Had a rundll error, was infected, cleaned, attached HJT, still no IE

[CJG]

Had a rundll error and posted in the computer software forum.  I ran my HJT and posted it - was told that I was infected.  See thread:
http://www.computerhope.com/forum/index.php/topic,80283.msg528759.html#msg528759

I followed the read this first post and cleaned the computer.  Now I have attached the new HJT log.  The good news is I no longer get the Rundll error, but I still no IE (outlook works fine).  Any help from this forum is much appreciated - thanks in advance.

I have Vista with the SP1 only (and I have no MS windows disk, apparently Sony that it would be good to put it all online)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:25 PM, on 4/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Lexmark 9300 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Turbo Tourney 2009 Scheduler.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Closet Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcq_device -   - C:\Windows\system32\lxcqcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12490 bytes

[CJG]

Forgot to attach the SAS and MBAM logs - here they are:

[attachment deleted by admin]

[KingPincer]

What exactly happens when you open IE does it said IE cannot display web page? Why don't you try installing Mozilla Firefox and see if it will work. 

[CJG]

IE states:

{Boilerplate}
IE cannont display the webpage

Most likely causes:

• You are not connected to the internet (but outlook works)
• The website is encoutering problems (tried yahoo and google)
• There might be a typing error in the address (home page is yahoo)

I would really like to get IE working rather than installing another browser, but if this is a means to an end I am interested.  Will I ever get IE working again?

How do I go about the best way to install firefox without the internet on the sick machine?  Memory stick?

Thanks in advance,
Crispin

[evilfantasy]

Try Dial-a-fix.

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• Check the box in section 1, Empty temp folders.
  
• Check the box in section 2, Fix Windows Installer.
  
• Check the box in section 3, Fix Windows Update.
  
• Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
  
• Check all boxes in section 5, labeled Registration Center.
  
• Click Go
  
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done.

.
Is the problem fixed?

[CJG]

Thanks for the additional input, but this has me asking more questions. 

Since I have already run SAS and MBAM, do I need to do Combofix too?  We have a registry mechanic on the computer (I don't have the name in front of me, but I will tonight when I get home). 

You mentioned then to download a cleaner (suggested ATF) - do I need this on top of SAS, MBAM, and a "registry mechanic"?

Thanks again,
Crispin

[evilfantasy]

Registry Mechanic can not fix this and I highly suggest you do not run any registry tools on a computer that is not working right. Registry cleaners in reality are just a myth. The only thing that can repair Windows is a Windows disk. Many times they only do more damage.

If you can not connect still then run Dial-a-fix and let me know how it works.

If that problem is solved then let me know what is still wrong.

In this forum I suggest only following advice from someone with Malware Removal Specialist under their user name.

[CJG]

Fantastic you (evilfantasy) appear to be such a person!!!  What should I prepare to do next?

Thanks in advance!

Crispin

[evilfantasy]

Did you need to run Dial-a-fix?

What problems are you still having?

[CJG]

What is Dial-a-fix?  I'll search it . . .

Well, I did all steps on the Read Me First Post (SAS found nothing, MBAM found two infections and cleaned them off) and the good news is I no longer get the Rundll error, but I still do not have Internet Explorer, but outlook works fine (so it is able to get to the internet).

Thanks in advance,
Crispin

[evilfantasy]

From my above post. http://www.computerhope.com/forum/index.php/topic,80422.msg530005.html#msg530005

[CJG]

Will work with Vista? 

I wend to the LunarSoft.net site http://wiki.lunarsoft.net/wiki/Dial-a-fix and it says it is not ready for Vista.  Is that information out of date?

Thank you for helping me through this exercise,
Crispin

[evilfantasy]

Sorry no it will not work with Vista.

1. Close any Internet Explorer or Windows Explorer windows that are currently open.
2. Open Internet Explorer by clicking the Start button Picture of the Start button, and then clicking Internet Explorer.
3. Click the Tools button, and then click Internet Options.
4. Click the Advanced tab, and then click Reset.
5. In the Reset Internet Explorer Settings dialog box, click Reset.
6. When Internet Explorer finishes restoring the settings, click Close, click OK, and then click OK again.
7. Close Internet Explorer.

Your changes will take effect the next time you open Internet Explorer.

How is it now?

[CJG]

I followed the steps provided (excellent by the way) and then I restarted IE.

Now when it starts - it starts two simultaneous IE tabs. 

