Advanced Search
Welcome to Omgili,
Omgili (Oh My God I Love It ;) is a search engine for discussions. With Omgili you can find answers and solutions, debates, discussions, personal experiences, opinions and more... To learn more about Omgili click here.

This is a complete preview of the discussion as it was indexed by Omgili crawlers. Use this preview if the original discussion is unavailable.
Click here to view the original discussion.

PLEASE HELPPP!!! I suck at computers lol. (moved from Internet Forum) - Cyber Tech Help Support Forums

Ok so i had this virus where popups would come up every probably 20 seconds and eventually it made it so the internet would not load.

I finally used a virus remover to get rid of the virus and im pretty sure it is gone.

But now there is a horrible problem...whenever i try to load the internet (doesn't matter its its firefox, chrome, explorer, whatever) the internet will not load.

Now by load i don't mean like it will come up saying it can't connect, but the actual internet screen will not come up at all.

I will literally double click and it looks like something is loading and then nothing, not even a blank page comes up.

Anyway if anybody could PLEASE help me or at least tell me where to start i would honestly appreciate it so much. Thanks!

Hi Adam and welcome.

I have moved your topic to the Malware Removal Forum for now.

Your operating system may still be infected and I think it would be a good idea to have a look at what is running on your computer. I need to see some logs to do this but before you provide them, you need to know that I have made a personal decision not to help anyone who has peer to peer software installed on their computers (and this includes Bit Torrent software) so if you want my help, please uninstall any such programs now and reboot. Go here and download DDS to your Desktop and doubleclick on DDs.scr to run it.

If your security software includes script blocking features, please disable these before you run this utility.

When the scan has finished, two logs will open.

Copy and paste both reports in this topic.

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. Please do not run any programs other than those that I suggest or install any new software while I am helping you.

DDS (Ver_09-03-16.01) - NTFSx86 Run by AdamL at 14:28:06.87 on Mon 04/20/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.77 [GMT -5:00] AV: Norton AntiVirus *On-access scanning disabled* (Outdated) AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) FW: Norton AntiVirus *enabled* Running Processes C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe C:\Documents and Settings\AdamL \Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Documents and Settings\AdamL \Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\AdamL \Desktop\dds.scr Pseudo HJT Report uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL uURLSearchHooks: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - c:\program files\harmony_hollow_software\tbHarm.dll BHO: Yahoo!

Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Video: {04a67da5-880b-452f-b193-463452c40b41} - c:\windows\tokry.dll BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\16.0.0.125\IPSBHO.DLL BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\lefty00\local settings\application data\cyberdefender\cdmyidd.dll BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL TB: Yahoo!

Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\lefty00\local settings\application data\cyberdefender\cdmyidd.dll TB: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - c:\program files\harmony_hollow_software\tbHarm.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ares] "c:\program files\ares\Ares.exe" -h uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide uRun: [<NO NAME>] uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe" uRun: [Google Update] "c:\documents and settings\adaml \local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRunServices: [freestyle] dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe IE: Build LinkLister List from Selected Url(s) - c:\program files\linklister\build_from_sel.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - hxxp://static.35mb.com/applet/applet_o.cab Notify: WRNotifier - WRLogonNTF.dll AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll, c:\progra~1\google\google~1\goec62~1.dll LSA: Notification Packages = scecli scecli FIREFOX FF - ProfilePath - c:\docume~1\adaml0~1\applic~1\mozilla\firefox\prof iles\ldp60ua6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - component: c:\documents and settings\adaml \application data\mozilla\firefox\profiles\ldp60ua6.default\ext ensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.

Dll FF - plugin: c:\documents and settings\adaml \local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll SERVICES / DRIVERS R0 SSFS041A;Spy Sweeper File System Filer Driver: 041A;c:\windows\system32\drivers\SSFS041A.sys [2006-10-26 13824] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1 .07d\SymEFA.sys [2008-12-21 309296] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1 .07d \BHDrvx86.sys [2008-12-21 254512] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1 .0 7d\ccHPx86.sys [2008-12-21 362544] R2 5F510EF6B3B36214;5F510EF6B3B36214;c:\documents and settings\wrestling\5f510ef6b3b36214\5F510EF6B3B362 14 [] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 105632] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 105632] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\norton antivirus\engine\16.0.0.125\ccSvcHst.exe [2008-12-21 115560] R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2005-10-17 2368] R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-5-21 1087680] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-21 99376] R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [2005-4-27 79616] S1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20080826.

