Computeractive - Home computing advice in plain English

 

 Simple clear advice in plain English

Search

Search computeractive.co.uk

Go Back   Forums > Readers to the Rescue > Security
Register Search Today's Posts Mark Forums Read

Closed Thread
 
Thread Tools Display Modes
  #61  
Old 27-08-2011, 19:09
storeyarmer storeyarmer is offline
Forum Member
 
Join Date: Apr 2009
Posts: 310
Default

Hi Waddler, hope the footie went well?...

When the laptop rebooted (i lost remote connection) and after the windows splash screen, a dialogue box read the network path was not found, then error creating log file, and the note pad document was blank so im told ... when it rains it pours seemingly ..

i understand if this is a lost cause, but im good to stick with it, if you have any other ideas

smiles
S
  #62  
Old 28-08-2011, 08:10
waddler8's Avatar
waddler8 waddler8 is offline
Senior Member
 
Join Date: Aug 2008
Posts: 3,168
Default

The footy went very well, thanks. As did the after match beers last night.

There'll be a folder on the C: drive now named _OTL. We can take a look in there. There will be the logs and any moved files in folders named by the date/time OTL was run.

  • Right click SystemLook.exe and choose "Run as Administrator" to run it.
  • Copy the content of the following codebox into the main textfield (Don't include code:)

    Code:
    :dir
    C:\_otl /s
  • Click the Look button to start the scan.
  • When it's finished, notepad will open with the results of the scan. Post this log in your next reply.

The log can also be found on your Desktop entitled SystemLook.txt
  #63  
Old 28-08-2011, 12:48
storeyarmer storeyarmer is offline
Forum Member
 
Join Date: Apr 2009
Posts: 310
Default

Hope you won waddler

im not good at making my own luck ....


SystemLook 30.07.11 by jpshortstuff
Log created at 12:47 on 28/08/2011 by Nick
Administrator - Elevation successful
========== dir ==========
C:\_otl - Unable to find folder.
-= EOF =-

smiles
S


Quote:
Originally Posted by waddler8 View Post
The footy went very well, thanks. As did the after match beers last night.

There'll be a folder on the C: drive now named _OTL. We can take a look in there. There will be the logs and any moved files in folders named by the date/time OTL was run.

  • Right click SystemLook.exe and choose "Run as Administrator" to run it.
  • Copy the content of the following codebox into the main textfield (Don't include code

    Code:
    :dir
    C:\_otl /s
  • Click the Look button to start the scan.
  • When it's finished, notepad will open with the results of the scan. Post this log in your next reply.
The log can also be found on your Desktop entitled SystemLook.txt

Last edited by storeyarmer; 28-08-2011 at 12:49. Reason: spelling
  #64  
Old 28-08-2011, 12:58
waddler8's Avatar
waddler8 waddler8 is offline
Senior Member
 
Join Date: Aug 2008
Posts: 3,168
Default

Re-run DDS and post both DDS.txt & Attach.txt for me.
  #65  
Old 28-08-2011, 13:04
storeyarmer storeyarmer is offline
Forum Member
 
Join Date: Apr 2009
Posts: 310
Default

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-28 13:01:34
-----------------------------
13:01:34.946 OS Version: Windows x64 6.1.7600
13:01:34.946 Number of processors: 4 586 0x2505
13:01:34.946 ComputerName: CLONELAPTOP UserName: Nick
13:01:37.021 Initialize success
13:02:22.253 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:02:22.253 Disk 0 Vendor: WDC_WD3200BEKT-75PVMT0 01.01A01 Size: 305245MB BusType: 11
13:02:24.296 Disk 0 MBR read successfully
13:02:24.296 Disk 0 MBR scan
13:02:24.296 Disk 0 Windows 7 default MBR code
13:02:24.296 Service scanning
13:02:25.529 Modules scanning
13:02:25.529 Disk 0 trace - called modules:
13:02:25.544 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:02:25.544 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007730060]
13:02:25.544 3 CLASSPNP.SYS[fffff880018f543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007150680]
13:02:25.544 Scan finished successfully
13:03:10.909 Disk 0 MBR has been saved successfully to "\\PE-SBS\RedirectedFolders\nick\Desktop\MBR.dat"
13:03:10.925 The log file has been saved successfully to "\\PE-SBS\RedirectedFolders\nick\Desktop\aswMBR-28.08.11.txt"
  #66  
Old 28-08-2011, 13:10
waddler8's Avatar
waddler8 waddler8 is offline
Senior Member
 
