Member Avatar for Ice4fire

for the last two weeks, around 7pm uk time, my net goes offline. I live in a shared house,, we share the net. my pc is hardwired to the router. Now the net goes offline for anything from 30 mins to a couple of hours.. no one else seems to be having the problem. My ps3 will connect if i plug the cable into it, my phone will connect to the network wirlessly... and oddly, i tried today to connect my pc with a wireless adapter and it connected but hardwired it wont. So i think, i got a virus.. i run norton, its clean, i run, spy bot and malware bytes, it comes up clean.. so im at a loss...?

The only noticible thing i would say ive noticed, was java tried to update itself recently.. and since ive had these problems, ive not let it..

also.. norton picks up a cookie., and even though i clean it, and do no further surfing, if i run norton again, it picks up a cookie...

please help? the downtime is really getting at me..

  • 2 Contributors
  • 23 Replies
  • 157 Views
  • 2 Weeks Discussion Span
  • Latest Post Latest Post by Ice4fire

Recommended Answers

All 23 Replies

Member Avatar for crunchie

Hi. Follow the instructions found here and post the logs please.

Member Avatar for Ice4fire

Hi. Follow the instructions found here and post the logs please.

Hi thanks for your reply. That looks like a lot of work so i'll try as soon as I get home from work and post the results.

I appreciate this :)

Member Avatar for Ice4fire

ok i ran all of the scans but the 2nd GMER scan kept crashing my pc. I even had the blue screen of death