006\IDSxpx86.sys [2008-12-21 274808] S3 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.s ys [2008-11-28 67424] S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-17 40840] S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-17 66952] S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-17 81288] S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\2008082 9.024\NAVENG.SYS [2008-12-21 89104] S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\2008082 9.024\NAVEX15.SYS [2008-12-21 873552] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-17 356920] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-17 1079176] S3 tcpip_patcher;tcpip_patcher;\??\c:\program files\ares\tcpip_patcher.sys -->

C:\program files\ares\tcpip_patcher.sys [?] S3 YFBPCHIOWFC;YFBPCHIOWFC;c:\docume~1\adam00\locals~ 1\temp\yfbpchiowfc.exe -->

C:\docume~1\adam00\locals~1\temp\YFBPCHIOWFC.exe [?] S3 ZVVQA;ZVVQA;c:\docume~1\adam00\locals~1\temp\zvvqa .exe -->

C:\docume~1\adam00\locals~1\temp\ZVVQA.exe [?] Created Last 30 2009-04-19 17:14 <DIR>

--dsh--- c:\documents and settings\adaml \IECompatCache 2009-04-19 17:10 <DIR>

--dsh--- c:\documents and settings\adaml \PrivacIE 2009-04-19 17:01 <DIR>

--dsh--- c:\documents and settings\adaml \IETldCache 2009-04-19 16:55 <DIR>

-cd-h--- c:\windows\ie8 2009-04-12 22:28 <DIR>

--d c:\docume~1\alluse~1\applic~1\Azureus 2009-04-12 22:27 <DIR>

--d c:\docume~1\adaml0~1\applic~1\Azureus 2009-04-12 22:23 <DIR>

--d c:\program files\common files\i4j_jres 2009-04-12 22:03 <DIR>

--d c:\program files\TorrentMan 2009-04-12 22:03 <DIR>

--d c:\program files\BitLord 2009-04-12 21:51 <DIR>

--d c:\docume~1\adaml0~1\applic~1\uTorrent 2009-04-07 22:48 149,833 a C:\jg.jpg Find3M 2009-03-08 04:34 914,944 a c:\windows\system32\wininet.dll 2009-03-08 04:34 43,008 a c:\windows\system32\licmgr10.dll 2009-03-08 04:33 18,944 a c:\windows\system32\corpol.dll 2009-03-08 04:33 420,352 a c:\windows\system32\vbscript.dll 2009-03-08 04:32 72,704 a c:\windows\system32\admparse.dll 2009-03-08 04:32 71,680 a c:\windows\system32\iesetup.dll 2009-03-08 04:31 34,816 a c:\windows\system32\imgutil.dll 2009-03-08 04:31 48,128 a c:\windows\system32\mshtmler.dll 2009-03-08 04:31 45,568 a c:\windows\system32\mshta.exe 2009-03-08 04:22 156,160 a c:\windows\system32\msls31.dll 2009-02-17 13:08 1,594 a c:\windows\system32\tmp.reg 2009-02-09 13:56 67,584 a c:\windows\system32\ff_vfw.dll 2009-02-09 05:19 1,846,272 a c:\windows\system32\win32k.sys FINISH: 14:29:09.75

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-03-16.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 4/25/2005 8:31:32 PM System Uptime: 4/20/2009 2:13:58 PM (0 hours ago) Motherboard: Intel Corporation | | D845PT Processor: Intel(R) Pentium(R) 4 CPU 1.70GHz | J1E1 | 1694/100mhz ==== Disk Partitions A: is Removable C: is FIXED (NTFS) - 37 GiB total, 0.265 GiB free. D: is CDROM () E: is CDROM () ==== Disabled Device Manager Items Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Device ID: ACPI\PNP0303\4&268D196D&0 Manufacturer: (Standard keyboards) Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&268D196D&0 Service: i8042prt ==== System Restore Points No restore point in system. ==== Installed Programs Ad-Aware SE Personal Adobe Flash Player 9 Adobe Flash Player ActiveX Adobe Shockwave Player Amazing Photo Editor V6.2 America Online (Choose which version to remove) AOL Coach Version 1.0(Build:20030807.3) AppCore Apple Software Update Ask Toolbar AutoUpdate AV ccCommon CD-DA X-Tractor v0.24 Conexant HSF V92 56K Data Fax PCI Modem CyberDefender Early Detection Center DivX Converter DivX Player DivX Web Player DNA ESPN RunTime Gamevance Google Chrome Google Desktop Google Toolbar for Internet Explorer Harmony_Hollow_Software Toolbar Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB952287) K-Lite Codec Pack 4.6.2 (Full) Learn2 Player (Uninstall Only) Linksys Wireless-G USB Network Adapter LiveUpdate 3.1 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Mozilla Firefox (3.0.8) MSN Music Assistant MyIdentityDefender Toolbar (CyberDefender Corporation) NoAdware v5.0 Norton AntiVirus Norton AntiVirus (Symantec Corporation) Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton Protection Center NVIDIA Drivers Project64 1.6 QuickTime RealPlayer Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Spyware Doctor 6.0 Symantec SymNet The Weather Channel Desktop 6 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920342) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Viewpoint Manager (Remove Only) Viewpoint Media Player WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 10 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinRAR archiver Yahoo!

