Problem with winsock

By osbornej21 · 9 replies
Jun 12, 2010
  1. Hello, I am trying to fix my grandmothers CPU. With no luck so far. I have tried several things i have read on the internet post and nothing has worked so far. I was wondering if someone with more knowledge than I (pretty much everyone here), could give me some suggestions. I have added the Hijack file in the attachments...Thanks in advance!

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    The subject doesn't give us any information we can use. We don't 'screen' computers for problems with HijackThis.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, please leave the logs for us to review.

    Edit: I took a look at the HJT log. What is happening on the system that caused you to give subject problem with Winsock? If you are getting error messages, we need to know what they are. We also need to know what made you decide to post in this forum rather than Windows OS?
  3. osbornej21

    osbornej21 TS Rookie Topic Starter

    8 Step done...

    Okay, sorry about the earlier post. The IE will not connect to the internet. It gives a message about the Winsock catalog. The network manager says it is connected and the status shows activity, but from what I read this problem is not allowing IE to connect. Here are the log files I saved.

    Malwarebytes' Anti-Malware 1.46

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/12/2010 12:50:39 PM
    mbam-log-2010-06-12 (12-50-39).txt

    Scan type: Quick scan
    Objects scanned: 112975
    Time elapsed: 10 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER -
    Rootkit scan 2010-06-12 16:15:22
    Windows 5.1.2600 Service Pack 3
    Running: 28gdvq7r.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kgloiaow.sys

    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xF798BCD6]
    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xF798BCF0]
    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xF798AE8C]
    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xF798B1BC]
    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xF798ABCC]
    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xF798B5EE]
    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xF798C88C]
    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xF798B43E]
    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xF798AA4C]
    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xF798AEC0]
    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xF798B042]
    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xF798A9A6]
    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xF798AB06]
    SSDT \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xF798AF86]

    Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [4C, AA, 98, F7, C0, AE, 98, ...]
    PAGE ntoskrnl.exe!IoCreateDevice + 3 8059FAD1 2 Bytes [0B, 77]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Owner at 16:22:33.95 on Sat 06/12/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.547 [GMT -5:00]

    AV: CenturyLink™ Online Security 9.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: CenturyLink™ Online Security 9.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
    C:\Program Files\CenturyLink Online Security\Anti-Virus\FSGK32.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe
    C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://
    uSearch Bar = hxxp://
    uURLSearchHooks: MapQuest Toolbar Search Class: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - c:\program files\mapquest toolbar\mapquesttb.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: MapQuest Toolbar Search Class: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - c:\program files\mapquest toolbar\mapquesttb.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files\common files\toolbar\ElnkPub.dll
    BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~1\people~1\PRPL_I~1.DLL
    BHO: CenturyLink Toolbar: {83453b9b-b889-4659-9144-20f081542bdc} - c:\program files\centurytoolbar\centurytoolbarDx.dll
    BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files\common files\toolbar\ProtctIE.dll
    BHO: MapQuest Toolbar Loader: {bd3fd433-147a-482e-a192-614f26e2310c} - c:\program files\mapquest toolbar\mapquesttb.dll
    BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\centurylink online security\nrs\iescript\baselitmus.dll
    BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files\common files\toolbar\uninsttb.dll
    TB: MapQuest Toolbar: {9302e698-7e00-43ab-b867-c6e759bc2ada} - c:\program files\mapquest toolbar\mapquesttb.dll
    TB: CenturyLink Toolbar: {83453b9b-b889-4659-9144-20f081542bdc} - c:\program files\centurytoolbar\centurytoolbarDx.dll
    TB: EarthLink Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\common files\toolbar\Toolbar.dll
    TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\centurylink online security\nrs\iescript\baselitmus.dll
    TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [F-Secure Manager] "c:\program files\centurylink online security\common\FSM32.EXE" /splash
    mRun: [F-Secure TNB] "c:\program files\centurylink online security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    IE: EarthLink Google Search - c:\program files\common files\toolbar\SearchUI.dll/search.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\4m0b1dny.default\
    FF - component: c:\program files\centurylink online security\nrs\\components\litmus-ff.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-1-10 33920]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-1-10 80000]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\centurylink online security\hips\drivers\fshs.sys [2010-1-10 68064]
    R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\centurylink online security\anti-virus\fsgk32st.exe [2010-1-10 215648]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\centurylink online security\anti-virus\minifilter\fsgk.sys [2010-1-10 113864]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\centurylink online security\orsp client\fsorsp.exe [2010-1-10 55992]
    S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\drivers\adsfilter.sys --> c:\windows\system32\drivers\ADSFilter.sys [?]
    S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\centurylink online security\anti-virus\win2k\fsfilter.sys [2010-1-10 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\centurylink online security\anti-virus\win2k\fsrec.sys [2010-1-10 25184]

