1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows 7 and laptop problems in general all in the last 5 days

Discussion in 'Windows 7' started by jodete13, Jan 22, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. jodete13

    jodete13 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    10
    hi all,
    new to the forum but glad to have found it. :)

    truely sorry if this has been posted in the wrong section before i begin.

    I have been having numerous problems with my Fujitsu Siemens Amilo Pi2512 for the last 5 days, just one thing after another and I cant get to the bottom of it.

    First things first- about 5 days ago I was on my laptop doing what i usually do; MSN, emails, general net surfing etc when my laptop suddenly froze up and everything went from slowly responding to not responding to slowly responding to everything again. i checked for viruses etc nothing came up so turned it all off and left it for the evening thinking it was just a blip.
    the next day i turned the laptop on i got a Security Alert before windows had even finished loading telling me i was about to view pages over a secure connection etc with the buttons 'OK' and 'More Help'...i clicked more help and was taken to the Help and Support pages telling me all about IE...only i dont use IE- i removed it using the add or remove windows features when i upgraded to Windows 7 back in the summer cos i prefered firefox. couldnt find anything on the net so just carried on as usual.
    the next day my laptop took 20 minutes to get past the 'Fujitsu Seimens Computers' page where you can press F2 for setup etc...it just hung...then when i eventually logged in it showed the security alert again and i also started getting bubbles on the toolbar telling me that i should consider replacing my battery and later in the evening i blue screened! i looked at the event log and it showed error event 41 (critical) for the blue screen and i also noticed lots of 'disk errors' error event 11 'Detected an error on the controller'.

    I've since been looking on the internet trying to find solutions for everything.
    the battery i just took as genuinely coming to the end of its natural life.
    i then found a thread on this site called 'solved:security alert when starting computer'which i followed and that helped to remove the security alert on start up but doesnt explain why it just started happening ( i also use kaspersky which when i looked yday hadnt been updated for 80 days!! so much for auto updates...) so i still dont know what was causing it and am now worried that someone has hacked into my laptop and can now see everything im doing :S
    the start up screen problem i tried looking in my bios and found that it was trying to boot from first the cd drive which just happened to have a cd in it and then one of my external hard drives so i changed this so my internal hard drive booted first but still it hangs for now 10 minutes.

    The last updates i supposidely had was on the 13th January, way before any of this started happening. i use windows 7 ultimate 32-bit, kaspersky internet security 2011.
    in the last week i have had 2 critical events, 93 error events and 36 warning events.

    Am i right in thinking that my laptop is on its way out? or is there a way to save it?

    Sorry for the long post but thanks in advance for any help given.
    :)
     
  2. Rich-M

    Rich-M

    Joined:
    May 3, 2006
    Messages:
    22,443
  3. jodete13

    jodete13 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    10
    thanks for your help :)here is the log

    I had a message saying :
    'For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this....' and so on...hope that hasnt affected the log :s


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:12:19, on 22/01/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\plugin-container.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://www.measureup.com/testauth/icaweb.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 6555 bytes
     
  4. Rich-M

    Rich-M

    Joined:
    May 3, 2006
    Messages:
    22,443
    I don't see anything but lets ask for help.
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
  6. jodete13

    jodete13 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    10
    dds.txt


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Jodie at 10:36:56.43 on 23/01/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2038.1094 [GMT 0:00]

    AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\igfxtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Jodie\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uLocal Page =
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
    DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://www.measureup.com/testauth/icaweb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\jodie\appdata\roaming\mozilla\firefox\profiles\tq01ph5w.default\
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\abhelperxpcom.dll
    FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\kavlinkfilter.dll
    FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\jodie\appdata\roaming\mozilla\firefox\profiles\tq01ph5w.default\extensions\[email protected]\plugins\npImgCtl.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
    FF - Ext: Anti-Banner: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
    FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Ancestry.com Advanced Image Viewer: [email protected] - %profile%\extensions\[email protected]