here are the logs

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
28/04/2010 22:06:12
mbam-log-2010-04-28 (22-06-12).txt
Scan type: Quick scan
Objects scanned: 104043
Time elapsed: 5 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86
Run by Tony at 22:30:58.51 on 28/04/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3326.2236 [GMT 1:00]
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
C:\Windows\system32\HidService.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tony\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://news.bbc.co.uk/1/hi/wales/default.stm
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [FujiKeyboard] c:\acer\preload\autorun\drv\fuji keyboard\ABoard.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eRecoveryService]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia extreme\backup & recorder\uBBMonitor.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-4 310320]
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-4-2 96512]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-4 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-4 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100422.002\IDSvix86.sys [2010-4-27 343088]
R2 ETService;Empowering Technology Service;c:\program files\packard bell\packard bell recovery management\service\ETService.exe [2009-4-2 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-4 117640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-6-28 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]
R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2009-6-14 759050]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-4 48688]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2009-6-7 140416]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-21 30192]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-14 651264]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-3-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-3-19 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
=============== Created Last 30 ================
2010-04-28 20:54:05 236866687 ----a-w- c:\windows\MEMORY.DMP
2010-04-17 19:50:48 0 d-----w- c:\program files\NVIDIA Corporation
2010-04-17 19:47:05 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-17 19:47:05 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-17 19:47:05 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-17 19:47:01 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-17 19:44:39 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-10 13:42:21 0 d-----w- c:\programdata\DivX
2010-03-31 01:58:24 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
==================== Find3M ====================
2010-04-28 20:58:23 79344 ----a-w- c:\programdata\nvModes.dat
2010-04-17 19:50:21 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-17 19:50:20 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-17 19:50:20 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-29 23:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 16:28:40 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01:47 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-05 21:30:03 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-02-20 23:39:35 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-18 14:11:41 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-03-21 06:26:53 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 22:31:16.35 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 02/04/2009 21:19:36
System Uptime: 28/04/2010 21:57:42 (1 hours ago)
Motherboard: Packard Bell BV | | PBGL00
Processor: AMD Phenom(tm) 9650 Quad-Core Processor | AM2 | 1150/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 582 GiB total, 195.204 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP375: 01/04/2010 03:09:38 - Scheduled Checkpoint
RP376: 02/04/2010 07:41:19 - Scheduled Checkpoint
RP377: 03/04/2010 02:08:50 - Scheduled Checkpoint
RP378: 04/04/2010 04:06:35 - Scheduled Checkpoint
RP379: 04/04/2010 18:29:34 - Scheduled Checkpoint
RP380: 06/04/2010 02:01:46 - Scheduled Checkpoint
RP381: 10/04/2010 04:09:25 - Scheduled Checkpoint
RP382: 10/04/2010 22:58:08 - Scheduled Checkpoint
RP383: 14/04/2010 10:41:38 - Scheduled Checkpoint
RP384: 15/04/2010 01:17:41 - Scheduled Checkpoint
RP385: 16/04/2010 07:51:41 - Scheduled Checkpoint
RP386: 17/04/2010 00:54:57 - Scheduled Checkpoint
RP387: 17/04/2010 20:48:18 - Windows Update
RP388: 19/04/2010 00:23:19 - Scheduled Checkpoint
RP389: 19/04/2010 23:30:12 - Scheduled Checkpoint
RP390: 21/04/2010 01:48:33 - Scheduled Checkpoint
RP391: 23/04/2010 11:37:56 - Scheduled Checkpoint
RP392: 24/04/2010 00:00:06 - Scheduled Checkpoint
RP393: 25/04/2010 11:05:03 - Scheduled Checkpoint
RP394: 25/04/2010 23:05:47 - Scheduled Checkpoint
RP395: 27/04/2010 21:19:35 - Restore Operation
RP396: 27/04/2010 22:13:33 - Norton 360 Registry Clean
==== Installed Programs ======================
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
ArcSoft TotalMedia Extreme
ATI Catalyst Install Manager
AutoUpdate
Belkin Wireless USB Adapter Setup
CCleaner
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.0.0.1
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam NX Ultra Driver (1.00.06.0919)
Creative WebCam NX Ultra User's Guide (English)
DiRT
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
EasyBits Magic Desktop
Fiesta
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
G-Force
Google Desktop
Google Toolbar for Internet Explorer
HDReg
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IsoBuster 2.2
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
Malwarebytes' Anti-Malware
MetaBoli
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft Works 9.0 SE
Modem Blaster
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Ultra Edition
neroxml
Nokia Connectivity Cable Driver
Nokia Ovi Application Installer
Nokia Ovi Application Installer 6.85.3011
Nokia Ovi Content Copier
Nokia Ovi Content Copier 6.85.3011
Nokia Ovi Player
Nokia Ovi Suite
Nokia Ovi System Utilities
Nokia Ovi System Utilities 6.85.3018
Nokia_Multimedia_Common_Components_2_5
Norton 360
Norton Internet Security
NVIDIA Drivers
Packard Bell ImageWriter
Packard Bell Recovery Management
Packard Bell Updator
PC Connectivity Solution
PunkBuster Services
PVSonyDll
Realtek High Definition Audio Driver
RocketDock 1.3.5
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Setup My PC
Spybot - Search & Destroy
Tom Clancy's H.A.W.X
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
VC80CRTRedist - 8.0.50727.4053
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinPcap 4.0.2
WinRAR archiver
==== Event Viewer Messages From Past Week ========
28/04/2010 21:58:03, Error: EventLog [6008] - The previous system shutdown at 21:56:01 on 28/04/2010 was unexpected.
28/04/2010 21:54:06, Error: EventLog [6008] - The previous system shutdown at 21:52:26 on 28/04/2010 was unexpected.
28/04/2010 21:48:30, Error: EventLog [6008] - The previous system shutdown at 21:45:44 on 28/04/2010 was unexpected.
28/04/2010 21:44:50, Error: EventLog [6008] - The previous system shutdown at 21:42:43 on 28/04/2010 was unexpected.
28/04/2010 21:38:49, Error: EventLog [6008] - The previous system shutdown at 21:36:57 on 28/04/2010 was unexpected.
28/04/2010 21:32:07, Error: EventLog [6008] - The previous system shutdown at 21:27:47 on 28/04/2010 was unexpected.
27/04/2010 21:30:25, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
24/04/2010 04:51:21, Error: EventLog [6008] - The previous system shutdown at 04:47:00 on 24/04/2010 was unexpected.
22/04/2010 14:57:40, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
21/04/2010 23:22:22, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 0022684B7E08 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================

Member Avatar for crunchie

Can you please update MBA-M as requestion in the instructions, then do another run with it. Post the log when done.

