Trojan Horse on Windows XP

[staciealyse]

Hello,
Recently I ran a norton scan and it detected a trojan horse but could not fix it. I decided to take matters into my own hands, with know formal knowledge of what to do or how to do it. I browsed a couple websites, made a post on facebook, and tried to solve my own problem.
Steps:
I shut down my computer and restarted it in safemode with networking
I downloaded the microsoft program for finding and fixing viruses (dont remember what its called)
Ran that program, said everything was clean
Downloaded and installed SuperAntiSpyware on the advice of a friend and that program did find security threats, but i dont know if they were the virus or just cookies or something that the other scanners had missed.
After "super" did its thing, i restarted my computer in normal mode and was able to use the internet and all my programs normally again. (I was not able to use the internet or microsoft office when norton first found the virus)

I thought I had been succesful so I have been using my computer again as normal... but now I was looking at the bottom of the page on FireFox and it said something about transferring data and i got scared. I keep checking my task manager but i dont know what im looking for so it doesnt do any good and i just sit here and freak about whether or not i have taken care of the problem. I need help. Please. I will be online and ready to answer any questions you might have, thanks.
1 more thing, my OS is Windows XP

 

[staciealyse]

HJT Results

I read some other posts and downloaded the hikack this tool. Here is my log. I think I'm screwed huh?

 

[AnonymousSurfer]

Hi staciealyse,

According to the Hijacjthis log, you have one file that is supposed to be running in system32 but is not, and could be malware.
C:\Program Files\Common Files\alg.exe

 

[Bobbye]

AnonymousSurfer, please stop advising these members. the Hijackthis log does not screen for viruses, nor can it be used to tell someone they are virus free.

staciealyse, please follow the steps here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

When you have finished, attach the logs from Malwarebytes and Superantispyware.

Rescan with HijackThis and paste that in your reply> I will then review all of the logs and help you with the malware.

 

[staciealyse]

Another question, I am currently running the superantispyware program, but this is the first antispyware i downloaded after I realized I had become infected, and it found threats the first time i ran it, but then my computer shut down and every scan i performed subsequently came up clean. Is it possible the virus affected it in some way so that the version I have is no longer able to detect it? Should I uninstall and re-download?

 

[Bobbye]

Yes. Uninstall and remove the log it created. Run programs in this order: Malwarebytes, then Superantispyware, then follow with new HijackThis scan.

Attach logs from first 2 programs.

PASTE the log from HijackThis.

 

[staciealyse]

I am a frustrated mess! I cant remove or add the programs that I need to because either it will not let me delete the program (i.e. superantispyware, malwarebytes, etc) or i will delete/uninstall and then re-download but the program is still not functioning correctly or finding files that i know are corrupt or infected. Windows Add or Remove programs keeps telling me its not installed right or that i'm running in safe mode (I dont think I can be because i chose the option that said "start all programs and devices run computer in normal mode) to bypass that error and it still says the same thing. What do i do now...?

 

[AnonymousSurfer]

Are the programs (SUPERAntiSpyware, Malwarebyte's, etc.) working? If the logs are saving, pleas post them.

 

[Bobbye]

I cant remove or add the programs that I need to because either it will not let me delete the program

Okay, then give us the logs you have.

And consider running a full system scan with the Symantec antivirus, save the log and attach with the other logs..

 

[staciealyse]

I uninstalled my norton anti virus because someone responded that i would have to uninstall it to proceed. Here are the logs that I made before my computer stopped letting me install/uninstall programs. I have all these files popping up on my computer that i have never seen before...
Located in
Application Data:
Blitware (description) Driver Robot
ICA Client (has many files of configuration settings)
there is also a microsoft file with tons of sub files
there is something called NT User that pops up everywhere
and i keep seeing something that says desktop described as configuration settings in pretty much every file.
I tried to uninstall and reinstall superantispyware but it wont let me and now I cant find the logs from the majority of other programs I ran. The ones I attached I found in a documents folder that i had used before i read that you guys didnt want us (infected users) to change the file paths. Something else i dont recognize is called UpNp and so much more. It also says im logged on in safe mode when im logged in as the administrator and the more i explore the more things I find that I dont recognize. I feel completely paranoid! This is my first experience with a virus and let me just say it is VERY unnerving.

 

[staciealyse]

Hijack This

I just tried to copy and paste a couple hijack this logs from different dates but it said i used too many characters so i am attaching them here
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:19 AM, on 11/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\AppStream\WindowsClient\Bin\AppMgrGui.exe
C:\Program Files\Common Files\alg.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AppMgrGui] C:\Program Files\AppStream\WindowsClient\Bin\exeForService.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Application Layer Gateway] C:\Program Files\Common Files\alg.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-868811260-2976433552-2182561353-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Stacie Gubler')
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {4E1AEB50-759B-495F-B91A-C9018B0E7236} (ArcDnld Control) - https://www.sub-hub.com/Secures/SHDnld.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

 

[staciealyse]

Config Free

ConfigFree Diagnostic LOG

* Machine information
* IP information
* Route information
* Protocol information
* Network Device information
* Wireless Comunication Switch and Wireless HotKey status
* Diagnostics results
* ConfigFree Version
* Network Diagnostics



Machine information

Vendor:
Machine Name:
BIOS Name:
BIOS Version:
Version:
CPU Maker:
CPU Name:
CPU Clock:
CPU Base Clock:
OS:
OS Build:
OS SP:
Ram:


TOP

IP information

ipconfig /all


Windows IP Configuration



Host Name . . . . . . . . . . . . : toshiba-user

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : lan



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : lan

Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-18-DE-52-92-31

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.109

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::218:deff:fe52:9231%4

Default Gateway . . . . . . . . . : 192.168.0.1

fe80::224:1ff:fe40:106c%4

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Wednesday, December 02, 2009 2:49:54 PM

Lease Expires . . . . . . . . . . : Wednesday, December 09, 2009 2:49:54 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-16-36-5C-CA-77



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled


TOP

Route information

route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 de 52 92 31 ...... Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 16 36 5c ca 77 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.109 25
63.135.85.142 255.255.255.255 192.168.0.1 192.168.0.109 25
63.217.8.109 255.255.255.255 192.168.0.1 192.168.0.109 25
69.63.178.140 255.255.255.255 192.168.0.1 192.168.0.109 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.109 192.168.0.109 25
192.168.0.109 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.109 192.168.0.109 25
209.131.36.158 255.255.255.255 192.168.0.1 192.168.0.109 25
224.0.0.0 240.0.0.0 192.168.0.109 192.168.0.109 25
255.255.255.255 255.255.255.255 192.168.0.109 3 1
255.255.255.255 255.255.255.255 192.168.0.109 192.168.0.109 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

TOP

Protocol information

Protocol Bind Information


Microsoft TCP/IP version 6

AEGIS Protocol (IEEE 802.1x) v3.4.9.0
WLAN Transport

WLAN Transport

TOSHIBA Network Device Usermode I/O Protocol

Point to Point Protocol Over Ethernet

Point to Point Tunneling Protocol

Layer 2 Tunneling Protocol

Remote Access NDIS WAN Driver

NDIS Usermode I/O Protocol

Message-oriented TCP/IP Protocol (SMB session)

WINS Client(TCP/IP) Protocol
Microsoft TCP/IP version 6
Internet Protocol (TCP/IP)

Internet Protocol (TCP/IP)

TOP

Network Device information

Intel(R) PRO/Wireless 3945ABG Network Connection
Device ID : PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&20975680&0&00E1
Status : Enable
Driver Vender : Intel
Driver Version : 10.1.0.13
Driver Date : 12-4-2005

