know I have a virus, don't know anything else about it.

[faerieem]

ran in safe mode.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6727

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

5/30/2011 8:37:25 PM
mbam-log-2011-05-30 (20-37-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 371951
Time elapsed: 1 hour(s), 16 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[faerieem]

I've been running the programs in safe mode w/networking.

When I log in in normal mode, I continue to be unable to access Firefox or Thunderbird, with the "you don't have permission" message.  Also, after logging into safe mode initially, I now have an icon on my desktop with the IE logo, labelled "The Internet".  That also doesn't open in normal mode.

In normal mode, I can open word documents and print as well as open itunes and skype.

[SuperDave]

"The Internet".  That also doesn't open in normal mode.

Please right-click on that shortcut, select Properties. The file path will be highlighted. Do CRTL C to copy the file path. Do CRTL V to paste it in your reply.

When I log in in normal mode, I continue to be unable to access Firefox or Thunderbird

I assume that you can access Internet Explorer. You could try uninstalling both Firefox and Thunderbird.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[faerieem]

Please right-click on that shortcut, select Properties. The file path will be highlighted. Do CRTL C to copy the file path. Do CRTL V to paste it in your reply.

It doesn't appear to be a shortcut.  Right-clicking and selecting properties brings up the "internet properties" dialog box.  Clicking this icon does nothing.  Typing internet explorer into the menu search bar and selecting Internet Explorer from the start menu also does nothing.

I assume that you can access Internet Explorer. You could try uninstalling both Firefox and Thunderbird.

In normal mode, I cannot access Firefox, Thunderbird, or Chrome.  I haven't tried Safari.  When I try IE, nothing happens.


ESET:
C:\Users\Emily\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\53becaae-1d3ed455   multiple threats
C:\Users\Emily\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\6ad51e08-322e7228   multiple threats

[faerieem]

It doesn't appear to be a shortcut.  Right-clicking and selecting properties brings up the "internet properties" dialog box.  Clicking this icon does nothing.  Typing internet explorer into the menu search bar and selecting Internet Explorer from the start menu also does nothing.

In normal mode, I cannot access Firefox, Thunderbird, or Chrome.  I haven't tried Safari.  When I try IE, nothing happens.

For clarity, I tried all of this in regular mode.  I can access everything in "safe mode with networking".  Safari works fine.  I will try removing and reinstalling firefox & thunderbird, which are my default browsers.  I'm not sure why Chrome is even on the machine.

[faerieem]

sorry to multi-post, but I want you to have all info.
I uninstalled and reinstalled firefox & thunderbird, which I did in safe mode w/networking.
in regular mode, the "you do not have appropriate permissions" message continues to come up, even after reinstalling. 
I'm writing this from safari in normal mode.

[SuperDave]

First of all, please re-run ESET and, this time, clean the infections.

Please run this even if you don't have the OS disk

Do you have your OS  CD/DVD?

If so,

1/ Click the Start button.

2/ From the Start Menu, Click All programs followed by Accessories.

3/ In the Accessories menu, Right Click on the Command Prompt option.

4/ From the drop down menu that appears, Click on the Run as administrator option.

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

7/ A message will appear stating that the system scan will begin.

8/ Be patient because the scan may take some time.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

11/ After the scan has completed, Close the command prompt window.

[faerieem]

First of all, please re-run ESET and, this time, clean the infections.

done.

Do you have your OS  CD/DVD?

I have the "Toshiba Recovery Disks" that came with the computer.  Two disks.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

The report reads "Windows Resource Protection found some corrupt files but was unable to fix some of them."

[SuperDave]

The report reads "Windows Resource Protection found some corrupt files but was unable to fix some of them."

This probably means that some of the files affecting Internet Explorer are corrupt. Did you have any luck with Firefox, Thunderbird?

[faerieem]

No.  I uninstalled and reinstalled them in safe mode (the only way I've had luck with uninstall/install), but a reboot into normal continues to bring up the same "you don't have permission" message.

[SuperDave]

Do you have any accounts on this computer?

[faerieem]

user accounts?  Mine, my husbands, and I set up two log-ins before I came here, to see if the trouble I was having was exclusive to me or if it was universal.    It appears to be a universal problem: the not being able to use Firefox due to permissions as well as IE never opening.

[SuperDave]

We've already established that some of your files are corrupted which is probably the reason why IE doesn't work. The solution to this would be to use your Recovery Disks which will take your computer back to the day you purchased it. This could also be the problem with Firefox. You should back up your important files, documents, pictures, movies and music to DVD's and try running the Recovery. You may be able to just do a repair.
Let's try one more scan.

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• List content of Hosts
• List IP Configuration
• Lst Last 10 Event Viewer Errors
• List Users, Partitions and Memory Size
[/b]

Click Go and copy/paste the log (Result.txt) into your next post. .