==

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your Desktop.
  • Copy and paste that information in your next post.
Member Avatar for Ice4fire

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

29/04/2010 20:14:34
mbam-log-2010-04-29 (20-14-34).txt

Scan type: Quick scan
Objects scanned: 120194
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I have the online scanner going right now, but its at 2 hours 38 and no sign of completing anytime soon, i will post the log when its finished, probably be tommorro at the time its taking.. thanks for your help so far.. :)

Member Avatar for Ice4fire

its at 2:46 14% into the scan, seems awfull slow.. trouble is, its picked up 2 infected files, im presuming the same 2 files the other scan found? but at this speed, i dont expect it to finish for a very long time.. i wont turn it off though.

Member Avatar for Ice4fire

2:54 and still at 14% i will leave it overnight, but i didnt expect it to take this long.. Does this mean my norton is rubbish?

Member Avatar for Ice4fire

3.30 mins and still 14% its not crashed, its just so slow.. shall i continue?

Member Avatar for Ice4fire

4:16 its at 17% isnt this a bit long? I know it said to be patient but this seems to be too slow?

Member Avatar for crunchie

As long as it is still progressing, I would let it finish.
Have you disabled Norton during the scan? I have never had a high opinion of Norton (& am not on my Pat Malone there) & will never use it again. Saying that though, opinions of the latest version are quite high.

Member Avatar for Ice4fire

As long as it is still progressing, I would let it finish.
Have you disabled Norton during the scan? I have never had a high opinion of Norton (& am not on my Pat Malone there) & will never use it again. Saying that though, opinions of the latest version are quite high.

Thanks for your patience and help, the scan took 13 hours in total.. a bit trying to say the least. Ok, i hope the scan logs will do the trick if i got them right...? Btw, i will be changing my virus protection to kaspery asap. the only reason i was able to get online was because i shut down everything in system process tab... I noticed this had something to do with java, and i tried to uninstall it, but couldnt find a way of doing that... hopefully you can help me...

What i did find intresting was how it cut me off the net.. when a few days ago i could get a connection via wireless adaptor, now it wouldnt even allow that.. as if like the borg from star trek, it was adapting itself to my connection method.. anyway, im praying this will be the end, and you can save me..

Friday, April 30, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, April 30, 2010 05:26:37
Records in database: 4007668


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics
Objects scanned 176649
Threats found 2
Infected objects found 2
Suspicious objects found 0
Scan duration 13:49:34

File name Threat Threats count
C:\Users\Tony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\6619ec9e-2a3c5493 Infected: Trojan-Downloader.Java.Agent.cd 1

C:\Users\Tony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\6619ec9e-2a3c5493 Infected: Trojan-Downloader.Java.OpenStream.al 1

Selected area has been scanned.

..........

alwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

30/04/2010 22:24:46
mbam-log-2010-04-30 (22-24-46).txt

Scan type: Quick scan
Objects scanned: 119734
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Member Avatar for crunchie

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====

Has there been any change in your pc?

Member Avatar for Ice4fire

Thankyou crunchie, ive installed the new java, and so far, the net hasnt gone offline. I thankyou for your help, its really appreciated. I guess this is goodbye unless the net does go offline.. Thanks again

Ice4fire

Member Avatar for crunchie

No worries. Keep us posted.

Member Avatar for Ice4fire

Unfortunatly, the net went off at approx 11pm last night and only just came back on now, 1300pm this aft. When it went off last night, i tried ending all the processes, that didnt work, and i also did a another mb scan, that came back with zero infection. I am at a loss again.

Member Avatar for crunchie

Try this;

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Member Avatar for Ice4fire

What is a HJT log? sorry for being dim

Member Avatar for Ice4fire

Ok, thanks crunchie for your ongoing help.. Ive done the two things, and prey, fingers crossed that this has worked. Of course, if it hasnt, i will no doubt lose my net at some point this evening.