Join Date: Aug 2008
Posts: 3,168
Default

  #67  
Old 28-08-2011, 13:20
storeyarmer storeyarmer is offline
Forum Member
 
Join Date: Apr 2009
Posts: 310
Default

you beat me to it, was going to delete that sorrieee

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Nick at 13:16:29 on 2011-08-28
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.7990.5716 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Kaseya\Agent\CRCLTD76529186720359\AgentMon.e xe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
Q:\140062.enu\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Kaseya\Agent\CRCLTD76529186720359\KaUsrTsk.e xe
C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files (x86)\Sharp\Sharpdesk\FTPServer.exe
C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\nick\AppData\Local\Temp\TeamViewer\Versio n6\TeamViewer.exe
c:\users\nick\appdata\local\temp\teamviewer\versio n6\TeamViewer_Desktop.exe
C:\Users\nick\AppData\Local\Temp\TeamViewer\Versio n6\tv_w32.exe
C:\Users\nick\AppData\Local\Temp\TeamViewer\Versio n6\tv_x64.exe
C:\WINDOWS\notepad.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
  #68  
Old 28-08-2011, 13:22
storeyarmer storeyarmer is offline
Forum Member
 
Join Date: Apr 2009
Posts: 310
Default

============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [KASHCRCLTD76529186720359] "C:\Program Files (x86)\Kaseya\Agent\CRCLTD76529186720359\KaUsrTsk.e xe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SharpTray.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe"
mRun: [<NO NAME>]
mRun: [FtpServer.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe" -usedefault
mRun: [IndexTray.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe" /n
StartupFolder: \\pe-sbs\redirectedfolders\nick\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: bravosolution.co.uk\etenderwales
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/UK/TechConsole/x86/RescueControl.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8D050486-3F11-4FC1-8D99-96EDF7E6ABE3} : DhcpNameServer = 192.168.52.2
TCP: Interfaces\{B12BD265-FCE4-4681-BD36-DDAB1940D319} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B12BD265-FCE4-4681-BD36-DDAB1940D319}\055464D2140513 : DhcpNameServer = 192.168.52.2
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [KASHCRCLTD76529186720359] "C:\Program Files (x86)\Kaseya\Agent\CRCLTD76529186720359\KaUsrTsk.e xe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SharpTray.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe"
mRun-x64: [(Default)]
mRun-x64: [FtpServer.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe" -usedefault
mRun-x64: [IndexTray.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe" /n
  #69  
Old 28-08-2011, 13:24
storeyarmer storeyarmer is offline
Forum Member
 
