WiredWX Hobby Weather ToolsLog in

 


descriptionInernet is connected but nothing works EmptyInernet is connected but nothing works

more_horiz
Ok, so the internet seems to be connected, but nothing that requires internet to operate works. MSN Messenger, Skype, Spotify, Chrome, Firefox, etc. etc. If I open Firefox nothing happens at all if i try to enter a web page.

Resetting IP didn't work.

I have uninstalled Norman and at the moment windows firewall is also off.

I perfomed a HijackThis on my computer but got a message saying that I needed to be an administrator for it to access all files. I already am, and trying to run the program as administrator (as the error message said I should) didn't work. Anyways, this it my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:28, on 23.12.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Telenor\Mobilt bredbånd\Mobilt bredbånd.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\mobsync.exe
C:\Users\MisterJ\AppData\Roaming\U3\2242701631C2EF56\LaunchPad.exe
C:\Windows\System32\notepad.exe
U:\winlogon.scr

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Telenor\Mobilt bredbånd\GtDetectSc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Npm\Bin\Zanda.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 2705 bytes

Hope that helps to fix the problem.

Thanks Smile...)

descriptionInernet is connected but nothing works EmptyRe: Inernet is connected but nothing works

more_horiz
Can you post a full log please? half the log is missing there. Smile...

descriptionInernet is connected but nothing works EmptyRe: Inernet is connected but nothing works

more_horiz
Sorry, dunno why that happened. Here Smile...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:01, on 24.12.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Telenor\Mobilt bredbånd\Mobilt bredbånd.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\hp\kbd\kbd.exe
U:\winlogon.scr
C:\Users\MisterJ\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_no&c=84&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_no&c=84&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.3.0.790\HPIEAddOn.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\MisterJ\AppData\Roaming\Mozilla\Firefox\Profiles\6w51p7te.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.69.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\MisterJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Mobilt bredbånd.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\norman\npc\bin\nlf.dll' missing
O13 - Gopher Prefix:
O15 - Trusted Zone: http://pavilion.buttonredirect.hp.com
O15 - Trusted Zone: http://presario.buttonredirect.hp.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Telenor\Mobilt bredbånd\GtDetectSc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Program Files\Norman\Npm\Bin\Zanda.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10606 bytes

descriptionInernet is connected but nothing works EmptyRe: Inernet is connected but nothing works

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionInernet is connected but nothing works EmptyRe: Inernet is connected but nothing works

more_horiz
Thanks, here's my log ^^,

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

24.12.2009 15:53:23
mbam-log-2009-12-24 (15-53-23).txt

Scan type: Quick Scan
Objects scanned: 131019
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 32
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 20
Files Infected: 30

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar\3.11.5.15170 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\MisterJ\AppData\Local\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\MisterJ\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\MisterJ\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

I appreciate your help, and have a merry Christmas Smile...
:smile2:

descriptionInernet is connected but nothing works EmptyRe: Inernet is connected but nothing works

more_horiz
Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.

descriptionInernet is connected but nothing works EmptyRe: Inernet is connected but nothing works

more_horiz
Ehm, I hope that downloading and saving on a memory stick instead of the desktop is fine, as I need the memory stick to transfer the downloaded files from the computer I'm using to the one that's not working (and vice verse).

DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by MisterJ at 0:22:28,25 on 25.12.2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_14
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.47.1033.18.3070.1971 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k nȯne
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Telenor\Mobilt bredbånd\GtDetectSc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Telenor\Mobilt bredbånd\Mobilt bredbånd.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\MisterJ\AppData\Roaming\U3\2242701631C2EF56\LaunchPad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\MisterJ\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.theprizeday.com/today.php
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_no&c=84&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_no&c=84&bd=Pavilion&pf=cndt
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Koblingshjelpeprogram for Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\misterj\appdata\roaming\mozilla\firefox\profiles\6w51p7te.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.69.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Google Update] "c:\users\misterj\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NPCTray] c:\program files\norman\npc\bin\npc_tray.exe /LOAD
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "u:\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mobilt~1.lnk - c:\program files\telenor\mobilt bredbånd\Mobilt bredbånd.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio\PhAutoRun.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\norman\npc\bin\nlf.dll
Trusted Zone: hp.com\pavilion.buttonredirect
Trusted Zone: hp.com\presario.buttonredirect
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\users\misterj\appdata\roaming\mozilla\firefox\profiles\6w51p7te.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\users\misterj\appdata\roaming\mozilla\firefox\profiles\6w51p7te.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\misterj\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 GtDetectSc;GtDetectSc;c:\program files\telenor\mobilt bredbånd\GtDetectSc.exe [2007-12-18 196704]
S2 Norman ZANDA;Norman ZANDA;"c:\program files\norman\npm\bin\zanda.exe" --> c:\program files\norman\npm\bin\Zanda.exe [?]
S3 athrusb6;3Com OfficeConnect Wireless 54Mbps 11g Compact USB Adapter;c:\windows\system32\drivers\athru6.sys [2009-2-26 871936]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2007-11-13 106112]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2007-10-9 59264]
S3 netr73;Gigabyte RT73 Wireless Driver for Vista for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-5-22 20640]

=============== Created Last 30 ================

2009-12-24 14:44:27 0 d-----w- c:\users\misterj\appdata\roaming\Malwarebytes
2009-12-24 14:44:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-24 14:44:20 0 d-----w- c:\programdata\Malwarebytes
2009-12-24 14:44:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-14 16:26:06 0 d-----w- c:\program files\Telenor
2009-12-12 15:48:17 11503 ----a-w- c:\users\misterj\ia_remove.sh5834.tmp
2009-12-12 00:44:12 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 00:44:10 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 00:44:10 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 00:05:08 0 d-----w- c:\programdata\FLEXnet
2009-12-12 00:04:44 0 d-----w- c:\program files\common files\Macrovision Shared
2009-12-12 00:04:12 0 d-----w- c:\programdata\Rosetta Stone
2009-12-11 23:50:57 0 d-----w- c:\users\misterj\appdata\roaming\DAEMON Tools Pro
2009-12-09 23:00:46 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-09 23:00:46 244224 ----a-w- c:\windows\system32\rastls.dll
2009-11-25 18:18:38 0 d-----w- c:\programdata\Real
2009-11-25 02:03:05 2048 ----a-w- c:\windows\system32\tzres.dll

==================== Find3M ====================

2009-12-14 16:26:35 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-14 16:26:35 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-14 16:26:33 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-15 20:57:52 240128 ----a-w- c:\windows\system32\uxtheme.dll
2009-11-15 20:57:51 615424 ----a-w- c:\windows\system32\themeui.dll
2009-11-06 09:59:54 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59:54 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 17:05:36 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05:34 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2008-08-22 02:21:18 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-08 15:50:39 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-04-08 15:50:39 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-04-08 15:50:39 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2008-08-22 02:24:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 0:23:18,18 ===============

Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft®️ Windows Vista™️ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 13.10.2008 20:57:54
System Uptime: 24.12.2009 15:55:28 (9 hours ago)

Motherboard: ECS | | Nettle3
Processor: AMD Phenom(tm) 8550 Triple-Core Processor | Socket AM2 | 2200/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 582 GiB total, 44,934 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1,914 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
M: is FIXED (FAT32) - 112 GiB total, 84,438 GiB free.
P: is CDROM (CDFS)
Q: is CDROM ()
R: is CDROM ()
S: is CDROM ()
T: is CDROM ()
U: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP442: 12.12.2009 01:43:59 - Windows Update
RP443: 12.12.2009 14:02:04 - Removed Norman Security Suite.
RP444: 13.12.2009 15:41:02 - Scheduled Checkpoint
RP445: 14.12.2009 17:25:48 - Installed Mobilt bredbånd
RP446: 16.12.2009 00:00:01 - Scheduled Checkpoint
RP447: 17.12.2009 00:00:02 - Scheduled Checkpoint
RP448: 23.12.2009 18:01:07 - Scheduled Checkpoint
RP449: 24.12.2009 17:09:00 - Scheduled Checkpoint