    =============== Created Last 30 ================

    2010-06-12 17:38:52 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
    2010-06-12 17:38:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-12 17:38:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-12 17:38:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-06-12 17:38:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-12 03:39:58 0 d-----w- c:\program files\Trend Micro
    2010-06-11 22:11:09 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2010-06-11 22:11:09 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2010-06-11 21:59:40 0 d-----w- c:\windows\system32\wbem\Repository
    2010-06-01 18:16:08 0 d-----w- c:\docume~1\owner\applic~1\Registry Mechanic
    2010-06-01 18:02:36 0 d-----w- c:\program files\Free Window Registry Repair
    2010-06-01 17:51:54 0 d-----w- c:\program files\common files\PC Tools

    ==================== Find3M ====================

    2007-07-06 18:43:31 515 ----a-w- c:\program files\common files\phonepref.txt
    2009-04-29 20:04:55 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
    2009-04-29 20:04:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
    2009-04-29 20:04:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042920090430\index.dat

    ============= FINISH: 16:23:13.87 =============

    I hope I did this right...

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36


    There are several questionable drivers/Services that will need to be checked out. Also, I'm not familiar with the particulars of CenturyLink™ Online Security. It 'use to be' Embarque and Cen-Tel, has merged with Quest and is 'powered by F-Secure'- I'm not sure what that means. I tried to find a screenshot to compare with the following security program to see if it was the same, but there is none available.

    In addition to that, F-Secure® Protection Service for Consumers™ is installed:

    The common point in these 2 is F-Secure but it 'looks like' 2 different security suites. Checking the Event Errors given in DDS shows a problem with the security:
    6/12/2010 12:25:16 PM
    3 Event Error #7034, Source: Service Control Manager, Descriptions:
    1.The F-Secure Management Agent service terminated unexpectedly.
    2.The F-Secure Anti-Virus Firewall Daemon service terminated unexpectedly
    3.The FSGKHS service terminated unexpectedly.((F-Secure Gatekeeper Handler Starter)

    6/11/2010 6:01:25 PM,
    Event Error #17, Source: W32Time, Desc:
    Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer ',0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    Follow Microsoft directions HERE.

    6/11/2010 11:31:27 PM,
    Error Event #7023, Source: Service Control Manager, Desc: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: An address incompatible with the requested protocol was used.
    Error Event #7023, Source: Service Control Manager, Desc: The IPSEC Services service terminated with the following error: The support for the specified socket type does not exist in this address family.

    6/11/2010 10:48:55 PM,
    Error Event #7023, Source: Service Control Manager, Desc: The IPSEC Services service terminated with the following error: The authentication service is unknown.(Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.)

    Check the information HERE for help with IPSEC problems.

    Before I go any further, I'd like you to check the security programs. You should have only one antivirus program, one software firewall. Multiple antimalware is okay. See what these program have- are they 2 security suites? IS the Windows firewall set in addition to the firewall in the suite?

    I also note that multiple Restores have been done:
    RP161: 4/25/2010 8:22:35 AM - Restore Operation
    RP163: 4/26/2010 7:23:08 AM - Restore Operation
    RP164: 5/4/2010 8:11:23 PM - Restore Operation
    RP165: 5/4/2010 9:07:55 PM - Restore Operation
    RP167: 6/1/2010 1:12:48 PM - Made by Regsofts>> this is a Registry cleaner
    RP168: 6/11/2010 4:29:11 PM - Restore Operation

    Please do not use the Registry cleaner or make any changes to the Registry. Don't use any other cleaning programs or scans while I'm helping you.
  5. osbornej21

    osbornej21 TS Rookie Topic Starter

    From what I see, one security program and no windows firewall is not active. The CenturyLink security is provided by her service provider.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Please run the following:

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    Run Eset NOD32 Online AntiVirus Scanner HERE
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Leave the logs in the next reply.
  7. osbornej21

    osbornej21 TS Rookie Topic Starter

    I had not ran the two programs you ask me to yet and it is working now. I have worked on this for several days now. Not sure what the deal is. I deactivated the security in preparation to run the program and just thought I would try the internet. It works now...
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Are you indicating that you don't want to continue?
  9. osbornej21

    osbornej21 TS Rookie Topic Starter

    I uninstalled the centurylink and reinstalled and everything seems to be working fine now...I am open to anything else you think I might need to do though...
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Sounds like there was a conflict from the security programs.

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    Empty the Recycle Bin

    Let me know if I can be of more help. Thread being closed at your request.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...