Join Date: Apr 2009
Posts: 310
Default

================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Prof iles\k2xhwoy7.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Prof iles\k2xhwoy7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 KACRCLTD76529186720359;Circle IT Kaseya Agent;C:\Program Files (x86)\Kaseya\Agent\CRCLTD76529186720359\AgentMon.e xe [2011-5-11 835584]
R2 psqlCE;Pervasive PSQL Client Engine;C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2009-11-17 435488]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R3 KAPFA;KAPFA;\??\C:\Windows\system32\drivers\KAPFA. SYS --> C:\Windows\system32\drivers\KAPFA.SYS [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sy s --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftpla ylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftr edirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh .sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-16 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-14 1153368]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-16 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-27 09:12:49 -------- d-----w- C:\Program Files (x86)\Panda Security
2011-08-27 09:10:31 -------- d-----w- C:\Users\nick\AppData\Roaming\QuickScan
2011-08-27 08:55:31 -------- d-----w- C:\Program Files (x86)\ESET
2011-08-25 19:05:23 -------- d-----r- C:\Program Files (x86)\Skype
2011-08-25 13:32:07 251392 ----a-w- C:\hijackthis_sfx.exe
2011-08-25 13:23:44 -------- d-----w- C:\Program Files (x86)\RealVNC
2011-08-24 06:41:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 06:41:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-22 07:17:45 -------- d-----w- C:\Users\nick\AppData\Local\Adobe
2011-08-22 07:05:55 388096 ----a-r- C:\Users\nick\AppData\Roaming\Microsoft\Installer\ {45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-22 07:05:55 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-08-22 06:46:48 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-08-16 15:55:18 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-16 06:20:32 4892320 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-08-15 10:28:48 -------- d-----w- C:\Users\nick\AppData\Roaming\SUPERAntiSpyware.com
2011-08-15 10:28:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-08-15 10:28:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-08-14 17:40:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-08-14 17:40:41 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-08-13 19:07:49 -------- d-----w- C:\ProgramData\STOPzilla!
2011-08-13 12:27:13 70144 --sha-r- C:\Windows\SysWow64\eapp3hstg.dll
2011-08-12 06:52:10 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{70C258E3-D807-46D0-B890-DE167AA37AEF}\mpengine.dll
2011-08-11 10:48:48 -------- d-----w- C:\ProgramData\Sharpdesk
2011-08-11 07:35:43 -------- d-----w- C:\Users\nick\AppData\Roaming\Sharpdesk
2011-08-11 07:35:04 27648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\crprproc.dl l
2011-08-11 07:34:45 -------- d-----w- C:\Users\nick\AppData\Roaming\Nuance
2011-08-11 07:31:52 -------- d-----w- C:\ProgramData\Sharp
2011-08-11 07:31:52 -------- d-----w- C:\Program Files (x86)\Sharp
2011-08-11 07:31:52 -------- d-----w- C:\Program Files (x86)\Common Files\Sharp Shared
2011-08-11 05:40:53 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-11 05:40:53 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-11 05:40:52 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-08-05 06:21:54 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2011-08-05 06:21:53 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
.
==================== Find3M ====================
.
2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-06 18:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-06-17 06:45:13 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:17:14.97 ===============
  #70  
Old 28-08-2011, 13:25
storeyarmer storeyarmer is offline
Forum Member
 
Join Date: Apr 2009
Posts: 310
Default

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 18/03/2011 12:16:51
System Uptime: 28/08/2011 12:34:04 (1 hours ago)
.
Motherboard: Dell Inc. | | 09M4GV
Processor: Intel(R) Core(TM) i5 CPU M 580 @ 2.67GHz | CPU 1 | 2506/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 159.774 GiB free.
D: is CDROM ()
P: is NetworkDisk (CSC-CACHE) - 286 GiB total, 159.774 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\SMO8800\1
Manufacturer:
Name:
PNP Device ID: ACPI\SMO8800\1
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: DesignJet 500+HPGL2 (C7770B)
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: DesignJet 500+HPGL2 (C7770B)
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: DesignJet 500PS+HPGL2 (C7770C)
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: DesignJet 500PS+HPGL2 (C7770C)
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
6500_E709_eDocs
6500_E709_Help
6500_E709n
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Click to Call with Skype
Destinations
DeviceDiscovery
DocMgr
DocProc
ESET Online Scanner v3
Exchequer Workstation Setup
Fax
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
HiJackThis
HijackThis 1.99.1
HP Update
HPProductAssistant
HPSSupply
Java 2 Runtime Environment, SE v1.4.2_19
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Mozilla Firefox 6.0 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Pervasive PSQL v10 SP3 Client (32-bit)
ProductContext
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Sharpdesk
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VNC Enterprise Edition E4.5.1
WebReg
.
==== Event Viewer Messages From Past Week ========
.
28/08/2011 12:43:29, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
28/08/2011 12:36:28, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
28/08/2011 12:35:48, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
28/08/2011 12:34:27, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv szkg5
28/08/2011 12:34:20, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
28/08/2011 12:34:20, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain peterevans due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
27/08/2011 18:58:48, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
27/08/2011 10:13:43, Error: Service Control Manager [7000] - The RkPavproc1 service failed to start due to the following error: This driver has been blocked from loading
27/08/2011 10:13:43, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
25/08/2011 14:23:46, Error: Service Control Manager [7030] - The VNC Server Version 4 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
24/08/2011 07:33:14, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/08/2011 07:33:14, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/08/2011 07:33:14, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/08/2011 07:33:14, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/08/2011 07:33:14, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/08/2011 07:33:14, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/08/2011 07:33:14, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/08/2011 07:33:14, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/08/2011 07:33:14, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/08/2011 07:33:14, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/08/2011 07:33:14, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
24/08/2011 07:33:14, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/08/2011 07:59:25, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT +1. The time now is 01:13.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
© Copyright Dennis Publishing Limited licensed by Felden