Antivirus live removed No Internet?

View previous topic View next topic Go down

Antivirus live removed No Internet?

Post by Bigmaico on Tue Dec 22, 2009 9:21 pm

I went to help my buddy with his shop computer system.

He got that nasty malware "Anti-virus Live" which is a scam & I finally got it removed. I loaded Malwarebytes & Spybot, ran both to clean the system.

But his system didn't have any Anti-virus on it, that's when I discovered that the Internet would not work in normal mode. It will work in Safe mode, but I still can't get AVG to completely down load. It gives me a file error.

I'm thinking of resetting Winsock & the TCP/ I.P. stack.

Any other thoughts!

Howard

Bigmaico
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-04-12
Gender Gender : Male
OS OS : XP
Points Points : 28263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Belahzur on Tue Dec 22, 2009 11:00 pm

Hello.
Okay, use Safe Mode with networking.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Bigmaico on Wed Dec 23, 2009 12:06 am

Here's the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:11 PM, on 12/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\11.0.78.0\HostIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\11.0.78.0\HostIE.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe"
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\11.0.78.0\Weather.exe" -auto
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SetPoint.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe (file missing)
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7286 bytes

Bigmaico
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-04-12
Gender Gender : Male
OS OS : XP
Points Points : 28263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Belahzur on Wed Dec 23, 2009 12:10 am

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\11.0.78.0\HostIE.dll
    O3 - Toolbar: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\11.0.78.0\HostIE.dll
    O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

sc delete NIS

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Bigmaico on Wed Dec 23, 2009 1:02 am

Malwarebytes' Anti-Malware 1.42
Database version: 3405
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.2180

12/22/2009 6:51:37 PM
mbam-log-2009-12-22 (18-51-37).txt

Scan type: Quick Scan
Objects scanned: 117942
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Bigmaico
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-04-12
Gender Gender : Male
OS OS : XP
Points Points : 28263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Belahzur on Wed Dec 23, 2009 1:07 am

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Bigmaico on Wed Dec 23, 2009 1:21 am

DDS (Ver_09-12-01.01) - NTFSx86
Run by mikea at 19:13:56.32 on Tue 12/22/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2757 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\gtwatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\mikea\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"
mRun: [Gtwatch] c:\windows\gtwatch.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli dirovura.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mikea\applic~1\mozilla\firefox\profiles\hslfkw88.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1101000.013\SymDS.sys [2009-12-18 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1101000.013\SymEFA.sys [2009-12-18 171056]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\bashdefs\20091013.001\BHDrvx86.sys [2009-12-18 508976]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1101000.013\cchpx86.sys [2009-12-18 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1101000.013\Ironx86.sys [2009-12-18 114736]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\ipsdefs\20090911.001\IDSxpx86.sys [2009-12-18 329080]
S2 NIS;Norton Internet Security;"c:\program files\norton internet security\engine\17.1.0.19\ccsvchst.exe" /s "nis" /m "c:\program files\norton internet security\engine\17.1.0.19\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\17.1.0.19\ccSvcHst.exe [?]
S3 GT681x;%GrandTechICNameNT%;c:\windows\system32\drivers\gt681x.sys --> c:\windows\system32\drivers\GT681x.SYS [?]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20091020.006\NAVENG.SYS [2009-12-18 84912]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20091020.006\NAVEX15.SYS [2009-12-18 1323568]