The reports ( wish i could understand this stuff :(

ComboFix 10-05-01.04 - Tony 02/05/2010 20:01:17.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3326.2364 [GMT 1:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-108454599-3902016986-173505368-500
c:\$recycle.bin\S-1-5-21-1196053948-38401185-1687238093-500
c:\users\Tony\AppData\Roaming\inst.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Install.cmd

.
((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-02 19:08 . 2010-05-02 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-02 15:22 . 2010-02-03 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100502.005\NAVENG.SYS
2010-05-02 15:22 . 2010-02-03 09:00 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100502.005\NAVEX15.SYS
2010-05-02 15:22 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100502.005\CCERASER.DLL
2010-05-02 15:22 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100502.005\ECMSVR32.DLL
2010-05-02 15:22 . 2009-08-26 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100502.005\EECTRL.SYS
2010-05-02 15:22 . 2009-08-26 08:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100502.005\ERASER.SYS
2010-05-02 15:22 . 2009-08-25 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100502.005\NAVENG32.DLL
2010-05-02 15:22 . 2009-08-25 08:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100502.005\NAVEX32A.DLL
2010-05-01 20:31 . 2010-05-01 20:31 -------- d-----w- c:\program files\Sun
2010-05-01 20:31 . 2010-05-01 20:30 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-27 21:31 . 2010-04-29 18:55 6153648 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-26 23:39 . 2010-02-10 20:19 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\Scxpx86.dll
2010-04-26 23:39 . 2010-02-10 20:19 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSxpx86.dll
2010-04-26 23:39 . 2010-02-10 20:19 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSviA64.sys
2010-04-26 23:39 . 2010-02-10 20:19 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSvix86.sys
2010-04-26 23:39 . 2010-02-10 20:19 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100422.002\IDSXpx86.sys
2010-04-26 20:31 . 2010-02-12 17:41 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-04-17 19:50 . 2010-04-29 18:58 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-17 19:47 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-17 19:47 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-17 19:47 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-17 19:47 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-17 19:47 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-17 19:47 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-10 13:44 . 2010-04-10 13:44 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-10 13:43 . 2010-04-10 13:43 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-10 13:43 . 2010-04-10 13:43 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-04-10 13:42 . 2010-04-10 13:44 -------- d-----w- c:\programdata\DivX
2010-04-03 21:55 . 2010-04-03 21:55 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 21:55 . 2010-04-03 21:55 4503144 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-04-03 21:55 . 2010-04-03 21:55 4029544 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 21:55 . 2010-04-03 21:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 21:55 . 2010-04-03 21:55 227944 ----a-w- c:\windows\system32\nvcod1914.dll
2010-04-03 21:55 . 2010-04-03 21:55 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 21:55 . 2010-04-03 21:55 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 21:55 . 2010-04-03 21:55 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2010-04-03 21:55 . 2010-04-03 21:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-03 21:55 . 2010-04-03 21:55 11573800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-04-03 17:27 . 2010-04-03 17:27 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 17:27 . 2010-04-03 17:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:27 . 2010-04-03 17:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 17:27 . 2010-04-03 17:27 110696 ----a-w- c:\windows\system32\nvmctray.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 18:42 . 2009-11-28 09:16 79349 ----a-w- c:\programdata\nvModes.dat
2010-05-01 23:41 . 2009-05-28 23:31 -------- d-----w- c:\users\Tony\AppData\Roaming\Vso
2010-05-01 20:30 . 2009-06-08 19:15 -------- d-----w- c:\program files\Java
2010-05-01 20:15 . 2009-06-28 09:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-29 19:06 . 2009-06-28 09:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 18:59 . 2009-04-02 20:21 -------- d-----w- c:\programdata\NVIDIA
2010-04-29 11:19 . 2009-06-28 09:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 11:19 . 2009-06-28 09:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 19:44 . 2009-05-28 11:54 -------- d-----w- c:\program files\BitComet
2010-04-27 20:22 . 2009-03-21 07:23 -------- d-----w- c:\program files\Microsoft Works
2010-04-17 19:59 . 2009-05-27 21:10 71616 ----a-w- c:\users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-17 19:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-17 19:54 . 2009-03-21 07:21 -------- d-----w- c:\programdata\Microsoft Help
2010-04-10 13:48 . 2009-05-29 01:25 -------- d-----w- c:\users\Tony\AppData\Roaming\DivX
2010-04-10 13:43 . 2009-05-28 23:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-10 13:42 . 2010-04-10 13:44 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-10 13:42 . 2010-04-10 13:44 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-03 21:55 . 2010-04-03 21:55 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-04-03 21:55 . 2009-09-27 23:12 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-03 21:55 . 2009-04-02 20:18 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-04-03 21:55 . 2009-03-21 13:55 9386600 ----a-w- c:\windows\system32\nvd3dum.dll
2010-04-03 21:55 . 2009-03-21 13:55 1296488 ----a-w- c:\windows\system32\nvapi.dll
2010-03-12 17:23 . 2010-03-12 17:23 -------- d-----w- c:\program files\Common Files\Java
2010-03-09 16:28 . 2010-04-17 19:46 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-04-17 19:46 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-04-17 19:46 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-05 21:30 . 2009-05-27 21:05 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-02-20 23:39 . 2010-03-13 17:25 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-13 17:25 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-13 17:25 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-18 14:49 . 2010-04-17 19:46 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:11 . 2010-04-17 19:46 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:52 . 2010-04-17 19:46 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-16 11:38 . 2010-02-16 11:38 36030 ----a-w- c:\windows\inf\Ovi Player\0009\tmpDF77.tmp
2010-02-16 11:38 . 2010-02-16 11:38 36030 ----a-w- c:\windows\inf\Ovi Player\0000\tmpDF77.tmp
2010-02-16 11:38 . 2010-02-16 11:38 1657 ----a-w- c:\windows\inf\Ovi Player\tmpDF87.tmp
2010-02-10 20:19 . 2010-03-26 15:14 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\Scxpx86.dll
2010-02-10 20:19 . 2010-03-26 15:14 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSxpx86.dll
2010-02-10 20:19 . 2010-03-26 15:14 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSvix86.sys
2010-02-10 20:19 . 2010-03-26 15:14 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSviA64.sys
2010-02-10 20:19 . 2010-03-26 15:14 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSXpx86.sys
2010-02-10 20:19 . 2010-02-13 00:45 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2010-02-10 20:19 . 2010-02-13 00:45 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2010-02-10 20:19 . 2010-02-13 00:45 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2010-02-10 20:19 . 2010-02-13 00:45 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2010-02-10 20:19 . 2010-02-13 00:45 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-27 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"FujiKeyboard"="c:\acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe" [2008-09-18 79416]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-11 30192]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2009-4-2 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\DRIVERS\rt2500usb.sys [2003-10-14 140416]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-11 30192]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-09-26 651264]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 XDva273;XDva273;c:\windows\system32\XDva273.sys [x]
R3 XDva280;XDva280;c:\windows\system32\XDva280.sys [x]
R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]
R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [x]
R3 XDva344;XDva344;c:\windows\system32\XDva344.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2008-06-27 96512]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100422.002\IDSvix86.sys [2010-02-10 343088]
S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\DRIVERS\P1120Vid.sys [2003-09-19 759050]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/1/hi/wales/default.stm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 20:08
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-02 20:10:44
ComboFix-quarantined-files.txt 2010-05-02 19:10

