Bobbye,
First off, thanks for your continued assistance.
Are you enjoying the system at all? It sound like you're so busy 'organizing' the system that you can't sit back and enjoy it! It would be more 'normal' and certainly easier for you, if you set up directories for each instead of a partition:
Examples: C:\Games, C:\Data, etc..
And for "Internet Saves", it in the best format and save to docs & settings.
Yes, I'm enjoying the system. It's how I've run my various computers for the last 15+ years. Its a pattern I've developed over the years. The Internet Saves is distinct from Documents where Word and other programs store their Documents. When I want to look at a saved web page I know to go to I:\ and not root through the Documents directory. I know it doesn't work for everyone, but it works for me.
Redoing the computer without the 11 partitions would be a weekends work as I have programs installed across the various drives. It may come to that though... (see below)
The best explanation I can come up with regarding the 150 and 350 connections to my computer is with the aid of illustration.
The first illustration is the connections displayed according to the firewall when trying to load google. Notice the spike in the right graph. The second illustration is a grab of the Resource Monitor in Window 7. The grab was taken while trying to reload this page.
Hope my meaning is more clearer.
Now onto the matter of Combofix
Now its my turn for a brainfade.
To be safe and to ensure I was up-to-date I downloaded a new copy of Combofix to my computer (it now 4.11mb in size instead of 4.09mb) and sent it to the desktop. I was tired and didn't realise that I sent shortcut instead of the actual program to the desktop.
After disabling the anti-malware and anti-virus (but -not- Online Armor) I ran the shortcut and it protested about wrong OS version and then the firewall started complaining about a program called PEV.EXE wanting to run. I didn't recognise it so I clicked block. Nothing then happened for several minutes.
So I double clicked it again - and the backdrop disappeared. I went looking for a log and there were none.
I then realised my error. I Rebooted, and disabled Online Armor and the antivirus and anti-malware. I then moved the actual program to the desktop and ran it. It ran without a hitch, all the various stages cycling through, no protests about incorrect OS, or anything. The desktop background was restored and the computer for a moment appeared to be working fine. The log is attached below.
However... I think my few moments of brainfade broke something. Despite rebooting twice, my computer
can not connect to the internet
at all now.
Sorry. As I said... it was a brainfade. Completely my fault. If you are willing to admit to one previously in this thread, I'll be brave enough to admit to mine.
I'm posting this from one of the other computers on the network.
----
EDIT:
I ran the Network Troubleshooter in Windows 7 and it wove its magic and now my computer can connect to the internet. First is said there was a problem with the DNS sever and then there was something wrong with the DHCP settings with respect to the LAN. Once it fixed them up... I have net connectivity back... I'm yet to see how fast it is.
--------------
ComboFix 11-04-10.02 - Michael 11/04/2011 17:09:40.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3070.1974 [GMT 10:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: Online Armor Firewall *Disabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-11 07:13 . 2011-04-11 07:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-11 07:13 . 2011-04-11 07:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-04-05 07:30 . 2011-04-05 07:30 -------- d-----w- c:\programdata\Panda Security
2011-04-05 07:30 . 2011-04-05 07:30 -------- d-----w- c:\program files\Panda USB Vaccine
2011-03-22 02:34 . 2011-03-22 02:34 -------- d-----w- c:\program files\ESET
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 04:00 . 2010-06-24 01:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-01 00:32 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-19 06:30 . 2011-03-09 23:39 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-09 23:39 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-09 23:39 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-03 05:54 . 2011-02-09 06:09 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 11:40 . 2010-04-20 22:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-26 13:36 . 2011-01-26 13:36 7566848 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-26 13:00 . 2011-01-26 13:00 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 13:00 . 2010-03-03 04:16 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-01-26 12:59 . 2011-01-26 12:59 17204736 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-26 12:56 . 2010-04-07 02:13 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 12:55 . 2010-04-07 02:12 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 12:55 . 2010-04-07 02:12 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 12:54 . 2011-01-26 12:54 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-01-26 12:53 . 2010-04-07 02:10 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-26 12:53 . 2011-01-26 12:53 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-26 12:53 . 2011-01-26 12:53 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 12:53 . 2011-01-26 12:53 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-26 12:49 . 2010-03-03 04:06 4105728 ----a-w- c:\windows\system32\atidxx32.dll