Intel(R) PRO/100 VE Network Connection
Device ID : PCI\VEN_8086&DEV_1092&SUBSYS_FF311179&REV_02\4&6B16D5B&0&40F0
Status : Enable
Driver Vender : Intel
Driver Version : 8.0.21.101
Driver Date : 10-10-2005


TOP

Wireless Comunication Switch and Wireless HotKey status

Wireless Communication Switch : On
Wireless Hotkey (Fn + F8)
Wireless LAN : On


TOP

Diagnostics results

Ping Option : On
Ping Check : Yes
Ping Retry : 3 (times)
Ping Time Out : 300 (ms)

<< Network Adapter >>
Network Adapter Description : Intel(R) PRO/Wireless 3945ABG Network Connection
Status: Enable
Mac Address : 00-18-de-52-92-31
IP Address : 192.168.0.109
< Ping Status List >
Default gateway :
192.168.0.1 [OK]
DNS server :
192.168.0.1 [OK]
WINS server :
Settings : None
Proxy server :
Settings : Not use

<< Network Adapter >>
Network Adapter Description : Intel(R) PRO/100 VE Network Connection
Status: Enable
Lan Cable Status: Disconnected


TOP

ConfigFree Version

ConfigFree(TM) 5.90.05
Database 3.00.02


TOP

Network Diagnostics

No Problem found

 

[Bobbye]

Did you use the Norton Removal Tool? If you did not, it is still on the system. Whoever told you that you needed to move it was wrong.

See if you can enable Norton again.

Let me know. a-square isn't doing you any good because the AV part does not update automatically. Those logs are a week old and no good now.

It would be helpful if you pulled yourself together and listened to what I tell you. I'd rather you have Norton if updating.

Stay away from this site: Trymedia Systems You are the second person I've seen today who has gotten malware infections from it

Please run Malwarebytes, Superantispyware and HijackThis again, in that order. Superantispyware is already loading. I need the log. Each program tells you what and where the log will be.

Forget about uninstalling and reinstalling those programs- just give me something current to work with.

Blitware (description) Driver Robot is a drive update utility- we'll remove it later.
ICA Client is the Citrix Independent Computing Architecture.
Application data, Microsoft Files and nT User are all part of the operating system.

There is not enough information about any of the above yet to check anything.

 

[staciealyse]

Logs

I did use the norton removal tool. I tried to reinstall with their help but was unable to. This is the most recent log i have from 11/29, I will run malwarebytes again (if i can) and post another log asap.

 

[AnonymousSurfer]

We still need the SUPERAntiSpyware and Malwarebyte's logs.

 

[Bobbye]

The most important thing for you to do is get an antivirus program on the system that is updating.Mbam is clean- that's good. Did you update it first? I would still like to have SAS and a new HijackThis log.

When you get Avira on and updating, Run a full system scan and attach the log. I need to see if anything got on with the AV changeover.

 

[staciealyse]

I've never had to use this program called "config free" but now I cannot open my network connections or set up a new connection or anything, It says i'm not an administrator of the "workplace" group. I ran a diagnostics log yesterday so i thought i would post the results and see if this gave you any new information. I also cant seem to connect to the secure wireless network we have at work (I'm not a member of the network most of the office computers share because I am the only one working on a personal computer) and instead am always connected to an unsecure connection named "dlink"
Machine information

Vendor:
Machine Name:
BIOS Name:
BIOS Version:
Version:
CPU Maker:
CPU Name:
CPU Clock:
CPU Base Clock:
OS:
OS Build:
OS SP:
Ram:


TOP

IP information

ipconfig /all


Windows IP Configuration



Host Name . . . . . . . . . . . . : toshiba-user

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : lan



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-16-36-5C-CA-77



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : lan

Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-18-DE-52-92-31

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.109

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::218:deff:fe52:9231%9

Default Gateway . . . . . . . . . : 192.168.0.1

fe80::224:1ff:fe40:106c%9

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Thursday, December 03, 2009 8:11:46 AM

