Computer locks up

S

steve lawson

New Member
Hi all.

Can anybody help me with the problem of Computer locking up. I seem to have picked something up when my Computers Anti-Virus had been disabled. Anti-Virus is back on but doesn't detect anything.
I have Regvac and Registry Mechanic and they both say that the System is now clean. However, Registry Mechanic did pick up a problem when it was first run. Below is the Error signature.
BCCode: ca BCP1:89BA C020 BCP2:89F48EC0 BCP3:89F7D C78
BCP4:00000001 0SVer:5_1_2600 SP: 3_0 product 256_1

The Computer sometimes runs for hours without crashing and on other occassions crashs almost as soon as it finishes Booting up. It can be running fine when I leave the Computer and when I return its locked up.

Any advice would be appreciated.

Steve.
 
Try running Maleware bytes. You can download it from download.com. See if that picks anything up and tell us the results.
 
Thanks for the help Guys. I have now downloaded the Programme and ran a full Scan. It found 12 infections, which I have now removed. I have restarted the Computer and I will keep you posted on its performance. Below is the Log File of what was found.

Once again many thanks.

Steve.

Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
F:\documents and settings\Steve\local settings\application data\goxph.exe (Adware.Navipromo.H) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\goxph (Adware.Navipromo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Documents and Settings\Steve\Local Settings\Application Data\goxph_navps.dat (Adware.Navipromo.H) -> Not selected for removal.
F:\Documents and Settings\Steve\Local Settings\Application Data\goxph_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
F:\Documents and Settings\Steve\Local Settings\Application Data\goxph.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
F:\Documents and Settings\Steve\Local Settings\Application Data\goxph.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
F:\Documents and Settings\Steve\My Documents\Downloads\Live-Player_setup (1).exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
F:\Documents and Settings\Steve\My Documents\Downloads\Live-Player_setup (2).exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
F:\Documents and Settings\Steve\My Documents\Downloads\Live-Player_setup.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
F:\Program Files\TSC\tsc.exe (Rogue.Total.Security) -> Quarantined and deleted successfully.
 
Hello again.

Just has I thought everything was OK, its locked up again! I left the Computer for approx. 1 Hour whilst still online, when I returned and moved the Mouse, it immediately froze. I'm hoping that you may have some other idea's.

I spoke to someone at work who didn't think that the Malwarebytes would be successful. He did suggest Antisuperspyware might do the trick, but also thinks that I really need to buy Norton or similar. I am currently using Free AVG Antivirus.

Once again any suggestions would be appreciated.

Steve.
 
Hello again.

Here is the Hijackthis log. I havn't started a fresh Thread because I started this one. The main problem is that the Computer locks up and needs to be rebooted.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:42:55, on 09/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\System32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\WgaTray.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\WINDOWS\system32\cisvc.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
F:\Program Files\VIA\RAID\raid_tool.exe
F:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
F:\Program Files\Analog Devices\SoundMAX\Smax4.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
F:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\system32\svchost.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\Program Files\DNA\btdna.exe
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\WINDOWS\System32\cidaemon.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCSVR.EXE
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\BWYWSOOA\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - F:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - F:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - F:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - F:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RaidTool] F:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "F:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] F:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus C60 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "F:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "F:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [RegistryMechanic] F:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - Startup: RegVac.lnk = F:\Program Files\RegVac Registry Cleaner\regvac.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - F:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - F:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - F:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10380 bytes

Many thanks.

Steve.
 
you have many processes running.
hit start>run> and type "msconfig"
go to the startup tab and disable anything you don't need or use from starting when you turn on your computer. you will have to click apply and then restart for the changes to bo effective.
post again if it still crashes after that.
 
Link93, how do I know which Processes to disable. I don't know what they are or do. I tried disabling most of them and restarting. However, the Computer wouldn't Boot up. It would crash before it had finished Booting. Its taken a couple of Hours to get back online. I have done a System restore and now need further instruction.

One thing I did notce, the Computer always appeared to crash when RegVac was being loaded. I have now removed this, but have had 1 Crash since.

Steve.
 