==== Installed Programs ======================

3Com OfficeConnect Wireless 54Mbps 11g USB Adapter
7-Zip 4.65
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6 - Norsk
AOL Verktygsfält 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
ArmA 2 Uninstall
µTorrent
Bonjour
Camtasia Studio 6
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for 2007 Office
Condition Zero
Counter-Strike 1.6 v32
Counter-Strike: Source v17
CyberLink DVD Suite Deluxe
DAEMON Tools Toolbar
Enhanced Multimedia Keyboard Solution
Express Rip
Fraps
Gigabyte Wireless LAN Card
Golden Records Vinyl to CD Converter
Google Chrome
Half-Life
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP Easy Setup - Frontend
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Update
HPPhotoSmartPhotobookWebPack1
ImagXpress
ImgBurn
iPhone Configuration Utility
iTunes
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 14
Java(TM) SE Runtime Environment 6 Update 1
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help Oppdatering (KB963678)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Powerpoint 2007 Help Oppdatering (KB963669)
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007
Microsoft Office PowerPoint Viewer 2007 (Norwegian (Bokmål))
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Norwegian (Bokmål)) 2007
Microsoft Office Proof (Norwegian (Nynorsk)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Norwegian (Bokmål)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 Help Oppdatering (KB963665)
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Norwegian (Bokmål)) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Mobilt bredbånd
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Nero 8
neroxml
NVIDIA Drivers
Oblivion
OGA Notifier 2.0.0048.0
Opera 9.64
PHOTOfunSTUDIO HD Edition
Pixillion Image Converter
Player
Power2Go
PowerDirector
Prøveversjon av Microsoft Office Home and Student 2007
Prism Video Converter
Prototype(TM)
PSSWCORE
Python 2.5.2
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rosetta Stone Version 3
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shape Collage
Skype web features
Skype™️ 4.1
SoundTap Streaming Audio Recorder
SPORE Creature Creator Trial Edition
Spotify
Steam
Switch Sound File Converter
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
Verktyg för Hårdvarudiagnostik
VideoToolkit01
VistaGlazz 2.0
VLC media player 0.9.9
WavePad Sound Editor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver
World of Warcraft
Yahoo! Software Update
Yahoo! Toolbar

==== End Of File ===========================

descriptionInernet is connected but nothing works EmptyRe: Inernet is connected but nothing works

more_horiz
Hello.

I see that you are running uTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    µTorrent
    Java(TM) 6 Update 14
    Java(TM) SE Runtime Environment 6 Update 1

  • Click on the Uninstall/Change button at the top.


  • Download combofix from here
    Link 1
    Link 2
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:

Inernet is connected but nothing works CF_download_FF

Inernet is connected but nothing works 2aflf5z

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

descriptionInernet is connected but nothing works EmptyRe: Inernet is connected but nothing works

more_horiz
ComboFix 09-12-24.02 - MisterJ 25.12.2009 15:22:13.2.3 - x86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.47.1033.18.3070.1828 [GMT 1:00]
Kjører fra: U:\ComboFix.exe
FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-11-25 til 2009-12-25 )))))))))))))))))))))))))))))))))
.

