010-06-09 09:40 2326528 ----a-w- c:\windows\system32\win32k.sys 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840] [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}] [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}] [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}] 2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432] [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432] [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\Liz\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-25 136176] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-04 697328] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 WatcherService;WatcherService;c:\program files\Converter\WatcherService.exe [2008-09-04 16384] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472] R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1812512] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383659457-3569163513-4250823581-1002Core.job - c:\users\Liz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 08:34] 2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383659457-3569163513-4250823581-1002UA.job - c:\users\Liz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 08:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.myheritage.com mStart Page = hxxp://search.myheritage.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab . - - - - ORPHANS REMOVED - - - - BHO-{6BFBC258-01EC-4d21-9E73-085E2F73EFDD} - c:\program files\Cashback Alerter\CA.dll HKLM-RunOnce-<NO NAME> - (no file) AddRemove-Cashback Alerter - c:\program files\Cashback Alerter\uninstall.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-07-27 11:55:07 ComboFix-quarantined-files.txt 2010-07-27 10:55 Pre-Run: 15,214,579,712 bytes free Post-Run: 18,640,953,344 bytes free - - End Of File - - 0D23513D5B80448E1F53AD6EA633B7BD The problem has not gone away before I ran Combo-fix. It seems to affect any shopping site. Cheers, Dazzac Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
ExTS Admin Starbuck Posted July 27, 2010 ExTS Admin Posted July 27, 2010 Hi dazzac, I've had a bit more time to go over all the reports and posts again. Seems there's nothing to worry about. I use cashback site for on-line shoping, but recently I get this site when I follow the required link: hxxp://www.awin1.com (replace "xx" with "tt" to get the site address but proceed with extreme caution). it's actually a legit marketing site. awin1.com | McAfee SiteAdvisor Software – Website Safety Ratings and Secure Search Affiliate Marketing – Affiliate Window – Affiliate Network Affiliate Marketing – Affiliate Window – Affiliate Network Affiliate Window handle over 750 merchants, ranging from blue-chip brands such as Dixons, Boots and Vodafone, to niche retailers looking to grow their online presence. Affiliate Window is committed to developing market-leading technology to assist the performance of both merchants and publishers. Seems the shopping sites may be using this company for market research purposes. All 3 browsers give me this message using windows 7. If I use an old Laptop with Windows XP I get no problem. Obviously you have something installed on this system which you don't on the other system. What is this program in your uninstall list: MarketResearch I can't find any info on it. There is a link to another site called "netcraft phishtank" Perfectly legit. it's there to actually protect you. Fraud Protection, enabled by default in Opera 10 and later, warns you about suspicious Web pages by checking the page you request against a database of known “phishing” and “malware” Web sites, such as Netcraft, PhishTank and TRUSTe. quote taken from: Opera Web Browser | Security also see here: Netcraft Anti-Phishing Toolbar toolbar.netcraft.com | WOT Reputation Scorecard | WOT Web of Trust I'd say if you do use these shopping sites frequently .... you are going to see these things. Quote Member of:UNITE
dazzac1965 Posted July 27, 2010 Author Posted July 27, 2010 OK That's re-assuring to know. But how do I stop this awin1.com & netcraft fishtank from blocking all access to these sites.? It's just started to block virginmedia.com too which is frustrating as I can't seem to find away round it. Virginmedia is my ISP, so I use it quite often Thanks Dazzac Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
ExTS Admin Starbuck Posted July 27, 2010 ExTS Admin Posted July 27, 2010 Let's find out if it's something that's been added to the browsers. Try running IE and Firefox without any addons and see if the problem still occurs. Internet Explorer: Click on Start >> All Programs >> Accessories >> System Tools >> Internet Explorer (no Add-ons). This opens up IE without ActiveX controls and browser extensions. Firefox: Click on Start >> All Programs >> Mozilla Firefox >> Mozilla Firefox (safe mode) Quote Member of:UNITE
dazzac1965 Posted July 28, 2010 Author Posted July 28, 2010 Let's find out if it's something that's been added to the browsers. Try running IE and Firefox without any addons and see if the problem still occurs. Internet Explorer: Click on Start >> All Programs >> Accessories >> System Tools >> Internet Explorer (no Add-ons). This opens up IE without ActiveX controls and browser extensions. Firefox: Click on Start >> All Programs >> Mozilla Firefox >> Mozilla Firefox (safe mode) OK I've tried IE. Ive followed your instructions & the problem still occurs. I have tried going into Add-ons manager and individually disabling each Add - On. Firefox I do not use that often, but I'll try it any way. I use Opera more - this is my main browser. Thanks again for your help Dazzac Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
dazzac1965 Posted August 7, 2010 Author Posted August 7, 2010 I can't seem to disable add-ons in Opeera any ideas? Tried Firefox & this is OK when I run it off my memory stick with it configured to "private browsing" I.E. won't store cookies & delete history on exit ETC. Dazzac Quote Gateway Laptop MT3107b. Windows 7 Home Basic (XP upgrade),2GB Ram,80GB HDD, ATI Radeon 200m Express graphics. Intel Celeron M processor.DVDRAM burner. 3 USB posts, PC output, built in wireless, 5 in 1 card reader.:D
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.