Most processes will be labeled plain as day what they are. If you dont use a program like AIM,YAHOO,MSN then dont have ti starting up. on average most computers running xp are around 25-33 processes.
 
I am also on XP and have 22, so i suppose its not that many? I panicked a bit after disabling most and then it not Booting up. Seems much more stable at the minute, since removing RegVac.

Steve.
 
Hello again Folks.

Sorry to drop this on your toes, but I am still having the same problems. Things have changed a little which I will try to explain.

If the Computer Hangs up and I reboot, it will Hang up again within Seconds and does so each time I reboot. If I leave it for a period of time say overnight and reboot, I can use the Computer no problems. If I go online there also appears to be no problem. However, if I go offline and then go back online later the problems will come back. For example, once I get the Machine up and running I run Malwarebytes. It finds 1 problem adware.Navipromo.H. I delete this and it prompts me to restart my Computer for the changes to take effect. As soon as the Computer is rebooted and I go to move my Mouse it hangs up.

It's as if once I have been online after a reboot, Malware or what ever is accessing my Machine with no effect. But once I go offline it then takes effect. I hope this makes some sense.

I have tried deleting all Cookies in Internet Options before going online but it doesn't make any difference.

Why would leaving the Machine off overnight allow me to use the Computer again?

I am now thinking of reformatting but feel a bit defeated in doing so. How would I go about reformatting? I did this once before on Packard Bell but I had a Master CD to reset everything. I have nothing like that with this machine, just a Windows XP CD.

Any help would be appreciated.

Steve.
 
Last edited:
Thanks for your prompt reply johnb35.

I have ran Combofix and before I could Paste the Log into a reply, the Computer Hung up again. The difference this time is, I have managed to reboot and use without it freezing.

Do I have to run Combofix again to access the Log to Post it back, or is there a simpler way?

Steve.
 
Tried running it again here is the Log. Hope this means something to you.

Steve.