=============== Created Last 30 ================

2009-12-23 00:20:56 0 d-sha-r- C:\cmdcons
2009-12-23 00:12:42 77312 ----a-w- c:\windows\MBR.exe
2009-12-23 00:12:42 261632 ----a-w- c:\windows\PEV.exe
2009-12-23 00:12:36 0 d-s---w- C:\ComboFix
2009-12-23 00:07:17 389120 ----a-w- c:\windows\system32\CF22897.exe
2009-12-23 00:03:56 0 d-----w- c:\program files\Trend Micro
2009-12-21 21:22:13 0 d-----w- c:\docume~1\alluse~1\applic~1\HotbarSA
2009-12-21 21:22:12 0 d-----w- c:\docume~1\mikea\applic~1\WeatherDPA
2009-12-21 21:22:11 0 d-----w- c:\docume~1\mikea\applic~1\Hotbar
2009-12-21 20:42:31 0 d-----w- c:\program files\VS Revo Group
2009-12-21 20:16:52 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 20:16:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-21 17:56:01 230 ----a-w- c:\windows\system32\spupdsvc.inf
2009-12-19 22:49:23 0 d--h--w- C:\$AVG
2009-12-19 21:59:40 98816 ----a-w- c:\windows\sed.exe
2009-12-19 21:59:40 161792 ----a-w- c:\windows\SWREG.exe
2009-12-19 21:59:29 389120 ----a-w- c:\windows\system32\CF3390.exe
2009-12-19 21:55:05 0 d-----w- c:\docume~1\mikea\applic~1\AVG8
2009-12-19 21:24:23 0 d-----w- c:\docume~1\mikea\applic~1\Malwarebytes
2009-12-19 21:24:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 21:24:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 21:24:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 21:24:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-18 23:12:14 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-18 23:12:14 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-18 23:12:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-18 23:12:14 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-18 23:12:14 0 d-----w- c:\program files\Symantec
2009-12-18 23:11:36 0 d-----w- c:\windows\system32\drivers\NIS
2009-12-18 23:06:20 0 d-----w- c:\docume~1\alluse~1\applic~1\PCSettings
2009-12-18 23:04:53 0 d-----w- c:\program files\NortonInstaller
2009-12-18 23:04:53 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-12-14 21:08:13 0 d-----w- c:\program files\Windows Media Connect 2
2009-12-14 21:07:01 0 d-----w- c:\windows\system32\LogFiles
2009-12-11 22:16:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-12-07 15:43:25 0 d-----w- C:\978acfedc8f2e9c290ce20acd1132192
2009-12-07 15:42:40 0 d-----w- C:\7b50ad4b04f14b9d4ac64755
2009-12-05 17:36:31 0 d-----w- C:\f2d0557a544460edc85b71
2009-12-05 17:35:34 0 d-----w- C:\f8e2b187ec654c5417
2009-12-03 18:03:37 0 d-----w- C:\30d05a8c962d2c2f9e
2009-12-03 18:02:45 0 d-----w- C:\f970645c79266f69bf36
2009-11-30 15:56:12 0 d-----w- C:\cebc6a6bca7a121ac21424868135f7
2009-11-30 15:55:49 0 d-----w- C:\1b29bac808a1e5fa71bc72fb

==================== Find3M ====================

2009-10-29 07:46:55 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-29 07:46:55 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-29 07:46:54 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-29 07:46:54 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-29 07:46:51 63488 ------w- c:\windows\system32\dllcache\icardie.dll
2009-10-29 07:46:51 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-03-12 12:13:06 5154304 ----a-w- c:\program files\WindowsDefender.msi
2008-12-12 13:14:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121220081213\index.dat

============= FINISH: 19:14:31.48 ===============

Bigmaico
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-04-12
Gender Gender : Male
OS OS : XP
Points Points : 28263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Bigmaico on Wed Dec 23, 2009 1:22 am

How do I add the zip file to a post? I don't see anything to attach files?

Bigmaico
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-04-12
Gender Gender : Male
OS OS : XP
Points Points : 28263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Belahzur on Wed Dec 23, 2009 1:24 am

We don't have that feature, ignore where it says attaching it and post it like you did with the above log. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Bigmaico on Wed Dec 23, 2009 1:35 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/12/2008 8:56:08 AM
System Uptime: 12/22/2009 6:56:03 PM (1 hours ago)

Motherboard: Dell Inc. | | 0GM819
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | CPU | 2659/1066mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 209.921 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/19/2009 4:02:26 PM - System Checkpoint
RP2: 12/21/2009 7:11:52 AM - Software Distribution Service 3.0
RP3: 12/21/2009 2:38:30 PM - Software Distribution Service 3.0

==== Installed Programs ======================

2007 Microsoft Office system
ABBYY FineReader 4.0 Sprint
Acrobat.com
Adobe Acrobat 8 Standard
Adobe Acrobat 4.0
Adobe Acrobat 8.1.3 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
ATI Catalyst Control Center
ATI Display Driver
CDDRV_Installer
Dell ETS Factory Installation
dj_sf_software
eSupportQFolder
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotbar
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Matrix Storage Manager
Intel(R) PRO Alerting Agent
Intel(R) PRO Network Connections 12.1.12.4
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
KhalSetup
Malwarebytes' Anti-Malware
MFCLOC
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
QuickBooks Pro 2007
QuickBooks Product Listing Service
Revo Uninstaller 1.80
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
SearchAssist
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SetPoint
Sonic Activation Module
Spybot - Search & Destroy
SupportSoft Assisted Service
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb976884)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip

==== Event Viewer Messages From Past Week ========

12/22/2009 6:38:58 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/22/2009 4:36:47 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001E4F99C078. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
12/22/2009 1:23:58 PM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 001E4F99C078 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/21/2009 4:08:28 PM, error: Dhcp [1002] - The IP address lease 70.250.218.17 for the Network Card with network address 001E4F99C078 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/21/2009 3:59:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/21/2009 3:10:51 PM, error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
12/21/2009 10:51:41 AM, error: Dhcp [1002] - The IP address lease 70.255.141.182 for the Network Card with network address 001E4F99C078 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/21/2009 1:57:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP Fips intelppm SRTSPX SymIRON SYMTDI
12/21/2009 1:36:24 PM, error: Dhcp [1002] - The IP address lease 70.134.205.24 for the Network Card with network address 001E4F99C078 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/21/2009 1:29:33 PM, error: Dhcp [1002] - The IP address lease 70.250.218.19 for the Network Card with network address 001E4F99C078 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/19/2009 4:18:26 PM, error: SideBySide [59] - Generate Activation Context failed for F:\mbam-rules.exe. Reference error message: The operation completed successfully. .
12/19/2009 4:18:26 PM, error: SideBySide [58] - Syntax error in manifest or policy file "F:\mbam-rules.exe" on line 0.
12/19/2009 4:03:33 PM, error: SideBySide [59] - Generate Activation Context failed for F:\installs\spybotsd162.exe. Reference error message: The operation completed successfully. .
12/19/2009 4:03:33 PM, error: SideBySide [58] - Syntax error in manifest or policy file "F:\installs\spybotsd162.exe" on line 0.
12/19/2009 3:57:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/19/2009 3:28:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip
12/19/2009 3:28:45 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2009 3:28:45 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2009 3:28:45 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2009 3:28:45 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/19/2009 3:28:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/19/2009 3:28:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/19/2009 2:30:53 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\All Users\Application Data\Norton\{NIS_Production_94_17.1.0.19_NUC}\NIS10UPEN.exe. Reference error message: The operation completed successfully. .
12/19/2009 2:30:53 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Documents and Settings\All Users\Application Data\Norton\{NIS_Production_94_17.1.0.19_NUC}\NIS10UPEN.exe" on line 0.
12/19/2009 2:26:08 PM, error: Service Control Manager [7024] - The Norton Internet Security service terminated with service-specific error 4294967295 (0xFFFFFFFF).
12/19/2009 2:26:08 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
12/19/2009 2:25:31 PM, error: SRService [104] - The System Restore initialization process failed.
12/18/2009 5:17:23 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706).
12/15/2009 8:48:12 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706).
12/15/2009 8:45:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 001E4F99C078 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/15/2009 3:23:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
12/15/2009 10:06:31 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

Bigmaico
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-04-12
Gender Gender : Male
OS OS : XP
Points Points : 28263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Belahzur on Wed Dec 23, 2009 1:37 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Hotbar
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "This special release provides a few key fixes.".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u17-windows-i586.exe that you downloaded to install the newest version.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\docume~1\alluse~1\applic~1\HotbarSA
    c:\docume~1\mikea\applic~1\WeatherDPA
    c:\docume~1\mikea\applic~1\Hotbar

    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move proacess. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Bigmaico on Wed Dec 23, 2009 2:23 am

c:\docume~1\alluse~1\applic~1\HotbarSA folder moved successfully.
c:\docume~1\mikea\applic~1\WeatherDPA folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\Weather\Weather_XML folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\Weather\WeatherDPA\Weather_XML folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\Weather\WeatherDPA folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\Weather folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\v3.5\Hotbar\static\DownLoad folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\v3.5\Hotbar\static\2 folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\v3.5\Hotbar\static\1 folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\v3.5\Hotbar\static folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\v3.5\Hotbar\dynamic folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\v3.5\Hotbar folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\v3.5\HostOL\dynamic folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\v3.5\HostOL folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\v3.5\HostOI\dynamic folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\v3.5\HostOI folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\v3.5 folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar\IESkins folder moved successfully.
c:\docume~1\mikea\applic~1\Hotbar folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!

OTM by OldTimer - Version 3.1.3.0 log created on 12222009_201929

Bigmaico
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-04-12
Gender Gender : Male
OS OS : XP
Points Points : 28263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Belahzur on Wed Dec 23, 2009 7:13 pm

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Bigmaico on Wed Dec 23, 2009 7:40 pm

I'm at home, need to go to the shop 40 miles away. I'll post back in about 2 hrs.

Bigmaico
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-04-12
Gender Gender : Male
OS OS : XP
Points Points : 28263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Belahzur on Wed Dec 23, 2009 7:50 pm

Okay, will be waiting.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Bigmaico on Wed Dec 23, 2009 9:59 pm

Still no Internet unless in safe mode.

what is loading in normal mode that keeps if from accessig the Internet that doesn't load in safe mode?

Bigmaico
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-04-12
Gender Gender : Male
OS OS : XP
Points Points : 28263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Belahzur on Wed Dec 23, 2009 11:34 pm

Your logs show access denied from the router, are you on wireless?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Bigmaico on Wed Dec 23, 2009 11:37 pm

No it's DSl, but if the router denied access why does it work in safe mode & my laptop work fine also? just trying to learn.


Last edited by Bigmaico on Wed Dec 23, 2009 11:41 pm; edited 1 time in total (Reason for editing : additional information)

Bigmaico
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-04-12
Gender Gender : Male
OS OS : XP
Points Points : 28263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Belahzur on Wed Dec 23, 2009 11:46 pm

Not sure, you may need to open a topic in the internet and networking area, I'm not the best with networking issues.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Bigmaico on Wed Dec 23, 2009 11:54 pm

ok I'll do that & reference this post, I still can't download AVG.

Bigmaico
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-04-12
Gender Gender : Male
OS OS : XP
Points Points : 28263
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Belahzur on Wed Dec 23, 2009 11:56 pm

Actually, I'll give this one more shot in the dark.

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus live removed No Internet?

Post by Bigmaico on Thu Dec 24, 2009 2:11 am

Ok here it is. I'll be at home for the next 2 day's thanks for your help 7 have a great Christmas or whatever you celibrate at this time of the year.

GMER 1.0.15.15281 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-23 19:55:04
Windows 5.1.2600 Service Pack 3
Running: x007oyd2.exe; Driver: C:\DOCUME~1\mikea\LOCALS~1\Temp\uxtdypob.sys


---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

Bigmaico
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-04-12
Gender Gender : Male
OS OS : XP
Points Points : 28263
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum