8 Step done...
Okay, sorry about the earlier post. The IE will not connect to the internet. It gives a message about the Winsock catalog. The network manager says it is connected and the status shows activity, but from what I read this problem is not allowing IE to connect. Here are the log files I saved.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/12/2010 12:50:39 PM
mbam-log-2010-06-12 (12-50-39).txt
Scan type: Quick scan
Objects scanned: 112975
Time elapsed: 10 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 -
http://www.gmer.net
Rootkit scan 2010-06-12 16:15:22
Windows 5.1.2600 Service Pack 3
Running: 28gdvq7r.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kgloiaow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xF798BCD6]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xF798BCF0]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xF798AE8C]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xF798B1BC]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xF798ABCC]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xF798B5EE]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xF798C88C]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xF798B43E]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xF798AA4C]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xF798AEC0]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xF798B042]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xF798A9A6]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xF798AB06]
SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xF798AF86]
Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [4C, AA, 98, F7, C0, AE, 98, ...]
PAGE ntoskrnl.exe!IoCreateDevice + 3 8059FAD1 2 Bytes [0B, 77]
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 16:22:33.95 on Sat 06/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.547 [GMT -5:00]
AV: CenturyLink™ Online Security 9.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: CenturyLink™ Online Security 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
C:\Program Files\CenturyLink Online Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
G:\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.centurylink.net/
uSearch Bar = hxxp://home.peoplepc.com/search
uURLSearchHooks: MapQuest Toolbar Search Class: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - c:\program files\mapquest toolbar\mapquesttb.dll
uURLSearchHooks: H - No File
mURLSearchHooks: MapQuest Toolbar Search Class: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - c:\program files\mapquest toolbar\mapquesttb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files\common files\toolbar\ElnkPub.dll
BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~1\people~1\PRPL_I~1.DLL
BHO: CenturyLink Toolbar: {83453b9b-b889-4659-9144-20f081542bdc} - c:\program files\centurytoolbar\centurytoolbarDx.dll
BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files\common files\toolbar\ProtctIE.dll
BHO: MapQuest Toolbar Loader: {bd3fd433-147a-482e-a192-614f26e2310c} - c:\program files\mapquest toolbar\mapquesttb.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\centurylink online security\nrs\iescript\baselitmus.dll
BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files\common files\toolbar\uninsttb.dll
TB: MapQuest Toolbar: {9302e698-7e00-43ab-b867-c6e759bc2ada} - c:\program files\mapquest toolbar\mapquesttb.dll
TB: CenturyLink Toolbar: {83453b9b-b889-4659-9144-20f081542bdc} - c:\program files\centurytoolbar\centurytoolbarDx.dll
TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\common files\toolbar\Toolbar.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\centurylink online security\nrs\iescript\baselitmus.dll
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [F-Secure Manager] "c:\program files\centurylink online security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\centurylink online security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: EarthLink Google Search - c:\program files\common files\toolbar\SearchUI.dll/search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\4m0b1dny.default\
FF - component: c:\program files\centurylink online security\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-1-10 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-1-10 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\centurylink online security\hips\drivers\fshs.sys [2010-1-10 68064]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\centurylink online security\anti-virus\fsgk32st.exe [2010-1-10 215648]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\centurylink online security\anti-virus\minifilter\fsgk.sys [2010-1-10 113864]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\centurylink online security\orsp client\fsorsp.exe [2010-1-10 55992]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\drivers\adsfilter.sys --> c:\windows\system32\drivers\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\centurylink online security\anti-virus\win2k\fsfilter.sys [2010-1-10 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\centurylink online security\anti-virus\win2k\fsrec.sys [2010-1-10 25184]
=============== Created Last 30 ================
2010-06-12 17:38:52 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-06-12 17:38:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-12 17:38:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-12 17:38:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-12 17:38:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-12 03:39:58 0 d-----w- c:\program files\Trend Micro
2010-06-11 22:11:09 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-06-11 22:11:09 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-06-11 21:59:40 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-01 18:16:08 0 d-----w- c:\docume~1\owner\applic~1\Registry Mechanic
2010-06-01 18:02:36 0 d-----w- c:\program files\Free Window Registry Repair
2010-06-01 17:51:54 0 d-----w- c:\program files\common files\PC Tools
==================== Find3M ====================
2007-07-06 18:43:31 515 ----a-w- c:\program files\common files\phonepref.txt
2009-04-29 20:04:55 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-04-29 20:04:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-04-29 20:04:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042920090430\index.dat
============= FINISH: 16:23:13.87 =============
I hope I did this right...