Computer Hope
Internet & Networking => Networking => Topic started by: AndrewKelly on August 16, 2008, 09:51:38 AM
-
I am using an ntl:home (virgin) cable modem, and even though I am not downloading anything the lights for downloading and uploading are on all the time. This only happens when I am downloading something like a torrent, or something from xbox live, but now even when I am not browsing the internet they still stay on, making my internet run considerably slower. Ive disconnected my wireless router as well to make sure that a neighbour wasnt using my internet, but the lights on the modem still stay on. Also, ive carried out a comprehensive scan using norton 360 to make sure there arent any viruses or spyware etc downloading stuff, and even after norton eliminated all the 'risks' it found, the lights on the modem remained on.
Does anybody have any idea what is going on here?
-
Hmmmm.....Norton 360....An entire problem waiting to happen (my experiences).
Anyways, this light never used to blink like it is doing now?
What happens if you reset the modem? (unplug the power cable for about 30 seconds)
-
It's normal.
-
It's normal.
That's what I thought. Same with me.
-
When you're connected to the Net, there is always traffic activity.
You open any web page - downloading.
You make a post - uploading.
-
Hmmmm.....Norton 360....An entire problem waiting to happen (my experiences).
Anyways, this light never used to blink like it is doing now?
What happens if you reset the modem? (unplug the power cable for about 30 seconds)
The lights arent blinking, they just remain on, like the 'power' light.
Resetting the modem does nothing. After the modem starts up again the lights just turn back on.
-
What about when the computer is off?
-
It's normal.
This is not normal for my modem. If the computer was switched on, with no programs open, just the desktop showing, and nothing else, the lights would remain off. They would flicker every now again for whatever reason, but they never remained on constantly as long as the computer was switched on.
Also, my internet is running considerably slower which leads me to believe that something is being downloaded, using up a lot of bandwidth. These lights would only ever stay on, as they are doing now, if i was downloading a torrent file or something from xbox live. They wouldnt stay on constantly if I was just browsing the internet, so they are not staying on because I am just downloading a web page.
-
What about when the computer is off?
The lights go off whenever i switch off the computer. This happened anyway before i noticed the problem.
-
Surely, there is some background activity. When that activity is heavy, blinking lights become steady lights.
Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download)
Click on Download HijackThis Installer
Post HijackTHis log.
-
It could be background activity, but ive checked what programs are currently running and none of them are downloading updates or patches etc. It would have to be some kind of extremely important background activity to use up a lot of my bandwidth, and if it was, would it not be easy for me to see exactly what it is?
-
The HijackThis Log may show us that exact thing.
-
Here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:06, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton 360\ScanStub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2076256914-2933721995-3393346773-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 7115 bytes
-
You have only two startups, which use internet connection, Norton, and Windows Messenger. There is no reason for the latter to be a startup, so, open HJT, and checkmark:
- O4 - HKUS\S-1-5-21-2076256914-2933721995-3393346773-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
Click "Fix checked" button.
Restart computer, and see how busy your modem lights are now.
-
That didnt work. The lights are still on and the internet is still running slow. I tried doing a system restore as well but I keep getting the 'Restoration Incomplete' message.
Any other ideas?
-
That didnt work. The lights are still on and the internet is still running slow. I tried doing a system restore as well but I keep getting the 'Restoration Incomplete' message.
Any other ideas?
Try doing it in Safe Mode (http://www.computerhope.com/issues/chsafe.htm).
-
Go Start>Run, type in:
cmd
Click OK.
At Command Prompt, type in:
NETSTAT -a -f (<----watch for "spaces")
Hit Enter.
Copy all displayed info, and paste it in your next post.
-
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\andrew.YOUR-B04E565902.000>NETSTAT -a
Active Connections
Proto Local Address Foreign Address State
TCP FAMILY:http FAMILY:0 LISTENING
TCP FAMILY:epmap FAMILY:0 LISTENING
TCP FAMILY:microsoft-ds FAMILY:0 LISTENING
TCP FAMILY:2869 FAMILY:0 LISTENING
TCP FAMILY:http 86-44-87-113.b-ras2.bbh.dublin.eircom.net:53728
ESTABLISHED
TCP FAMILY:1484 84.53.178.24:http TIME_WAIT
TCP FAMILY:1508 84.53.178.42:http TIME_WAIT
TCP FAMILY:1527 jp-in-f190.google.com:http CLOSE_WAIT
TCP FAMILY:1561 www.computerhope.com:http TIME_WAIT
TCP FAMILY:1027 localhost:1028 ESTABLISHED
TCP FAMILY:1028 localhost:1027 ESTABLISHED
TCP FAMILY:1029 localhost:1030 ESTABLISHED
TCP FAMILY:1030 localhost:1029 ESTABLISHED
TCP FAMILY:1041 FAMILY:0 LISTENING
TCP FAMILY:1056 FAMILY:0 LISTENING
TCP FAMILY:1453 localhost:1454 ESTABLISHED
TCP FAMILY:1454 localhost:1453 ESTABLISHED
TCP FAMILY:1455 localhost:1456 ESTABLISHED
TCP FAMILY:1456 localhost:1455 ESTABLISHED
TCP FAMILY:1526 localhost:12080 ESTABLISHED
TCP FAMILY:12025 FAMILY:0 LISTENING
TCP FAMILY:12080 FAMILY:0 LISTENING
TCP FAMILY:12080 localhost:1526 ESTABLISHED
TCP FAMILY:12110 FAMILY:0 LISTENING
TCP FAMILY:12119 FAMILY:0 LISTENING
TCP FAMILY:12143 FAMILY:0 LISTENING
TCP FAMILY:netbios-ssn FAMILY:0 LISTENING
UDP FAMILY:microsoft-ds *:*
UDP FAMILY:isakmp *:*
UDP FAMILY:1047 *:*
UDP FAMILY:1948 *:*
UDP FAMILY:3776 *:*
UDP FAMILY:4500 *:*
UDP FAMILY:ntp *:*
UDP FAMILY:1900 *:*
UDP FAMILY:ntp *:*
UDP FAMILY:1048 *:*
UDP FAMILY:1060 *:*
UDP FAMILY:1076 *:*
UDP FAMILY:1511 *:*
UDP FAMILY:1900 *:*
UDP FAMILY:domain *:*
UDP FAMILY:bootps *:*
UDP FAMILY:bootpc *:*
UDP FAMILY:ntp *:*
UDP FAMILY:netbios-ns *:*
UDP FAMILY:netbios-dgm *:*
UDP FAMILY:1900 *:*
C:\Documents and Settings\andrew.YOUR-B04E565902.000>
Is this what you were looking for?
Typing in NETSTAT -a -f only brought up a list of descriptions:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\andrew.YOUR-B04E565902.000>NETSTAT -a -f
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
C:\Documents and Settings\andrew.YOUR-B04E565902.000>
-
Try same command with -b switch.
Post results.
Who is your ISP?
-
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\andrew.YOUR-B04E565902.000>NETSTAT -b
Active Connections
Proto Local Address Foreign Address State PID
TCP FAMILY:http 86-44-87-113.b-ras2.bbh.dublin.eircom.net:53913
ESTABLISHED 1500
[KService.exe]
TCP FAMILY:1027 localhost:1028 ESTABLISHED 1500
[KService.exe]
TCP FAMILY:1028 localhost:1027 ESTABLISHED 1500
[KService.exe]
TCP FAMILY:1029 localhost:1030 ESTABLISHED 1500
[KService.exe]
TCP FAMILY:1030 localhost:1029 ESTABLISHED 1500
[KService.exe]
TCP FAMILY:1453 localhost:1454 ESTABLISHED 4064
[firefox.exe]
TCP FAMILY:1454 localhost:1453 ESTABLISHED 4064
[firefox.exe]
TCP FAMILY:1455 localhost:1456 ESTABLISHED 4064
[firefox.exe]
TCP FAMILY:1456 localhost:1455 ESTABLISHED 4064
[firefox.exe]
C:\Documents and Settings\andrew.YOUR-B04E565902.000>
My ISP is virgin media.