ComboFix 09-09-28.01 - Steve 29/09/2009 22:03.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1535.1113 [GMT 1:00]
Running from: f:\documents and settings\Steve\Desktop\ComboFix.exe
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-29 21:02 . 2009-09-29 21:02 6736 ----a-w- f:\windows\system32\drivers\PROCEXP90.SYS
2009-09-28 17:11 . 2009-09-10 13:54 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 17:11 . 2009-09-10 13:53 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2009-09-23 19:07 . 2009-09-29 21:12 2033952 --sha-w- f:\windows\system32\drivers\fidbox.dat
2009-09-23 19:07 . 2009-09-29 21:12 46624 --sha-w- f:\windows\system32\drivers\fidbox2.dat
2009-09-23 18:58 . 2008-11-26 14:19 53192 ----a-w- f:\windows\system32\drivers\rp_skt32.sys
2009-09-23 18:57 . 2008-08-06 20:20 48384 ----a-w- f:\windows\system32\drivers\rp_pkt32.sys
2009-09-23 18:57 . 2008-08-28 12:16 71184 ----a-w- f:\windows\system32\drivers\DefragFS.sys
2009-09-23 18:56 . 2009-09-23 18:56 -------- d-----w- f:\documents and settings\All Users\Application Data\Raxco
2009-09-23 18:56 . 2009-09-23 18:56 -------- d-----w- f:\program files\Raxco
2009-09-21 19:02 . 2009-09-21 19:02 -------- d-----w- f:\windows\system32\wbem\Repository
2009-09-14 18:29 . 2009-09-22 17:46 -------- d-----w- f:\documents and settings\All Users\Application Data\{6C784BD0-F8BE-4F53-8572-55AF6E559817}
2009-09-14 18:29 . 2009-09-22 17:46 -------- d-----w- f:\program files\Common Files\DWGdirectX 2.5
2009-09-12 08:54 . 2009-09-22 17:45 -------- d-----w- f:\program files\RegVac Registry Cleaner
2009-09-09 17:46 . 2009-09-09 17:46 -------- d-----w- f:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-09 17:46 . 2009-09-22 19:52 -------- d-----w- f:\program files\SUPERAntiSpyware
2009-09-09 17:46 . 2009-09-12 09:19 -------- d-----w- f:\documents and settings\Steve\Application Data\SUPERAntiSpyware.com
2009-09-09 05:40 . 2009-09-09 05:40 -------- d-----w- f:\program files\Trend Micro
2009-09-08 19:11 . 2009-06-21 21:44 153088 -c----w- f:\windows\system32\dllcache\triedit.dll
2009-09-07 21:43 . 2009-09-07 21:43 -------- d-----w- f:\documents and settings\Steve\Application Data\Malwarebytes
2009-09-07 21:43 . 2009-09-28 17:11 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2009-09-07 21:43 . 2009-09-07 21:43 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 21:08 . 2008-04-28 20:23 -------- d-----w- f:\documents and settings\Steve\Application Data\DNA
2009-09-29 20:48 . 2008-04-28 20:23 -------- d-----w- f:\program files\DNA
2009-09-29 20:03 . 2009-09-23 19:07 27020 --sha-w- f:\windows\system32\drivers\fidbox.idx
2009-09-29 20:03 . 2009-09-23 19:07 5132 --sha-w- f:\windows\system32\drivers\fidbox2.idx
2009-09-29 18:05 . 2003-12-15 18:15 -------- d-----w- f:\documents and settings\All Users\Application Data\Google Updater
2009-09-23 19:17 . 2008-12-05 14:11 -------- d-----w- f:\documents and settings\Steve\Application Data\Virgin Broadband
2009-09-23 18:56 . 2009-04-08 17:34 -------- d-----w- f:\program files\Virgin Broadband
2009-09-23 18:55 . 2008-12-05 14:11 -------- d-----w- f:\documents and settings\All Users\Application Data\Virgin Broadband
2009-09-23 18:54 . 2008-04-24 16:19 -------- d--h--w- f:\program files\InstallShield Installation Information
2009-09-22 17:47 . 2008-04-28 20:24 -------- d-----w- f:\documents and settings\Steve\Application Data\BitTorrent
2009-09-21 20:40 . 2008-04-24 16:24 98304 ----a-w- f:\windows\DUMP66e7.tmp
2009-09-11 15:54 . 2009-08-07 11:34 -------- d-----w- f:\program files\A1Click Ultra PC Cleaner
2009-09-11 15:53 . 2003-12-23 14:57 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP
2009-08-29 08:49 . 2009-08-25 17:31 -------- d-----w- f:\program files\Uniblue
2009-08-28 16:28 . 2008-04-24 18:31 -------- d-----w- f:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-28 14:07 . 2009-04-08 17:45 -------- d-----w- f:\program files\CA
2009-08-25 17:32 . 2009-08-25 17:32 -------- d-----w- f:\documents and settings\Steve\Application Data\Uniblue
2009-08-22 10:58 . 2009-07-01 13:57 -------- d-----w- f:\program files\Java
2009-08-22 10:49 . 2008-04-24 16:33 107888 ----a-w- f:\documents and settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2004-08-04 07:56 204800 ----a-w- f:\windows\system32\mswebdvd.dll
2009-07-25 04:23 . 2009-07-01 13:57 411368 ----a-w- f:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-04 07:56 58880 ----a-w- f:\windows\system32\atl.dll
2009-07-12 11:21 . 2004-08-04 07:56 233472 ----a-w- f:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 07:56 915456 ------w- f:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-03 68856]
"PhotoShow Deluxe Media Manager"="f:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-02-26 212992]
"NBJ"="f:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 1961984]
"MSMSGS"="f:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"EPSON Stylus C60 Series"="f:\windows\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE" [2001-10-04 69632]
"BitTorrent DNA"="f:\program files\DNA\btdna.exe" [2003-12-17 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SoundMAXPnP"="f:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"RaidTool"="f:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NeroFilterCheck"="f:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Google Desktop Search"="f:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-19 29744]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Broadbandadvisor.exe"="f:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"Malwarebytes Anti-Malware (reboot)"="f:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - f:\windows\system32\nwiz.exe [2007-12-05 1626112]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\DNA\\btdna.exe"=
"f:\\Program Files\\BitTorrent\\bittorrent.exe"=
"f:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 PD91Agent;PD91Agent;f:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [22/09/2008 16:58 693512]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;f:\program files\Virgin Broadband\PCguard\SafeConnect\bin\SanaAgent.exe [14/11/2008 18:28 4937752]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;f:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [14/11/2008 18:28 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;f:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [14/11/2008 18:28 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;f:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [14/11/2008 18:28 27376]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;f:\program files\Google\Google Desktop Search\GoogleDesktop.exe [29/04/2008 18:59 29744]
S3 PD91Engine;PD91Engine;f:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [22/09/2008 16:58 910600]
S3 Radialpoint Security Services;Virgin Broadband PCguard;f:\program files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe [27/05/2009 13:10 170736]
S3 S5S7DRV;S5S7DRV;f:\s5w\s5s7drv.sys [23/12/2003 21:40 51640]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"f:\windows\system32\rundll32.exe" "f:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-29 f:\windows\Tasks\Google Software Updater.job
- f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-29 19:21]