    ============= SERVICES / DRIVERS ===============

    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-1 352976]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-28 1343400]

    =============== Created Last 30 ================

    2011-01-22 20:05:11 388096 ----a-r- c:\users\jodie\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-22 20:05:11 -------- d-----w- c:\program files\Trend Micro
    2011-01-15 20:57:09 32768 ----a-w- c:\windows\system32\f3PSSavr.scr
    2011-01-15 20:57:09 -------- d-----w- c:\program files\FunWebProducts
    2011-01-15 20:57:07 -------- d-----w- c:\program files\MyWebSearch
    2011-01-12 18:53:01 573440 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-12 18:53:00 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2011-01-12 18:53:00 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2011-01-12 18:53:00 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2011-01-12 18:53:00 208896 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2011-01-09 21:53:30 -------- d-----w- c:\program files\Amazon
    2011-01-04 20:32:38 -------- d-----w- c:\program files\iPod

    ==================== Find3M ====================

    2010-12-01 07:53:14 384016 ----a-w- c:\windows\system32\FTBSaver.scr
    2010-11-12 18:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-02 04:41:36 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2010-11-02 04:41:36 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2010-11-02 04:41:36 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
    2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 04:36:16 801792 ----a-w- c:\windows\system32\FntCache.dll
    2010-11-02 04:35:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2010-11-02 04:35:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
    2010-11-02 04:35:34 739840 ----a-w- c:\windows\system32\d2d1.dll
    2010-11-02 04:35:34 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2010-11-02 04:35:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-11-02 04:23:44 107520 ----a-w- c:\windows\system32\cdd.dll
    2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll

    ============= FINISH: 10:38:28.92 ===============

    Attach.txt is attached as a ZIP

    thanks again for your help here people
     

    Attached Files:

  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    even though I can't see any obvious malware there, the symptoms do suggest a rootkit problem, especially something stopping Kaspersky updating for over 2 months


    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds & then reboot

    post back with its log
     
  8. jodete13

    jodete13 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    10
    2011/01/23 14:48:30.0496 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
    2011/01/23 14:48:30.0497 ================================================================================
    2011/01/23 14:48:30.0497 SystemInfo:
    2011/01/23 14:48:30.0497
    2011/01/23 14:48:30.0497 OS Version: 6.1.7600 ServicePack: 0.0
    2011/01/23 14:48:30.0497 Product type: Workstation
    2011/01/23 14:48:30.0497 ComputerName: JODIE-PC
    2011/01/23 14:48:30.0499 UserName: Jodie
    2011/01/23 14:48:30.0499 Windows directory: C:\Windows
    2011/01/23 14:48:30.0499 System windows directory: C:\Windows
    2011/01/23 14:48:30.0499 Processor architecture: Intel x86
    2011/01/23 14:48:30.0499 Number of processors: 2
    2011/01/23 14:48:30.0499 Page size: 0x1000
    2011/01/23 14:48:30.0499 Boot type: Normal boot
    2011/01/23 14:48:30.0499 ================================================================================
    2011/01/23 14:48:45.0050 Initialize success
    2011/01/23 14:48:51.0020 ================================================================================
    2011/01/23 14:48:51.0020 Scan started
    2011/01/23 14:48:51.0021 Mode: Manual;
    2011/01/23 14:48:51.0021 ================================================================================
    2011/01/23 14:48:57.0086 ================================================================================
    2011/01/23 14:48:57.0086 Scan finished
    2011/01/23 14:48:57.0086 ================================================================================


    Most strange activity today, loaded super quick on first start up this morning thought it might have righted itself so i restarted just out of curiousity but no.....took 10 mins again on restart.:(
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    I have no idea then
     
  10. jodete13

    jodete13 Thread Starter

    Joined:
    Jan 22, 2011
    Messages:
    10
    ok
    thanks for all your help anyway...will just have to keep an eye on things i guess
    thanks again :)
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    perhaps someone else can come up with ideas
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/976243

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice