Hi.

 My first post.

I`m using Win 7 64bit.

I got a virus that shut down my PC, restarted it and changed my UAC to lowest settings.

I now have no internet access.

(I`m writing this as I have a dual boot option so my XP installation and internet connection is ok.)

I cant scan my Windows 7 installation for viruses as NIS keeps telling me it need the latest definitions to run a virusscan.

How am I supposed to do this with no internet?

I have run various spyware progs and found I had,

Trojan.dopper

Worm.bagle

Trojan.agent

Hyjack.displayproperties.

These have now gone, but still can`t connect.

I`m now doing a full system scan on my working xp boot with NIS hoping it will find the virus on my Windows 7 drive.

Can anyone help?

Cheers

scan your pc with these:

malwarebytes

http://www.malwarebytes.org/index.php

superantispyware

http://superantispyware.com/

download the free versions - unless you want to pay :P

Hi

Please do not get the paid versions of the above products as they will conflict with your Norton Products. Only the FREE versions are compatible with Norton Products.

Hi. Tried these progs, even though I can`t updated them as my connection on the offending boot is down.

Not found anything untoward.

Everything seems to work apart from the interner connection,

I seem to be having a problem with the network connection.

It isn`t picking up my wireless signal.

I know its working because Im using it with this partion.

How can I redownload the driver for my my wireless reciever on my PC  if I cant connect to the internet and get to the Windows update page?

I`ve even tried doing a fix on Win 7 disk (start up) fix, but even that need a interner connection.

I`ve looked at Belkin website, and can`t find a Win 7 driver com[patable, so how come it worked straight after the installation with no Belkin driver?

Everything I try revolves around an internet connection, and the affected Win 7 install is disabled.

To top it all off, my XP partitiion had problems starting up.

Got a BSOD and said recovered from a serious problem due to a driver.????????

These 2 boots, XP and Windows 7 are on SEPERATE drives. Can a virus do this?

Confused.

Ian Edwards 

I am not sure whether you have checked these steps, you can try to flush your DNS and resetting the winsock. 

1. Click the Start button and then click All Programs > Accessories > Run, type  ipconfig /flushdns and click OK.

2. Click the Start button and then click All Programs > Accessories > Run, type  cmd and click OK.

3. In the command prompt, type the following and press Enter after each line:

netsh int ip reset resetlog.txt [Enter]
netsh winsock reset [Enter]

exit [Enter]

Hi eddie

It is possible that you have a rootkit and those other things that were found were the secondary infections.. You may have to go to a site like www.bleepingcomputers.com to get it cleaned up.

Thanyou for sparing the time to get back to me.

Will try your suggestions and post my results.

Thank you again.

Ian Edwards

Hi.

 My first post.

I`m using Win 7 64bit.

I got a virus that shut down my PC, restarted it and changed my UAC to lowest settings.

I now have no internet access.

(I`m writing this as I have a dual boot option so my XP installation and internet connection is ok.)

I cant scan my Windows 7 installation for viruses as NIS keeps telling me it need the latest definitions to run a virusscan.

How am I supposed to do this with no internet?

I have run various spyware progs and found I had,

Trojan.dopper

Worm.bagle

Trojan.agent

Hyjack.displayproperties.

These have now gone, but still can`t connect.

I`m now doing a full system scan on my working xp boot with NIS hoping it will find the virus on my Windows 7 drive.

Can anyone help?

Cheers

ok, where do i start? LOL

ied those steps suggested.

Reset everything, restarted machine but no joy.

The icon on the taskbar ( for internet connection) by the clock has a red cross through it .

it says "not connected", " no connections are  avaliable"

Looked in task manager and no network controller drivers are installed.

?

I looked in recent history in NIS and it detected " Hacktool.rootkit" but not sure if Norton delt with it, or that is the problem.

When i boot up infected Win 7 I sometimes get BSOD and then it boots normally.

Shall I switch off system restore like I`ve seen in other posts?

Please help.

Ian Edwards

PS

Is is possible to download updates for my Internet security and install them on the drive thats infected so I can run the scan?

Hi

try hitmanpro at www.hitmanpro.com. It's ree for the first two weeks.

It is very good in detecting and removing bad malware

Hi eddie 123

You have a rootkit infection on your computer. Please do not try to remove this by yourself. Rootkits are difficult to remove if you do not know what you are doing. Please don't use any advanced tools on your own. You can end up doing more damage than good. Also please don't go to any banking or buying sites until you are cleaned up.

I would recommend that you go to a site like www.bleepingcomputers.com and follow their instructions to the letter. Put in your topic that you have a Hacktool rootkill. If you follow their instructions and don't do anything on your own, they should be able to help you get your computer cleaned up. Rootkits are serious malware and you need the expert supervision that can be found at a place like bleeping computers.

Please come back and let us know how you are progressing. Good luck with getting it cleaned up.

Downloading it now.

Thanks

Ian Edwards

eddie123 -

To answer your earlier question, yes a virus can move itself from one drive to another.  They love to spread out far and wide.

Hi

tried that prog.

It tried to connect to internet on startup, which is no good to me as my infected boot cant connect.

Ran it on my working boot, but it didnt find anything.

Here is a copy of Hyjackthis

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13:58:25, on 17/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
I:\Windows\SysWOW64\wltrysvc.exe
I:\Windows\SysWOW64\bcmwltry.exe
I:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files (x86)\Bonjour\mDNSResponder.exe
I:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
I:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
I:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
I:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
I:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
I:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe
I:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
I:\Program Files (x86)\Spyware Doctor\pctsTray.exe
I:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
I:\Windows\vVX3000.exe
I:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
I:\Program Files (x86)\Registry Mechanic\RMTray.exe
I:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
I:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
I:\Windows\SysWOW64\CtHelper.exe
I:\Program Files (x86)\iTunes\iTunesHelper.exe
I:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
I:\Program Files (x86)\PowerISO\PWRISOVM.EXE
I:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
I:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
I:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
I:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe
I:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
I:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
I:\Program Files (x86)\Belkin\F5D7001v2000\Belkinwcui.exe
I:\Program Files (x86)\Belkin\F5D7001v2000\ChkDev.exe
I:\Program Files (x86)\WinZip\WINZIP32.EXE
I:\Program Files (x86)\WinZip\WZSrvr32.exe
I:\Program Files (x86)\WinZip\WZSess32.exe
I:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = I:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - I:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - I:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - I:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - I:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - I:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [LifeCam] "I:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [amd_dc_opt] I:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [GrooveMonitor] "I:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] I:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SSDMonitor] I:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [TrojanScanner] I:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [ISTray] "I:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "I:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] I:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [NokiaOviSuite2] I:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [nHancer] "I:\Program Files\nHancer\nHancer.exe" /tray
O4 - HKCU\..\Run: [RegistryMechanic] I:\Program Files (x86)\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] I:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] I:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = I:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = I:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://I:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - I:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - I:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - I:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - I:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - I:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - I:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - I:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - I:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - I:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - I:\Program Files\nHancer\nHancerService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - I:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - I:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - I:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - I:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - I:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - I:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia - I:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - I:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - I:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - I:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - I:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - I:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - I:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - I:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - I:\Windows\System32\wltrysvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - I:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - I:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13547 bytes

Ian Edwards

Hi eddie

You are running almost every program under the sun that could conflict with NIS. Nothing is going to work correctly with all the conflicting programs that are on your computer. You have a lot of live time security programs that are running at once or else there are remnants of these programs which are going to conflict with NIS. Have you gone to bleepingcomputers to get your computer cleaned up like I mentioned previously? You have adaware, spyware doctor and other programs listed there and they are all going to conflict with Norton under the best conditions. When you have more than 1 live time security scanner running at once, that is going to cause more problems than it will solve.

Please go to a site like bleeping computers and follow their instructions to the letter if you want to get your computer cleaned up. Has bleeping computers told you to run a HiJackThis?

Hi.

Thanks for reply.

I`ve added these programs after I had this problem with internet connection.

I have enrolled at bleepingcomputers as you suggested and posted my problems.

I will delete most of the scanners as you requested.

No they didnt ask me to run HiJackThis, I have been searching other forums, and thought this might be of help to someone.

Thanks again for helping me.

Ian Edwards

Hi eddie

Since you have a rootkit, may I please recommend to you not to use your computer more than you have to. The more things you try to do on your own, the worse it makes the condition that you have with your computer. Every program you run creates entries in the registry and it can change the symptoms you are exhibiting.  Please don't do anything other than what bleepingcomputers tell you to do. Each scan that you provide them with shows your computer at the time you provide the scan. If you do other things with your computer after you give them one scan and they haven't told you to do something, your computer may have changed in the meantime because of your other activites and the responses that they are preparing for you may not apply if you have made more changes by running other programs.

That is why you have to do exactly what they say to do and only what they say to do. You have to follow instructions carefully and completely and ask them any questions you may have about a certain procedure.

Thankyou for your reply.

I`m unsure if the rootkit is actually installed, or Norton Managed to stop it in time, but I will heed your advice.

Cheers

Ian Edwards