[Inactive] Internet Explorer Connection & Windows Defender
I removed a virus with malwarebytes. All is gone, but although I can connect to the internet wirelessly and wired, I am not able to connect to the internet. I receive the message "Internet Explorer Cannot Display the Webpage." All other computers on the same network are working. When going to network sharing center / wireless connections / TCP/IPv4 / properties, obtain IP address automatically is checked in both places. When I go to device manager / network adapters, isatap has a yellow triangle and !. I have tried to go to cmd, run as administrator (it comes up as c:\Windows\system32>) and type in netsh int ip reset c:\resetlog.txt and it did not work. It says "Reseting Echo Request, Failed." Reseting Global, ok!, Resting Interface, Ok!
In addition to the above, every time I turn the computer on I continue to get the Windows Defender message, "Application failed to initialize: 0x80070006. The handle is invalid."
Any help would be greatly appreciated. Thanks.
Internet Explorer Connection & Windows Defender
I have run Malwarebytes several times. There aren't any issues.
Internet Explorer Connection & Windows Defender
It will not let me do the scan with Microsoft Security Essentials because I do not have an internet connection to check for virus and spyware definition updates.
Internet Explorer Connection & Windows Defender
ComboFix 12-05-25.03 - owner 05/25/2012 21:49:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1199 [GMT -5:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\users\owner\AppData\Roaming\antivirus protection 2012
c:\users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012.lnk
c:\users\owner\uz.dat
c:\windows\$NtUninstallKB62280$
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-24 17:42 . 2012-05-24 17:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-24 17:22 . 2012-05-24 17:22 -------- d-----w- c:\program files\CCleaner
2012-05-22 21:12 . 2012-05-22 21:12 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2012-05-22 21:12 . 2012-05-22 21:12 -------- d-----w- c:\programdata\Malwarebytes
2012-05-22 21:12 . 2012-05-22 21:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-22 21:12 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-22 21:09 . 2012-05-22 21:09 -------- d-----w- c:\program files\CleanUp!
2012-05-22 20:57 . 2012-05-22 20:57 -------- d-----w- c:\users\owner\AppData\Local\visi_coupon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 11:54 . 2012-04-15 11:54 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 11:54 . 2012-01-07 13:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 01:44 . 2012-03-21 01:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-14 02:15 . 2012-04-13 03:34 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1A2A60A-CC5E-418D-B071-1AA3FE3BFBC9}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-05-14 1232896]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2010-02-23 13312]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-28 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-28 7770112]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-05-31 77824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-10-15 39792]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-5-11 738968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-708839690-799974076-2641207257-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:54]
.
2012-05-24 c:\windows\Tasks\User_Feed_Synchronization-{22F75411-920B-4F4B-BE4E-F44AAD083D9B}.job
- c:\windows\system32\msfeedssync.exe [2010-04-11 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SafeBoot-09088414.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 21:59
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3352)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atashost.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\WUDFHost.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-05-25 22:05:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-26 03:04
.
Pre-Run: 113,228,955,648 bytes free
Post-Run: 113,167,298,560 bytes free
.
- - End Of File - - CDBDCE66E504832F40E1DC661284869A
Internet Explorer Connection & Windows Defender
Farbar Service Scanner Version: 25-05-2012
Ran by owner (administrator) on 26-05-2012 at 21:11:31
Running from "F:\"
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open Dhcp registry key. The service key does not exist.
Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2008-05-14 03:09] - [2008-05-14 03:09] - 0803328 ____A (Microsoft Corporation) 5DF77458AA92FDB36FCE79C60F74AB5D
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-03-09 15:22] - [2008-10-16 16:13] - 1809944 ____A (Microsoft Corporation) 84A03BFE004B06E93408618976DC9C14
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2008-05-14 03:12] - [2008-05-14 03:12] - 0265912 ____A (Microsoft Corporation) 0D5AD0E71FF5DDAC5DD2F443B499ABD0
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
Internet Explorer Connection & Windows Defender
Thank you. When trying to create a restore I get the error, "Could not create the scheduled task for the following reason: The request is not supported. (0x80070032)
Internet Explorer Connection & Windows Defender
Internet Explorer Connection & Windows Defender
More issues.... When trying to run SP2 it said I did not have SP1 to install that first. Ran SP1 then it shut down and came back on but will not start. It is stuck on the first screen that loads that says Microsoft Corporation that has the green scrolling bar.
