[Inactive] Internet Explorer Connection & Windows Defender

[lesliel]

5-22
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.03

Windows Vista x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18904
owner :: OWNER-PC [administrator]

5/22/2012 7:52:58 PM
mbam-log-2012-05-22 (19-52-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342719
Time elapsed: 54 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent) -> Data: explorer.exe "C:\Users\owner\winlogon.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^-^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc|Start (Disabled.Cryptsvc) -> Bad: (4) Good: (2) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Windows\System32\%APPDATA%\sp.DLL (TrojanProxy.Agent) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\ppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\w32rim_mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\owner\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\df****.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\Antivirus Protection 2012\AntivirusProtection2012.exe (Rogue.AntiVirusProtection) -> Quarantined and deleted successfully.

(end)

5-23 10 AM
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.03

Windows Vista x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18904
owner :: OWNER-PC [administrator]

5/23/2012 10:00:02 AM
mbam-log-2012-05-23 (10-00-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191328
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winlogon (Trojan.Agent) -> Data: C:\Users\owner\winlogon.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

5-23 5:54

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.03

Windows Vista x86 NTFS
Internet Explorer 8.0.6001.18904
owner :: OWNER-PC [administrator]

5/23/2012 5:54:24 PM
mbam-log-2012-05-23 (17-54-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193175
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PC Health Status (Trojan.LockScreen) -> Data: C:\ProgramData\qqjpqdpo.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\qqjpqdpo.exe (Trojan.LockScreen) -> Quarantined and deleted successfully.

(end)

5-24

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.03

Windows Vista x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18904
owner :: OWNER-PC [administrator]

5/24/2012 12:13:36 PM
mbam-log-2012-05-24 (12-13-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191293
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[lesliel]

1

[Broni]

I don't really see anything there which could break your internet connection.

We can try couple of things.
You have restore point from April:

19-04-2012 01:12:13 Scheduled Checkpoint

We could try that and start cleaning all over but before we go there...

You don't have any service pack installed.
Download standalone SP 2 on another computer: http://www.microsoft.com/en-us/downl....aspx?id=16468
Install it on bad computer.
It may fix something.

[lesliel]

More issues.... When trying to run SP2 it said I did not have SP1 to install that first. Ran SP1 then it shut down and came back on but will not start. It is stuck on the first screen that loads that says Microsoft Corporation that has the green scrolling bar.

[Broni]

If the bar is moving give it more time.

[lesliel]

Never leaves that place. Just keeps going...

[Broni]

I think you have to restart manually and try again.

[lesliel]

I have several times. I have also tried in safe mode. I am thinking I may have to go to the restart point... The last one I see is from 4/18.

[Broni]

How are you going to get there?
Can you boot in any mode at all?

[lesliel]

I can get to safe mode and boot repair your computer. I don't get in safe mode with networking.

[Broni]

That should be enough. Go for it.

[lesliel]

That didn't work either. I got the message, System Restore did not restore successfully. Your computer's system files and settings were not changed. The system cannot find the file specified 0x80070002. I may have to restore 5/23 if it will work. I went to safe mode and tried to run last successful operation and it hasn't worked. Same scrolling green bar.

[Broni]

Unfortunately I'm afraid we're beyond repair here.
It looks like we're dealing here with a combination of not keeping Windows up to date (no single service pack installed) and acquired infection.

In my opinion reinstalling Windows is your only viable choice.

[lesliel]

Thank you for all of your help!

[Broni]

I wish we did better