Toolbar ==== Event Viewer Messages From Past Week 4/20/2009 5:02:12 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 29 time(s). 4/20/2009 4:57:51 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 28 time(s). 4/20/2009 4:52:49 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 27 time(s). 4/20/2009 4:48:16 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 26 time(s). 4/20/2009 4:42:42 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 25 time(s). 4/20/2009 4:38:58 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 24 time(s). 4/20/2009 4:34:41 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 23 time(s). 4/20/2009 4:29:58 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 22 time(s). 4/20/2009 4:24:21 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 21 time(s). 4/20/2009 4:18:49 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 20 time(s). 4/20/2009 4:14:35 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 19 time(s). 4/20/2009 4:09:51 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 18 time(s). 4/20/2009 4:04:42 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 17 time(s). 4/20/2009 4:00:12 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 16 time(s). 4/20/2009 3:55:16 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 15 time(s). 4/20/2009 3:51:08 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 14 time(s). 4/20/2009 3:46:32 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 13 time(s). 4/20/2009 3:40:50 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 12 time(s). 4/20/2009 3:35:42 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 11 time(s). 4/20/2009 3:30:48 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 10 time(s). 4/20/2009 3:25:54 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 9 time(s). 4/20/2009 3:21:37 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 8 time(s). 4/20/2009 3:17:50 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 7 time(s). 4/20/2009 3:12:52 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 6 time(s). 4/20/2009 3:08:14 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 5 time(s). 4/20/2009 3:02:59 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 4 time(s). 4/20/2009 2:58:02 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 3 time(s). 4/20/2009 2:28:46 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Norton AntiVirus service. 4/19/2009 4:54:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} 4/19/2009 4:39:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SRTSPX SYMTDI Tcpip 4/19/2009 4:39:33 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning. 4/19/2009 4:39:33 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/19/2009 4:39:33 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/19/2009 4:39:33 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 4/19/2009 4:29:25 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001217A3C664 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 4/18/2009 9:55:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 4/18/2009 5:24:09 PM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2.

The required attribute version is missing from element assemblyIdentity. 4/18/2009 5:24:09 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest.

Reference error message: The operation completed successfully.

. 4/18/2009 5:24:09 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2. 4/18/2009 5:24:08 PM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2.

The required attribute version is missing from element assemblyIdentity. 4/18/2009 5:24:08 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest.

Reference error message: The operation completed successfully.

. 4/18/2009 5:24:08 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2. 4/16/2009 12:55:33 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 2 time(s). 4/16/2009 12:23:07 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/16/2009 12:23:06 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 4/16/2009 12:17:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/15/2009 12:47:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 4/15/2009 11:39:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl Fips Processor SRTSPX SYMTDI 4/15/2009 1:07:44 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly.

It has done this 1 time(s). 4/15/2009 1:07:40 AM, error: Service Control Manager [7022] - The PC Tools Security Service service hung on starting. 4/15/2009 1:06:04 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired. 4/14/2009 12:54:08 PM, error: Service Control Manager [7022] - The IPSEC Services service hung on starting. 4/14/2009 1:06:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect. 4/14/2009 1:06:23 PM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/14/2009 1:06:16 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435} 4/13/2009 6:52:36 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001217A3C664 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). ==== End Of File

Btw i am using the internet in safe mode with networking that is how i can post this but i did the scan in normal mode.

Just wanted to let you know in case it matters.

I really do appreciate the help thank you.

Haha sorry for posting so much but one last thing...I had a P2P program called Vezu(sp.?) and Bittorrent but i deleted them both and i hope i did it correctly and uninstalled it right...Thanks!

Yes and can you please also uninstall DNA.

Reboot when you have done this. Adam there are malware startups still showing in your log so I also need to see another type of log. Download the latest version of Gmer from here to your Desktop.

Once downloaded, doubleclick on gmer.zip and unzip the file to its own folder When you have done this, close all running programs including those in your notification area (bottom righthand corner of your screen) and doubleclick on Gmer.exe to run it.

Click on the Rootkit tab and look at the righthand side (under Files) and uncheck all drives with the exception of your C drive and then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes.

Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" >

Text document. Once the file is created, open it and rightclick again and choose Paste.

Save the file and copy the information and post it here please. Warning!

Please do not select the "Show all" checkbox during the scan What was the name of the virus that you were infected with?

Also please confirm that you have uninstalled DNA.

Ok the DNA is gone and i did the scan (hopefully correctly).