-
I think, we got it.
Go to Add\Remove, and see, if you have Kontiki listed. If so, uninstall.
Restart computer, post fresh HJT log.
If it's not listed, let me know.
I'll be back in 10 minutes.
-
Its not in Add or Remove but I did a search for it and found a folder called Kontiki with 4 files; error, error 2, kservice.mdmp and zdata. Ill go ahead and delete these.
-
Hold on....
-
Go Start>Run, type in:
services.msc
Click OK.
Services window will open.
Find:
KService
Click on "Stop" link.
Wait until service stops.
Right click on KService, click Properties, and under Startup type, select Disable from drop-down menu.
Now, delete Kontiki folder.
Restart computer. Post new HJT log.
-
I didnt see your post before I went ahead and deleted them. The first file couldnt be deleted because it was in use by another program. I went into task manager and found something called KService.exe. I did a search on google and found this was linked to SkyPlayer which I downloaded about a week or so ago. So I stopped KService.exe in task manager, deleted those kontiki files returned by the search and deleted a folder called Kontiki in the Program Files folder.
The problem must be fixed now. The lights have returned to normal and my internet running at its normal speed.
Unless theres anything else remaining, thanks for all the help ;D
-
Go Start>Run, type in:
services.msc
Click OK.
Services window will open.
Find:
KService
Click on "Stop" link.
Wait until service stops.
taight click on KService, click Properties, and under Startup type, select Disable from drop-down menu.
Now, delete Kontiki folder.
Restart computer. Post new HJT log.
I didnt see this post before I deleted all traces of Kontiki instead of just disabling. Hope I havent messed up anything. Ill restart now and post the HJT log.
-
You did OK, but this is important step:
Right click on KService, click Properties, and under Startup type, select Disable from drop-down menu.
.
If not done, you're gonna be getting startup error.
Make sure, you perform the above step.
Then, post HJT log.
I'll be gone for couple of hours, pretty soon.
-
BTW....in the future, don't rush things. It's easy to mess up something.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:17, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 7884 bytes
Ill restart now to make sure there's no startup error.
-
KService is gone...good, but we have another problem.
You're running TWO antiviruses: Norton, and Avast. This is no-no.
One of them has to go.
Let me know, which one you want to keep, and DO NOTHING ELSE.
-
Avast wasn't present in your first log. What's up with that?
-
This is very important, when trying to fix computers:
Do ONE thing at a time, and don't do ANYTHING I'm not aware of!
-
I called a friend of mine for some help during the time I was trying to fix the problem, and I told him Id done a comprehensive virus check using Norton 360. He then told me that norton was a heap of crap so I should download Avast instead.
Which one do you recommend I keep? Ive heard that Norton can be a spanner in the works when you try to do a system restore, which could be the case for me because my system restore does not work nomatter what date I choose.
-
I had Norton 360 and it was indeed a heap of crap.
Before that I had Norton 2003 and I thought it was the best paid Antivirus.
After getting a new computer, we took the good expectations we had from Norton and bought 360. Absolute Rubbish.
If it were me, I would keep Avast.
-
I agree, but if decide to get rid of Norton, use Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
-
Could you have a think about another internet problem ive been having? Whenever Im downloading something from xbox live or sky player, my internet switches off then switches back on again after about a minute. The download then resumes but then after another short period of time the internet will switch off and on again. The download will eventually complete but it would go probably 5 or 6 times as fast if my internet did not keep turning off during the download. Any idea what is happening here?
-
Could it be something wrong with your ISP? (just throwing questions out here)