2009-09-29 f:\windows\Tasks\User_Feed_Synchronization-{23B9B355-1CEC-4CAD-9584-01A5D894DAF8}.job
- f:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

2009-09-29 f:\windows\Tasks\WGASetup.job
- f:\windows\system32\KB905474\wgasetup.exe [2009-04-29 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - f:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com
DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 22:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2756)
f:\windows\system32\WININET.dll
f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\webcheck.dll
.
Completion time: 2009-09-29 22:17
ComboFix-quarantined-files.txt 2009-09-29 21:17
ComboFix2.txt 2009-09-29 20:12

Pre-Run: 141,520,285,696 bytes free
Post-Run: 141,491,912,704 bytes free

174 --- E O F --- 2009-09-09 02:03
 
I don't see anything bad in that log. You said this was the second time you ran it, is there a log at c:\combofix.txt or is that this one?
 
This is the Log of the 2nd Combofix Scan.

When I got up this morning, I couldn't get online at all, no connection available. I tried repairing the connection as instructed by Combofix, but to no avail. However, when I got home this evening, my PC Guard had come on and ran a scan and removed some stuff. Now everything appears to be working fine.

Heres a copy of the Log. I will let you know if it stays stable.

Steve.

PCguard Anti-Virus
Fast Scan Report (30/09/2009 07:52:31)
Master Boot Records and Fixed Disk Boot Sectors
Scanned 1 Master Boot Record(s) for viruses.
Your Master Boot Record(s)/Boot Sector(s) are not infected.
Files
Drive F:\
• F:\Program Files\InstallShield Installation Information\{0B0F82AB-5B9A-4B9F-96EF-74E1FD85F01F}\RPS SafeConnect.msi
o Some parts of this file could not be scanned because they are password protected. The real-time protection will automatically scan these parts when they are accessed.
• F:\Program Files\Live-Player\uninst.exe
o Viruses detected: Trojan-Downloader.NSIS.Agent.ca
o Action taken: File could not be disinfected. File was quarantined instead.
• F:\System Volume Information\_restore{2CD27D5F-28E4-4280-8455-2E655293537F}\RP1\A0018171.exe
o Viruses detected: Trojan-Downloader.NSIS.Agent.ca
o Action taken: File could not be disinfected. File was quarantined instead.
• F:\downloads\A1Click Ultra PC Cleaner v.1.01.65 (Registered) [RH]\A1Click Ultra PC Cleaner v.1.01.65 (Registered)\UltraPCCleaner.1.01.65.exe
o Some parts of this file could not be scanned because they are password protected. The real-time protection will automatically scan these parts when they are accessed.
Files scanned: 51986
Infected files: 2
Disinfected files: 0
Deleted files: 2
Files unable to scan: 2
Report Summary
Files scanned: 51986
Total infected files: 2
Total disinfected files: 0
Total deleted files: 2
Total files unable to scan: 2
Anti-Virus engine status
Last update: 30/09/2009 07:45:08
Virus definition file: 1254274740
File generated by PCguard Anti-Virus
 
You must log in or register to reply here.
Back
Top