2009-12-25 14:27 . 2009-12-25 14:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-25 14:27 . 2009-12-25 14:27 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-12-25 14:27 . 2009-12-25 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-25 14:27 . 2009-12-25 14:27 -------- d-----w- c:\users\Annet\AppData\Local\temp
2009-12-25 14:27 . 2009-12-25 14:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-12-25 13:59 . 2009-12-25 14:27 -------- d-----w- c:\users\MisterJ\AppData\Local\temp
2009-12-24 14:44 . 2009-12-24 14:44 -------- d-----w- c:\users\MisterJ\AppData\Roaming\Malwarebytes
2009-12-24 14:44 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-24 14:44 . 2009-12-24 14:44 -------- d-----w- c:\programdata\Malwarebytes
2009-12-24 14:44 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-14 16:26 . 2009-12-14 16:26 -------- d-----w- c:\program files\Telenor
2009-12-12 00:44 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 00:44 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 00:44 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 00:05 . 2009-12-12 00:05 -------- d-----w- c:\programdata\FLEXnet
2009-12-12 00:04 . 2009-12-12 00:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-12 00:04 . 2009-12-13 16:35 -------- d-----w- c:\programdata\Rosetta Stone
2009-12-11 23:50 . 2009-12-11 23:50 -------- d-----w- c:\users\MisterJ\AppData\Roaming\DAEMON Tools Pro
2009-12-09 23:00 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 23:00 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-11-26 02:23 . 2009-11-26 02:23 17241584 ----a-w- c:\users\MisterJ\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold.exe
2009-11-26 02:23 . 2009-11-26 02:23 8405312 ----a-w- c:\users\MisterJ\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-11-26 02:23 . 2009-11-26 02:23 149000 ----a-w- c:\users\MisterJ\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe
2009-11-26 02:22 . 2009-11-26 02:23 10309448 ----a-w- c:\users\MisterJ\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe
2009-11-26 02:22 . 2009-11-26 02:22 79368 ----a-w- c:\users\MisterJ\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
2009-11-26 02:22 . 2009-11-26 02:22 64000 ----a-w- c:\users\MisterJ\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll
2009-11-26 02:22 . 2009-11-26 02:22 52288 ----a-w- c:\users\MisterJ\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll
2009-11-26 02:22 . 2009-11-26 02:22 50688 ----a-w- c:\users\MisterJ\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll
2009-11-26 02:22 . 2009-11-26 02:22 118784 ----a-w- c:\users\MisterJ\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\compat.dll
2009-11-25 18:18 . 2009-12-05 18:19 439816 ----a-w- c:\users\MisterJ\AppData\Roaming\Real\Update\setup3.09\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 14:21 . 2009-03-19 21:41 -------- d-----w- c:\program files\uTorrent
2009-12-25 14:21 . 2009-03-19 21:41 -------- d-----w- c:\users\MisterJ\AppData\Roaming\uTorrent
2009-12-25 14:19 . 2008-08-21 16:55 -------- d-----w- c:\program files\Java
2009-12-25 13:37 . 2009-02-26 21:09 680 ----a-w- c:\users\MisterJ\AppData\Local\d3d9caps.dat
2009-12-25 13:31 . 2009-03-04 23:56 -------- d-----w- c:\users\MisterJ\AppData\Roaming\U3
2009-12-25 12:58 . 2009-09-09 18:55 -------- d-----w- c:\users\MisterJ\AppData\Roaming\Skype
2009-12-25 07:08 . 2009-09-09 19:00 -------- d-----w- c:\users\MisterJ\AppData\Roaming\skypePM
2009-12-24 14:58 . 2009-03-25 22:52 -------- d-----w- c:\program files\Steam
2009-12-14 18:20 . 2009-03-04 15:37 1100 ----a-w- c:\users\MisterJ\AppData\Local\d3d8caps.dat
2009-12-12 15:48 . 2009-12-12 15:48 11503 ----a-w- c:\users\MisterJ\ia_remove.sh5834.tmp
2009-12-12 15:48 . 2009-03-23 14:41 -------- d-----w- c:\program files\Rosetta Stone
2009-12-12 13:45 . 2009-11-06 19:42 680 ----a-w- c:\users\Annet\AppData\Local\d3d9caps.dat
2009-12-12 13:18 . 2009-02-26 22:05 -------- d-----w- c:\program files\Norman
2009-12-12 13:00 . 2009-03-25 22:52 -------- d-----w- c:\program files\Common Files\Steam
2009-12-10 02:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 02:12 . 2009-03-03 21:47 -------- d-----w- c:\programdata\Microsoft Help
2009-12-07 22:03 . 2009-02-27 15:05 -------- d-----w- c:\users\MisterJ\AppData\Roaming\Spotify
2009-11-24 15:15 . 2009-04-08 15:50 -------- d-----w- c:\programdata\Yahoo! Companion
2009-11-22 18:48 . 2009-10-20 19:26 -------- d-----w- c:\program files\Lightroom
2009-11-21 06:40 . 2009-12-09 23:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 23:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 23:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 23:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 16:22 . 2009-03-23 21:17 -------- d-----w- c:\program files\Common Files\Nero
2009-11-17 16:19 . 2009-03-23 21:17 -------- d-----w- c:\programdata\Nero
2009-11-17 16:00 . 2009-03-23 21:17 -------- d-----w- c:\program files\Nero
2009-11-16 17:34 . 2009-08-24 20:40 -------- d-----w- c:\program files\Half-Life
2009-11-15 22:58 . 2009-05-06 19:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-15 22:58 . 2009-09-01 05:30 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-15 22:58 . 2009-05-06 19:17 38208 ----a-w- c:\users\MisterJ\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-15 20:57 . 2008-01-21 02:23 240128 ----a-w- c:\windows\system32\uxtheme.dll
2009-11-15 20:57 . 2008-01-21 02:23 615424 ----a-w- c:\windows\system32\themeui.dll
2009-11-15 20:56 . 2009-11-15 20:56 -------- d-----w- c:\program files\CodeGazer
2009-11-15 18:12 . 2009-02-26 23:25 -------- d-----w- c:\program files\Windows Live
2009-11-15 18:11 . 2009-11-15 18:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-15 18:09 . 2009-11-15 18:09 -------- d-----w- c:\program files\Microsoft
2009-11-15 15:50 . 2009-02-26 23:30 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-06 19:42 . 2009-03-24 16:07 111592 ----a-w- c:\users\Annet\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 19:42 . 2009-11-15 18:01 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-29 09:41 . 2009-11-25 02:03 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-30 21:02 . 2009-02-25 22:34 111592 ----a-w- c:\users\MisterJ\AppData\Local\GDIPFONTCACHEV1.DAT
2008-08-22 02:24 . 2008-08-22 02:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