The first one trys to go to:

Http://go.microsoft.com/fwlink?linkId+76277

And the second one goes to:

http://www.symantecstore.com/promo=147023

Both fail - I get the same IE message ... cannot display the webpage on either tab.  It is also interesting that it is starting two tabs now (it hasn't done that before).

Thank you,

Crispin

[evilfantasy]

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[CJG]

Log attached

[attachment deleted by admin]

[evilfantasy]

I suggest uninstalling RegCure. It is not a trusted program.

Can you connect now?

[CJG]

RegCure 1.5.2.7 was successfully removed from my computer.

But I still can not access the internet through IE.

[evilfantasy]

Default Security Settings

For Internet Explorer 7 users:
Click Start > Run > type inetcpl.cpl and press Enter. When Internet Properties comes up, navigate to the Security Tab and simply click the "Reset all zones to default level" button. Click OK to exit.

NOTE: If it's Grey then it's already at the default level.

----------

How about now?

Also have you tried turning off your firewall and trying to connect?

[CJG]

Still no luck, I turned off the firewall and no change.

I haven't re-booted today - shall I do that?

[evilfantasy]

Yes. I thought you would have done that a few times by now.

Let me know.

[CJG]

 

Still no luck.

[evilfantasy]

Does this behavior persist if you start IE7 in No Add-ons mode?

IE7 in No Add-ons mode

1. Right-click on the blue IE desktop icon and select Start without Add-ons;

2. Start > (All) Programs > Accessories > System Tools > Internet Explorer
(No add-ons).

[CJG]

yup

[evilfantasy]

I'm running out of ideas here...

Download HostsXpert

• Unzip HostXpert to your Desktop
  
• Be sure to Right click HostsXpert and choose 'Run as Administrator'
  
• Open up the HostXpert program.
  
• Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.
  
• Click Create Back Up
  
• Then click on Restore Microsoft's Host Files
  
• Close the HostXpert program

.
Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.

Try IE again.

[CJG]

I did the HostXpert and ran as an Administrator.  The Make Hosts Writable button was in the upper left hand corner (might be a different version).

I tried IE again and no luck, but then I tried IE with add-ons disabled and it worked!!!

You may have been running out of ideas . . . , but you were still able to get it to work.

Thank you, thank you, thank you . . . your help was the ticket!!!

(Now what exactly is "add-ons" and can I turn them back on later?)

Crispin

[evilfantasy]

OK you have an add-on that is causing this.

First open IE with no add ons and then go to www.windowsupdate.microsoft.com and check for then install all available updates (if any). Then try again normally. If it doesn't work then you will need to find which add on is causing the issue and remove or disable it.

There is a link HERE that explains how to troubleshoot add ons.

An alternative is to create a new user account and see if IE works OK in it. If so then you can transfer files and settings to the new account.

[CJG]

Appears to be working great. 

You are awesome!

[evilfantasy]

OK once you get set we need to run another scan to be sure there is nothing else hiding. I'm not sure what it is that caused that to happen and usually running the malware removal steps fixes that issue so better safe than sorry.

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

If needed, this animation will guide you through the process.

[CJG]

Before I saw your response, we had updated the machine to IE 8 (could be the new host of issues bellow).  I guess I was in a state of euphoria about having the internet back and it was working (I let that cloud my judgement and I dashed all comon sense and downloaded IE8).

Well Kaspersky did not like my machine.  It stated that I need to have a version of JAVA higher than 1.6 or something (I had installed the latest version prior V6 update 13), but when I went to Sun's website to test Java it did not work.  It said I needed to enable Java through your web browser

Tools --> Internet Options --> Advanced Tab, check the box next to Java . . . here's where it got a little more interesting . . . there is no enable Java section or checkbox.

So I went to the the add remove space and removed all java applications (including older versions) and then reinstalled it.  Thinking this would self correct.  In the middle of Installing Java I get a SECURITY ALERT window that states, "Revocation information for the security certificate for this site is not available.  Do you want to proceed?"  My choices are Yes, No, View Certificate

Under View Certificate it states:

Issued to sjremetrics.java.com
Issued by Sun Micro . . .
Valid from 1/7/2009 to 2/2/2011

I then have two more choices:

Install Certificate . . .
Issuer Statement (this is just an info box)

but the install certificate takes you to an Import Wizard - I chose the defaults and selected import (it responds with import was successful).