[faerieem]

should I do the recovery/repair now or wait for your indication?

MiniToolBox by Farbar
Ran by Emily (administrator) on 03-06-2011 at 17:41:27
Windows Vista (TM) Home Premium Service Pack 2 (X86)

***************************************************************************


================= Flush DNS: ============================================== 

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

================= End of Flush DNS ======================================== 

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================

"Reset IE Proxy Settings": Proxy Settings were reset.

=============== Hosts content: ============================================ 

127.0.0.1       localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Emily-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5006EG Wireless Network Adapter
   Physical Address. . . . . . . . . : 00-16-E3-E2-AC-9D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f40f:8ce8:19d:fb90%9(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, June 03, 2011 5:38:01 PM
   Lease Expires . . . . . . . . . . : Saturday, June 04, 2011 6:08:13 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251664099
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0D-8A-BA-27-00-16-D4-94-85-52
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-16-D4-94-85-52
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{29CC3FA2-F6AB-4C99-8D5C-3FA544FDE29C}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  74.125.93.147
     74.125.93.104
     74.125.93.106
     74.125.93.103
     74.125.93.105
     74.125.93.99



Pinging google.com [74.125.93.106] with 32 bytes of data:

Reply from 74.125.93.106: bytes=32 time=42ms TTL=52

Reply from 74.125.93.106: bytes=32 time=41ms TTL=52



Ping statistics for 74.125.93.106:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 41ms, Maximum = 42ms, Average = 41ms

Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  69.147.125.65
     72.30.2.43
     98.137.149.56
     209.191.122.70
     67.195.160.76



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=45ms TTL=51

Reply from 209.191.122.70: bytes=32 time=51ms TTL=51



Ping statistics for 209.191.122.70:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 45ms, Maximum = 51ms, Average = 48ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
  9 ...00 16 e3 e2 ac 9d ...... Atheros AR5006EG Wireless Network Adapter
  8 ...00 16 d4 94 85 52 ...... Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 20 ...00 00 00 00 00 00 00 e0  isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 19 ...00 00 00 00 00 00 00 e0  isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
 22 ...00 00 00 00 00 00 00 e0  isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
 21 ...00 00 00 00 00 00 00 e0  isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
 23 ...00 00 00 00 00 00 00 e0  isatap.{29CC3FA2-F6AB-4C99-8D5C-3FA544FDE29C}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  9    281 fe80::/64                On-link
  9    281 fe80::f40f:8ce8:19d:fb90/128
                                    On-link
  1    306 ff00::/8                 On-link
  9    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/03/2011 05:38:22 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6801

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6801

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5787

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5787

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4711

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4711

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/03/2011 05:39:10 PM) (Source: Service Control Manager) (User: )
Description: MpFilter
OADevice
SASDIFSV
SASKUTIL
spldr
Tosrfcom
Wanarpv6

Error: (06/03/2011 05:39:10 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (06/03/2011 05:38:26 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/03/2011 05:38:24 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/03/2011 05:38:22 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/03/2011 05:38:14 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/03/2011 06:08:31 AM) (Source: Service Control Manager) (User: )
Description: Tosrfcom

Error: (06/03/2011 06:08:31 AM) (Source: Service Control Manager) (User: )
Description: lxcg_device%%2

Error: (06/02/2011 05:30:44 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (06/02/2011 05:28:36 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}


Microsoft Office Sessions:
=========================
Error: (06/03/2011 05:38:22 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6801

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6801

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5787

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5787

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4711

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4711

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 28%
Total physical RAM: 1525.38 MB
Available physical RAM: 1091.3 MB
Total Pagefile: 3304.57 MB
Available Pagefile: 3010.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.26 MB

======================= Partitions: =======================================

1 Drive c: (SQ004286V02) (Fixed) (Total:110.32 GB) (Free:17.87 GB) NTFS

================= Users: ==================================================

User accounts for \\EMILY-PC

-------------------------------------------------------------------------------
Administrator            Brett                    Emily                   
Guest                    test                     
The command completed successfully.

================= End of Users ============================================

[SuperDave]

should I do the recovery/repair now or wait for your indication?

Not just yet. The signal seems to be going through.
Let's try another scan.

Download Dr.Web CureIt to the desktop:
DrWebCureIt

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, just let it cure whatever it finds...

  o Now, go to Settings >> Change Settings
  o Go to Actions tab >> under Objects section, change the settings to below
  Infected objects - Cure
  Incurable objects - Report
  Suspicious objects - Report
  o Don't change any other settings

• Start the scan again. This time, choose Complete Scan
  
• Click the green arrow button at the right, and the scan will start.
• After the scan finished, click Select all
  
• Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  
• When the scan has finished, in the menu, click File and choose Save report list
  
• Save the report to your Desktop. The report will be called DrWeb.csv
• Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..