2011-01-26 12:32 . 2011-01-26 12:32 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-01-26 12:28 . 2010-03-03 03:46 4170752 ----a-w- c:\windows\system32\atiumdag.dll
2011-01-26 12:27 . 2011-01-26 12:27 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-26 12:27 . 2011-01-26 12:27 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-26 12:25 . 2011-01-26 12:25 5580800 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-26 12:24 . 2010-03-03 03:24 3463680 ----a-w- c:\windows\system32\atiumdva.dll
2011-01-26 12:20 . 2010-03-03 03:23 52736 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 12:14 . 2010-04-07 01:23 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 12:13 . 2011-01-26 12:13 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 12:13 . 2011-01-26 12:13 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-01-26 12:13 . 2011-01-26 12:13 238592 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-26 12:12 . 2010-03-03 03:06 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2011-01-26 12:12 . 2010-03-03 03:06 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-01-26 12:12 . 2011-01-26 12:12 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2011-01-26 12:11 . 2011-01-26 12:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-26 12:08 . 2011-01-26 12:08 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-26 12:08 . 2011-01-26 12:08 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-01-17 05:47 . 2011-02-28 23:16 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-13 09:41 . 2010-01-26 22:01 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-13 08:47 . 2010-06-29 11:25 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-01-13 14:30 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-01-13 14:31 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-01-13 14:31 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-01-13 14:31 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-01-13 14:30 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-01-13 14:31 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"DefragTaskBar"="d:\program files\Ashampoo Magical Defrag 3\defragtaskbar.exe" [2009-12-16 927072]
"Ashampoo Core Tuner"="d:\program files\Ashampoo Core Tuner\autostarter.exe" [2009-09-25 428376]
"WordWeb"="d:\program files\WordWeb\wweb32.exe" [2009-11-08 65216]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"@OnlineArmor GUI"="d:\program files\Online Armor\OAui.exe" [2010-11-04 2345000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "d:\progra~1\ONLINE~1\oaevent.dll" [2010-11-04 353992]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2010-10-30 38856]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SvcOnlineArmor;Online Armor;d:\program files\Online Armor\oasrv.exe [2010-11-04 3653208]
R3 DfSdkS;Defragmentation-Service;d:\program files\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-17 691696]
S1 aswSP;aswSP; [x]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-11-04 202064]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-11-04 25000]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/01/13 23:32];c:\program files\CyberLink\PowerDVD DX\000.fcl [2009-06-24 10:19 87536]
S2 acthelper;Ashampoo CoreTuner Helper Service;d:\program files\Ashampoo Core Tuner\ACTHelperService.exe [2009-09-25 902488]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 Ashampoo Defrag Service;Ashampoo Defrag Service;d:\program files\Ashampoo Magical Defrag 3\defragservice.exe [2009-12-16 890208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 OAcat;Online Armor Helper Service;d:\program files\Online Armor\OAcat.exe [2010-11-04 380784]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-11-04 29120]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-15 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-12-12 07:01]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - d:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - d:\program files\GetRight\GRbrowse.htm
TCP: {EB9D824D-F1DB-491F-A89D-B32705065FB3} = 192.168.0.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\2tnep8uy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Amazon Toolbar:
amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5608)
c:\windows\System32\SyncCenter.dll
.
Completion time: 2011-04-11 17:15:28
ComboFix-quarantined-files.txt 2011-04-11 07:15
.
Pre-Run: 83,432,783,872 bytes free
Post-Run: 83,159,576,576 bytes free
.
- - End Of File - - C3C7D45598092E86C8E22C98DB16B321