So I click Okay and it brings me back to my security alert (mentioned above): revocation information . . Do you want to proceed? - I now choose yes.  It then brings up a box stating that I have successfully installed Java.  Upon Clicking Finish - it says that JAVAFX will automatically install as well.

I then go back to the Java Test window and again it is not working.  I then recheck the internet options --> Advanced --> scoll to find enable java check box.  No beans   

I then go to the manage add-ons and I see that Java is enabled, but the publisher is (NOT VERIFIED).

I have rebooted and checked the Internet Options once again - still no luck.

[evilfantasy]

Scan with Panda ActiveScan 2.0

This scanner requires Internet Explorer

• Once you are on the Panda site click the Scan your PC now button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Select the appropriate Yes or No to receiving marketing information
• Click the Free Online Scan button
  
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• When download is complete, click on My Computer to start the scan
  
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

.
Post the contents of the ActiveScan report in your next reply.

[CJG]

Ran the Panda scan and attached the log

[attachment deleted by admin]

[CJG]

I forgot to mention that Panda says that it can disinfect it for me, but I have not clicked the box yet.

[evilfantasy]

You have to buy Panda for it to disinfect and that isn't necessary.

* Download Qoofix to your Desktop or any other convient location
* Unzip the files from Qoofix.zip to a convenient location such as C:\Qoofix.
* Navigate to the folder you unzipped the files to and double click on the file named Qoofix.exe.
* Finally, select Begin Removal and the removal process will commence. A reboot may be necessary if an infection is found.

----------

Locate and delete this file:

c:\windows\system32\csuninstall.exe

----------

Download OTMoveIt3 by OldTimer OTMoveIt3.exe and place it on your desktop. (unless you already have it installed)

1. Double click OTMoveIt3.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt3

----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[CJG]

I can not get past step one - Qoofix:  http://majorgeeks.com/download.php?det=5175 (there is nothing on this page to download - at least nothing appears on my screen).

[evilfantasy]

Try here: http://www.besttechie.net/forums/index.php?showtopic=9051

[CJG]

This java issue keeps coming back to haunt me .  .  . secunia also requires java to work (keep in mind I have the latest version of it, but it doesn't work).

I see that there are two "important" windows updates for me to download:

Windows Vista:
Important:  Microsoft .NET Framework 3.5 Service Pack1 and .NET Framework 3.5 Family Update
Optional:  Group Policy Preference Client Side Extensions for Windows Vista
Optional:  Windows PowerShell 1.0 for Windows Vista

Office Live Add-in
Optional:  Office LIve add-in

SQL Server 2005:
Important:  Microsoft SQL Server 2005 Express Edition Service Pack 3

When I attempt to perform these updates I get an error message (screen shot attached).  I attempted to research the error codes.  They tell me to be sure that the firewall will allow microsoft access etc... and turn off the antivirus software (well I did and they still will not download).  For some reason I feel that this is the  reason JAVA doesn't work - and therefore I cannot run the additional software programs you've recommended.

Also, I am pretty maxed out on my hard drive and I am wondering if that is also playing a role in this.  I have about 3 Gigs free.

Again, I really appreciate your patience with me and your help.

[attachment deleted by admin]

[evilfantasy]

Anything that is Important or critical are just the.

Optional is optional...

[CJG]

finally got Java to enable properly so I ran the Kscan . . . file attached - as it was on your oringinal list of things to do (nothing detected).  Still no luck in downloading those windows updates.  Will try some things this afternoon.

Thanks for all of your help,
Crispin

[attachment deleted by admin]

[evilfantasy]

Close all browser windows. Right click IE and choose 'Run as Administrator' and then get the updates.

[KingPincer]

What is K Scan evil fantasy is it an online scanner?

[CJG]

Kaspersky Lab Online Scanner

http://www.kaspersky.com/virusscanner

[CJG]

Close all browser windows. Right click IE and choose 'Run as Administrator' and then get the updates.

I did exactly that, but still no beans . . . I am perplexed.  I feel great that my original issue has been solved, but I don't know what to think regarding the lack of ability to perform "windows updates".  Should a start a new thread?

evilfantasy you have been a great help, my wife and I thank you!

[evilfantasy]

I am not sure why that wouldn't work.

[KingPincer]

Ah by the way I'm using Kaspersky anti virus 2009 right now and this anti virus for me is the best. Well 2nd for me is NOD 32. Well it's good that you have already fixed the problem. Remember the last tip that i gave you that was just said to me by my friend he is a computer technician. Well it's good you have solved your problem.