Pre-Run: 207,320,035,328 bytes free
Post-Run: 207,336,493,056 bytes free

- - End Of File - - 1AD72E0B6E38A00761010DBEE74023EB

..........

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:13:10, on 02/05/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/1/hi/wales/default.stm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0409&m=imedia_a5518_uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [FujiKeyboard] c:\Acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: TotalMedia BackUp & Recorder Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - C:\Windows\SYSTEM32\HidService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9659 bytes

Member Avatar for Ice4fire

Its now 1.32am.. and the net hasnt gone off yet.. maybe you cracked it for me? Touch wood, dont wanna jinx myself here

Member Avatar for Ice4fire

the net hasnt gone offline tonight either crunchie.. what did you do to solve this?

Member Avatar for crunchie

I've been dancing around my campfire all night howling at the moon :D.

Nah, I'm only being serious :).

Combofix does some magic by itself and it's creator can take all the credit.

Let's get rid of Combofix now that we are finished with it.


  • Click START then RUN
  • Now type Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

==

Let us know if you have further problems.

Member Avatar for Ice4fire

Hi crunchie, apologies for not replying a hell of a lot sooner. I fell ill for almost a week, and anytime i wasnt in work, the net was down, the same problem you have been helping me with is still there. Can you possibly try to tell me where to go from here?

Member Avatar for Ice4fire

I have tried to uninstall the combo fix but it says cannot find.. i assure you i hadnt deleted it..

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.