Thanks again seriously you're awesome! GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-04-21 00:02:46 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- SSDT 8237EA20 ZwAlertResumeThread SSDT 8237EAE0 ZwAlertThread SSDT 8237F1E8 ZwAllocateVirtualMemory SSDT 8237E290 ZwAssignProcessToJobObject SSDT 82645E88 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF6ED4020] SSDT 8237E7D0 ZwCreateMutant SSDT 8275D460 ZwCreateProcess SSDT 8275D3E8 ZwCreateProcessEx SSDT 8237E0F0 ZwCreateSymbolicLinkObject SSDT 82382388 ZwCreateThread SSDT 8237E350 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF6ED42A0] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF6ED4800] SSDT 8237F378 ZwDuplicateObject SSDT 8237F048 ZwFreeVirtualMemory SSDT 8237E8A0 ZwImpersonateAnonymousToken SSDT 8237E960 ZwImpersonateThread SSDT 8237E4D0 ZwLoadDriver SSDT 8237EF70 ZwMapViewOfSection SSDT 8237E710 ZwOpenEvent SSDT 8237F518 ZwOpenProcess SSDT 8237F2B8 ZwOpenProcessToken SSDT 8237E590 ZwOpenSection SSDT 8237F448 ZwOpenThread SSDT 8237E1C0 ZwProtectVirtualMemory SSDT 82748DC8 ZwQueueApcThread SSDT 82748C60 ZwReadVirtualMemory SSDT 8275D640 ZwRenameKey SSDT 82383288 ZwResumeThread SSDT 8237ED20 ZwSetContextThread SSDT 8275D5C8 ZwSetInformationKey SSDT 8237EDE0 ZwSetInformationProcess SSDT 82748F30 ZwSetInformationThread SSDT 8237E410 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF6ED4A50] SSDT 8237E650 ZwSuspendProcess SSDT 8237EBA0 ZwSuspendThread SSDT 8237F630 ZwTerminateProcess SSDT 8237EC60 ZwTerminateThread SSDT 8237EEB0 ZwUnmapViewOfSection SSDT 8237F118 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 7C 804E26D8 8 Bytes JMP EAE08237 .text ntoskrnl.exe!_abnormal_termination + 90 804E26EC 4 Bytes CALL D1D05EE2 .text ntoskrnl.exe!_abnormal_termination + 199 804E27F5 3 Bytes [F0, 37, 82] .text ntoskrnl.exe!_abnormal_termination + 1B0 804E280C 4 Bytes CALL 643BAA48 .text ntoskrnl.exe!_abnormal_termination + 1B8 804E2814 4 Bytes JMP B07FAA50 ?

SYMEFA.SYS The system cannot find the file specified.

! ? C:\Documents and Settings\Wrestling\5F510EF6B3B36214\5F510EF6B3B362 14 Access is denied. ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 82748B08 IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 82748B80 IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 82748B80 IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 82748B08 IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 82748B08 IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 82748B80 IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 82748B80 IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 82748B08 IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 82748B80 IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 82748B08 IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 82748B80 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SSFS041A.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc ( www.webroot.com )) Device \Driver\Tcpip \Device\Ip 82566888 AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\Tcpip \Device\Tcp 82566888 AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\Tcpip \Device\Udp 82566888 AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\Tcpip \Device\RawIp 82566888 AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\Tcpip \Device\IPMULTICAST 82566888 Device \FileSystem\Fastfat \Fat F25D5C8A AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat SSFS041A.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc ( www.webroot.com )) ---- Services - GMER 1.0.15 ---- Service C:\Documents and Settings\Wrestling\5F510EF6B3B36214\5F510EF6B3B362 14 (*** hidden *** ) [AUTO] 5F510EF6B3B36214 <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ----

Oh and as for the virus i remember it was a trojan but not sure which one.

I think, but am not a 100 percent positive, that it came from some fake anti-virus software or something.

And when i had it popups would come up every like 20 seconds saying i needed to purchase some software to get ride of the virus.

Im looking on the internet right now and Win32.Trojan.RX...

Sounds familiar i think that was it. ~Adam~

Wow! I actually tried downloading a product called superspyware and i did a scan and my computer somehow works again!!!

Anyway i do wanna say thank you so much for the help and im sure you would have found the problem as well so thanks again i really do appreciate your help..especially since you do not even get paid to do it! Btw, i was just wondering why you want people do delete p2p programs..this is out of total curiosity and not as an insult. Thank ya, Adam

Hi Adam, I dont mind you asking.

Someone else asked me that question a while back.

See my reply here .

Also see the warning about Virut here . I can see several problems in your logs Adam including a possible rootkit infection.

I have my doubts that SAS can get rid of these but it's up to you.

If you want me to check, you will have to post a new DDS log.




Omgili Home About FAQ Plugins Usenet