------- Sigcheck -------

[-] 2009-11-15 . 5B8AB8E9F38BC52ECD183B099093C2BD . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-25_13.56.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-09 11:00 . 2009-12-24 14:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-09 11:00 . 2009-12-25 13:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-09 11:00 . 2009-12-25 13:37 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-09 11:00 . 2009-12-24 14:55 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-09 11:00 . 2009-12-25 13:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-09 11:00 . 2009-12-24 14:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Steam"="c:\program files\Steam\Steam.exe" [2009-11-15 1217808]
"Google Update"="c:\users\MisterJ\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-22 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-17 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-17 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-27 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"Malwarebytes Anti-Malware (reboot)"="u:\malwarebytes' anti-malware\mbam.exe" [2009-12-03 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Mobilt bredb†nd.lnk - c:\program files\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2008-2-11 876544]
PHOTOfunSTUDIO HD Edition.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2009-9-1 44176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21.01.2008 03:23 21504]
R2 GtDetectSc;GtDetectSc;c:\program files\Telenor\Mobilt bredbånd\GtDetectSc.exe [18.12.2007 11:48 196704]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [24.08.2009 18:48 721904]
S3 athrusb6;3Com OfficeConnect Wireless 54Mbps 11g Compact USB Adapter;c:\windows\System32\drivers\athru6.sys [26.02.2009 22:38 871936]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\System32\drivers\Gt51Ip.sys [13.11.2007 15:50 106112]
S3 GT72UBUS;GT 72 U BUS;c:\windows\System32\drivers\gt72ubus.sys [09.10.2007 12:53 59264]
S3 netr73;Gigabyte RT73 Wireless Driver for Vista for Vista;c:\windows\System32\drivers\netr73.sys [24.05.2009 06:36 501248]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [22.05.2008 20:20 20640]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_no&c=84&bd=Pavilion&pf=cndt
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: hp.com\pavilion.buttonredirect
Trusted Zone: hp.com\presario.buttonredirect
FF - ProfilePath - c:\users\MisterJ\AppData\Roaming\Mozilla\Firefox\Profiles\6w51p7te.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\users\MisterJ\AppData\Roaming\Mozilla\Firefox\Profiles\6w51p7te.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 15:27
Windows 6.0.6001 Service Pack 1 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
Tidspunkt ferdig: 2009-12-25 15:29:12
ComboFix-quarantined-files.txt 2009-12-25 14:29
ComboFix2.txt 2009-12-25 13:59

Pre-Run: 63 840 493 568 bytes free
Post-Run: 63 068 655 616 bytes free

- - End Of File - - 3B54E23A589EFF97E494257C5282FDE1

descriptionInernet is connected but nothing works EmptyRe: Inernet is connected but nothing works

more_horiz
The internet works Smile... Seems like it was just some problems with the firewall.

Thanks for your time, though, and have a merry Christmas Smile...

descriptionInernet is connected but nothing works EmptyRe: Inernet is connected but nothing works

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum