also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot

[Inactive] Can't get on the internet even in safemode network

Discussion in 'Virus and Malware Removal' started by msaffa, Jun 23, 2011.

Thread Status:
Not open for further replies.

  1. msaffa Newcomer, in training

    It will not recognize a flash drive. my wireless is shut down. I can do a hijackthis log but can't get on the internet to post it. I could type it out if that would help. from looking at the hjt log looks like alot of processes are not running. if anyone could point me in the right direction where to start looking that would be great. I have read all of the post that had alot of the same things in their hjt list. so far that direction has not helped. This is my friends computer and I offered to help her get it cleaned. This all happened when her son went on some kind of peer to peer site to get music. I removed a program that was peer to peer forgot the name but it had a blue lookin bug as a moniker. thank you for any help

    When I try and get on the internet safe mode with networking I get a Your security
    settting level puts your cmputer at risk. click here to change our security settings.
    when I click on it I click on open security settings. when I change them nothing happens
    I keep getting the same warning kinda like a circle. It will not allow me to change firewall settings.
    I have typed free hand a copy of my HJT log. that is the only program on this computer. it has AVG but will not allow it to opened. so here is my typed HJT log please someone help me

    Attached Files:

    msaffa, Jun 23, 2011
    #1

  2. Bobbye Helper on the Fringe

    Welcome to TechSpot! I'll be glad to help, but you will have to get some information. We do not use Hijack This to 'screen' for malware. Please also note the reference to pasting logs in the reply, rather than attaching.

    Since you cannot access the internet, you will need to download and update the following scans on a flash drive, then run each on the problem system. If you can get into Normal Mode when you boot, even without the internet, run that scans in Normal Mode.

    Be cautious using Safe Mode with Networking because your security doesn't run in that mode.
    ==============================
    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ====================================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Bobbye, Jun 23, 2011
    #2

  3. msaffa Newcomer, in training

    I have tried to run scans by flash drive the computer does not reconize the flash drive or let me add it as new hardware. sorry about the hjt log its the only program that can scan on that computer, I need some way to manually do something I was hoping after typing out the hjt log maybe someone could help. the computer will not let me do anything.
    msaffa, Jun 23, 2011
    #3

  4. Bobbye Helper on the Fringe

    You do not need to quote my reply. It takes up too much space. And it is always visible.

    The system isn't configured correctly. IT is difficult to give '3rd party help'> you, me and the user-because we have to go back and forth. And you will need to know "How to add new hardware:"
    The Add Hardware Wizard enables you to add new hardware or troubleshoot any hardware-related problems.

    Open the Add Hardware Wizard
    Click Start> Control Panel> Click Printers and Other Hardware> . Under See Also>> click Add Hardware.
    ======================================
    I looked at the HJT log: This is a big NO One wrong letter in a word can change an entry to malware.
    If you got the log, you can copy it:
    =====================================
    Regarding HijackThis:
    1. It's an outdated version.
    2. You should not makes comments in any log. If you want to explain something, do it at the end.
    3. It is not the complete HJT log. (NO, I don't want you to run it except to check the entries in #5
    4. Did you set this or type it in?
    These entries are why you can't access the internet. They are not correct.

    5. Run HJT again in the 'do system scan only mode. Check the following if present:

    RO-HKCUsoftware\microsoft\internet explorer\main,start page =
    RO-HKCU\software\microsoft\internet explorer\main,local page =
    RO-HKCU\software\microsoft\internet explorer\toolbar, linksfolder name=
    R3- Default URLSearchhook is missing
    04- HKLM\..\run:[MSConfig} C:\window\PCHelpCtr\Binaries\MSConfig.exe /auto
    O15 - ProtocolDefaults: '@ivt' protocol is in My computer Zone, should be Intranet Zone
    O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be internet Zone
    O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

    Close all Windows except HJT. Click on "Fix Checked."

    You have no homepage set, no search page, no links page, no indication of whether the system is configured correctly.
    ===============================
    When finished the above, do this:
    Click on Start> Settings> Control Panel> Internet Options>
    Advanced tab> Check 'Restore Defaults'
    Programs tab> Check 'Reset Web Settings
    Programs tab> Check 'Internet Explorer should check to see if it's the default
    Click on Apply
    Confirm the IE should check now. If it is set as default, okay. If it is not, click 'yes' t set as default
    Click OK
    Close Internet Options
    Reboot the computer into Normal Mode.
    =================================
    Let me know the result. Depending on the result, I may have your thread moved to a more suitable forum as this is more of a system problem that it is a malware problem.
    Bobbye, Jun 23, 2011
    #4

  5. msaffa Newcomer, in training

    I am not going through anyone else I have the computer right here beside me. I did everything you told me. I still can't get on the internet. all the hjt came back except the 04 one.

    I did not set the ProtocolDefaults or type them in anywhere

    When I try and get on the internet this is what it says:
    A Program on your computer has corrupted your default search provider setting for Internet
    Explorer Internet Explorer has reset this setting to your original search provider, Live Search (search.live.com)
    Internet Explorer will now open Search Settings, shere you can change this setting or install more search providers.

    If I bring up internet tools it show the Home page as www.msn.com.

    The add Hardware wizard will not open

    I am able to boot up in normal mode.
    msaffa, Jun 24, 2011
    #5

  6. Bobbye Helper on the Fringe

    See if this will work:

    Here are instructions to remove SearchSettings:
    1. Click on Start> Control Panel> Add/Remove Programs" or "Uninstall a Program."
    2. Look for Search Settings in the list that follows. If it appears (it usually doesn't), select and delete it.
    3. Click on Start> All Programs> Accessories> System Tools> Windows Explorers.
    4. Once in Windws Explorer> click on Tools> Folder Options> View tab> Check 'show hidden files and folders'> Uncheck 'Hide system files Recommended> Click on Apply and click yes to Confirm.
    5. Again click on the Tools> Manage Add-ons> Find Search Settings among the list and select Disable (or Remove if possible). Note: Look in both 'addons currently on system' and addons previously on system'
    6. Open Firefox if you have it installed> Tools> Add-ons> Look for Search for Search Settings. If it's there, click the Uninstall button.
    7. Download the free Windows Installer CleanUp Utility . Install, then open the utility. Look for Search Settings among the programs listed, select it, and then press the "Remove" button.
    Bobbye, Jun 24, 2011
    #6

  7. msaffa Newcomer, in training

    I finally got Window Explorer opened. Under tools I changed viewing files and folders. I do not have Manage Add-ons.

    If I click on Help I get a pop up Windows cannot open Help and Support because a system service is not running to fix this problem, start the service named "Help and Support'

    ok question under computer Management (Local) Services should everything under startup type be disabled?
    msaffa, Jun 24, 2011
    #7

  8. Bobbye Helper on the Fringe

    Tools in Windows Explorer is for Folder Options.

    For Manage Addons, you must use Tools in Internet Explorer

    The "Tools" have different content according to their location.

    No. If all the Services are disabled, you won't be able to do anything. Some of them have to be set to Automatic in order to startup and access the internet. Did you find them all disabled? IF the Services are all disabled, do the following:Start> Run> type in msconfig> enter> Services tab> Check Enable All

    The 'enable all' is only a temporary reversal of you found them all disabled.
    Bobbye, Jun 24, 2011
    #8

  9. msaffa Newcomer, in training

    they were all disbled except for 4 of them.
    msaffa, Jun 24, 2011
    #9

  10. msaffa Newcomer, in training

    k I can now use the usb what do I need to down load to it, still can not get on the internet
    msaffa, Jun 24, 2011
    #10

  11. Bobbye Helper on the Fringe

    Every sentence in a new post generted an email feedback to me. Please use the Edit feature for short post. Just don't edit to put logs in.

    Continue with this:
    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
    Bobbye, Jun 25, 2011
    #11

  12. msaffa Newcomer, in training

    after downloading Malwear-bytes on install I get a warning HKEY-Current-user\Software\malwear-bytes'anti-ware
    RegCreat Key failed Code 5 access is denied
    msaffa, Jun 25, 2011
    #12

  13. Bobbye Helper on the Fringe

    Perhaps you should return it to your friend and suggest she/he take it to a shop to fix it. You committed yourself to your friend to clean the computer, then you come here to have it done. I have given you the instructions you need, but you aren't able to follow them. There is a limit to what we can do here.
    Bobbye, Jun 25, 2011
    #13

  14. msaffa Newcomer, in training

    k got the software down loaded followed the rest of the instructions I hope
    here are the logs

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6949

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/25/2011 3:00:18 PM
    mbam-log-2011-06-25 (15-00-18).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 230831
    Time elapsed: 34 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\Hotbar@Hotbar.com (Adware.Hotbar) -> Value: Hotbar@Hotbar.com -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-25 15:10:05
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0002
    Running: f2zkzdu2.exe; Driver: C:\WINDOWS\TEMP\fxaiaaod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Sandy at 15:11:25 on 2011-06-25
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\TEMP.YOUR-ADIKE1WB0D\My Documents\Downloads\dds.scr
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [EEESplendidAR] c:\program files\asus\epc\eeesplendid\AutoRun.exe
    mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
    mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
    mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBJAC0AQQBTAFgATgBOAC0AWAA0AFcARwBXAC0ATQA"&"inst=NwA4AC0AMgAzADAAMQAzADg"&"prod=94"&"ver=9.0.791
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{E13197E0-C3D7-4DD1-884C-39D29C40A518} : DhcpNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\temp.your-adike1wb0d\application data\mozilla\firefox\profiles\k8f0ou1b.default\
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? Ambfilt;Ambfilt
    R? AmUStor;AM USB Stroage Driver
    R? AVGIDSAgent;AVGIDSAgent
    R? fsssvc;Windows Live Family Safety
    R? MBAMSwissArmy;MBAMSwissArmy
    R? RT80x86;Ralink 802.11n Wireless Driver
    R? uvclf;uvclf
    S? AVGIDSDriver;AVGIDSDriver
    S? AVGIDSEH;AVGIDSEH
    S? AVGIDSFilter;AVGIDSFilter
    S? AVGIDSShim;AVGIDSShim
    S? Avgldx86;AVG AVI Loader Driver
    S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
    S? Avgrkx86;AVG Anti-Rootkit Driver
    S? Avgtdix;AVG TDI Driver
    S? avgwd;AVG WatchDog
    S? fssfltr;fssfltr
    S? L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller
    S? SASDIFSV;SASDIFSV
    S? SASKUTIL;SASKUTIL
    .
    =============== Created Last 30 ================
    .
    2011-06-25 19:23:14 -------- d-----w- c:\documents and settings\temp.your-adike1wb0d\application data\Malwarebytes
    2011-06-25 19:23:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-25 19:23:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-06-25 19:22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-25 18:10:04 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-25 18:10:04 -------- d-----w- c:\program files\grappy peat
    2011-06-25 16:37:33 -------- d-----w- c:\documents and settings\temp.your-adike1wb0d\application data\AVG10
    2011-06-25 16:36:12 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-06-25 16:34:46 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-06-25 16:34:46 -------- d-----w- c:\documents and settings\all users\application data\AVG10
    2011-06-25 04:11:57 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-06-25 02:54:24 -------- d-----w- c:\documents and settings\temp.your-adike1wb0d\application data\SUPERAntiSpyware.com
    2011-06-25 02:54:24 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2011-06-24 19:09:19 -------- d-----w- c:\documents and settings\temp.your-adike1wb0d\local settings\application data\Microsoft Help
    .
    ==================== Find3M ====================
    .
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-04-15 02:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
    2011-04-05 05:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    .
    ============= FINISH: 15:12:04.89 ===============


    .
    ==== Installed Programs ======================
    .
    3ivx MPEG-4 5.0.3 (remove only)
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Asus ACPI Driver
    ASUS USB2.0 UVC VGA WebCam
    ASUSUpdate for Eee PC
    Atheros Client Installation Program
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    AVG 2011
    Bonjour
    CCleaner
    Choice Guard
    Compatibility Pack for the 2007 Office system
    Data Sync
    Eee Docking 1.3.6.0
    EeeSplendid
    EzMessenger
    FlipShare
    FontResizer
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java(TM) 6 Update 15
    Junk Mail filter update
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox 5.0 (x86 en-US)
    MSVCRT
    QuickTime
    Ralink RT2860 Wireless LAN Card
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Skype web features
    Skype™ 4.2
    Super Hybrid Engine
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USB2.0 UVC Camera Device
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    .
    ==== End Of File ===========================


    Thank you so much don't give up on me,
    msaffa, Jun 25, 2011
    #14

  15. Bobbye Helper on the Fringe

    Much better! Thank you. I do have a couple of questions:

    Did you set this directory up or did the user?
    -------------------------
    What is temp.your-adike1wb0d?
    -------------------------
    Do you know what this program is? >> 2011-06-25 18:10:04 -------- d-----w- c:\program files\grappy peat It was just installed.
    ---------------------------
    There is no homepage or search engine set up for the browser. That should be done. I can have you run more scans, but I don't know if they will help with the problem of not being able to access the internet. If you're up to some more scans, here they are:

    You will need to temporarily uninstall AVG to run Combofix. Use the following for that:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    You won't be able to update Combofix or install the Registry Console without an internet connection- so update when you put it on the flash drive.
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =================================
    We'll see how this goes. I might ask for some specific browser information later, because there is a god chance it isn't set up right and that's causing the problem.
    Bobbye, Jun 26, 2011
    #15

  16. msaffa Newcomer, in training

    Thank you so much. I am back to the point of not being able to get back on the internet. Crabby peat is just renaming Hijackthis I did it just before getting on with you. read somewhere. I don't know what What is temp.your-adike1wb0d. I am going to try and get it back up on the internet and run the scans, unless you have something else That you think I need to do. After running the scans I will get back to you. Thank you

    Neither of us added these
    2011-06-25 02:54:24 -------- d-----w- c:\documents and settings\temp.your-adike1wb0d\application data\SUPERAntiSpyware.com
    2011-06-25 19:23:14 -------- d-----w- c:\documents and settings\temp.your-adike1wb0d\application data\Malwarebytes
    2011-06-25 16:37:33 -------- d-----w- c:\documents and settings\temp.your-adike1wb0d\application data\AVG10
    2011-06-24 19:09:19 -------- d-----w- c:\documents and settings\temp.your-adike1wb0d\local settings\application data\Microsoft Help
    msaffa, Jun 28, 2011
    #16

  17. Bobbye Helper on the Fringe

    The programs in the above 'mystery' entries, but but the entries themselves are not 'normal.' I can remove them after you run Combofix.

    You can go ahead and uninstall HijackThis- it's an outdated version. And delete the log.

    Do what you can- but keep in mind what I've said. I don't think the computer settings are configured correctly. So whether you scan or no, whether we remove malware or not, the system may still not work.
    Bobbye, Jun 28, 2011
    #17

  18. Bobbye Helper on the Fringe

    Bobbye, Jul 4, 2011
    #18
Thread Status:
Not open for further replies.