Lease Expires . . . . . . . . . . : Thursday, December 10, 2009 8:11:46 AM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled


TOP

Route information

route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x20003 ...00 16 36 5c ca 77 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
0x40002 ...00 18 de 52 92 31 ...... Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.109 25
63.135.88.150 255.255.255.255 192.168.0.1 192.168.0.109 25
69.147.84.231 255.255.255.255 192.168.0.1 192.168.0.109 25
76.13.210.53 255.255.255.255 192.168.0.1 192.168.0.109 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.109 192.168.0.109 25
192.168.0.109 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.109 192.168.0.109 25
209.191.86.104 255.255.255.255 192.168.0.1 192.168.0.109 25
224.0.0.0 240.0.0.0 192.168.0.109 192.168.0.109 25
255.255.255.255 255.255.255.255 192.168.0.109 20003 1
255.255.255.255 255.255.255.255 192.168.0.109 192.168.0.109 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

TOP

Protocol information

Protocol Bind Information


Microsoft TCP/IP version 6

AEGIS Protocol (IEEE 802.1x) v3.4.9.0
WLAN Transport

WLAN Transport

TOSHIBA Network Device Usermode I/O Protocol

Point to Point Protocol Over Ethernet

Point to Point Tunneling Protocol

Layer 2 Tunneling Protocol

Remote Access NDIS WAN Driver

NDIS Usermode I/O Protocol

Message-oriented TCP/IP Protocol (SMB session)

WINS Client(TCP/IP) Protocol
Microsoft TCP/IP version 6
Internet Protocol (TCP/IP)

Internet Protocol (TCP/IP)

TOP

Network Device information

Intel(R) PRO/Wireless 3945ABG Network Connection
Device ID : PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&20975680&0&00E1
Status : Enable
Driver Vender : Intel
Driver Version : 10.1.0.13
Driver Date : 12-4-2005

Intel(R) PRO/100 VE Network Connection
Device ID : PCI\VEN_8086&DEV_1092&SUBSYS_FF311179&REV_02\4&6B16D5B&0&40F0
Status : Enable
Driver Vender : Intel
Driver Version : 8.0.21.101
Driver Date : 10-10-2005


TOP

Wireless Comunication Switch and Wireless HotKey status

Wireless Communication Switch : On
Wireless Hotkey (Fn + F8)
Wireless LAN : On


TOP

Diagnostics results

Ping Option : On
Ping Check : Yes
Ping Retry : 3 (times)
Ping Time Out : 300 (ms)

<< Network Adapter >>
Network Adapter Description : Intel(R) PRO/Wireless 3945ABG Network Connection
Status: Enable
Mac Address : 00-18-de-52-92-31
IP Address : 192.168.0.109
< Ping Status List >
Default gateway :
192.168.0.1 [OK]
DNS server :
192.168.0.1 [OK]
WINS server :
Settings : None
Proxy server :
Settings : Not use

<< Network Adapter >>
Network Adapter Description : Intel(R) PRO/100 VE Network Connection
Status: Enable
Lan Cable Status: Disconnected


TOP

ConfigFree Version

ConfigFree(TM) 5.90.05
Database 3.00.02


TOP

Network Diagnostics

No Problem found

 

[Bobbye]

ConfigFree Features

• 
  
  * Network Analysis
  * Wi-Fi® Status Indicator
  * Access and display Web content
  * Search for wireless devices to locate wireless device information and to easily display ad-hoc networks nearby
  * Quick & Easy Toshiba Wireless LAN Projector connection
  * Dial-up shortcuts
  * Profile switching
  * Device refresh for IP address
  * Create a log file for any problem
  * Simple transfer and share of files in local network

Tunnel adapter Teredo Tunneling Pseudo-Interface:

This type of problem belongs in the hardware forum, not in virus and malware. I am reasonably sure that the problem have been caused by yourself trying to do what you admittedly know nothing about.