av security suite removed, but still no internet

Your problem with no internet is likely due to either your hardware being broken or no drivers for it being installed ( at least not anymore ) since your logs show no evidence of a Network Interface Card being installed. You will have to reinstall them. This is something you can work on in the Networking Forum.

You skipped two very important instructions in the READ & RUN ME. First you skipped step 6 and did not run defogger to disable disk emulation (Daemon Tools) and you also did not disable Spybot's Teatimer as requested. You need to do both of these now while I work thru your logs.

 

Make that three instructions you skipped. You did not uninstall your very old J2SE Runtime Environment 5.0 Update 22 and install the current verion which is 6.0 update 20.

 

You may have previously ran defogger. I just saw Daemon Tools still trying to load in your startups but could not fully tell if it was running. However Teatimer was running. Possibly because you had two versions of Spybot installed.

The error message you see from Daemon tools is on c:\windows\daemon.dll and you get the error because ComboFix removed the file since it does not belong in this folder at all. DLLs belong in C:\Windows\system32.

ComboFix also deleted c:\windows\system32\STEC3.sys which may ( or may not be legit and for SVKP driver for NT by AntiCracking ) The problem with it again is that it does not belong in this folder. It should be in the system32\drivers folder if they wish it to be considered a legit driver.

No you only have this old version of Java installed. You did not install the current version which will be in my fix below.


I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing.
You need to attach the below log from SUPERAntiSpyware that shows what was found rather than the log you attached finding nothing

Code:

"C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
2010-07-10 112019 "SUPERAntiSpyware Scan Log - 07-10-2010 - 11-20-10.log"{/code]
 
[B]Uninstall the below software:[/B]
Free Window Registry Repair
J2SE Runtime Environment 5.0 Update 22
Spybot - Search & Destroy 1.4  [B][COLOR=purple]<-- way out of date[/COLOR][/B]
Viewpoint Media Player   [B][COLOR=purple]<-- should have been uninstalled in step 5 of the READ ME[/COLOR][/B]
 
[b]Did you purchase the below? If not then uninstall it and if you did purchase, be very careful with it.[/b]
RegTweaker version 3.2.1

Run C:\MGtools\analyse.exe by double clicking on it  ([B][COLOR=red]Note:[/COLOR] [/B]if using Vista, don't double click, use right click and select Run As Administrator).  This is really HijackThis (select [b]Do a system scan only[/b]) and select the following lines but [B][COLOR=darkred]DO NOT CLICK FIX[/COLOR] [/B]until you [B]exit all browser sessions[/B] including the one you are reading in right now:

O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - 
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - 
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - 

[B]After clicking Fix, exit HJT.[/B]
 
[B]Now we need to use ComboFix to remove a bunch of malware files.[/B] 
[LIST]
[*]Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but [B]Do not run it![/B]
[LIST]
[*]If it is not on your Desktop, the below will not work.
[/LIST]
[*][B][COLOR=darkred]Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.  [/COLOR][/b]
[*]If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
[*]Open Notepad and copy/paste the text [B]in[/B] the below quote box into it:
[/LIST][quote]
KILLALL::
                                            
Driver::
McAfeeFramework                                

File::
C:\WINDOWS\Temp\GUR2.tmp
C:\Documents and Settings\Chris\Local Settings\temp\hph2
C:\Documents and Settings\Chris\Local Settings\temp\hph3
C:\Documents and Settings\Chris\Local Settings\temp\hph4
 
Folder::
C:\Program Files\Network Associates
C:\Program Files\Free Window Registry Repair
C:\Documents and Settings\Chris\Local Settings\temp\div1.tmp
C:\Documents and Settings\Chris\Local Settings\temp\div2.tmp
C:\Documents and Settings\Chris\Local Settings\temp\div3.tmp
 
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348FE907-249E-4C65-A838-F34A193FE1D1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer]
[/quote]
[LIST]
[*]Save the above as [B]CFscript.txt [/B]and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
[*]At this point, you [COLOR=darkred][B]MUST EXIT ALL BROWSERS NOW [/B][/COLOR]before continuing!
[*]You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
[*]Now use your mouse to drag [B]CFscript.txt [/B]on top of ComboFix.exe
[*]Follow the prompts.
[*]When it finishes, a log will be produced named c:\combofix.txt
[*]I will ask for this log below
[/LIST][U][B][SIZE=3][COLOR=red]Note:[/COLOR][/SIZE][/B][/U] 
 
[B][COLOR=darkred]Do not mouseclick combofix's window while it is running. That may cause it to stall.[/COLOR][/B]
 
 
After reboot, now install the current version of Sun Java from: [URL=http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html][B][COLOR=blue]Sun Java Runtime Environment[/COLOR][/B][/URL] 

[B]Now run Ccleaner.  Only use the Run Cleaner button.  Do not run anything else on any other forms.[/B]
 
Now run the [COLOR=black][B]C:\MGtools\GetLogs.bat [/B][/COLOR]file by double clicking on it  ([B][COLOR=red]Note:[/COLOR] [/B]if using Vista or Win7, don't double click, use right click and select Run As Administrator). 
 
[B]Then attach the below logs:[/B]
[LIST]
[*][B][COLOR=darkred]C:\ComboFix.txt[/COLOR][/B]
[*][B][COLOR=darkred]C:\MGlogs.zip[/COLOR][/B]
[/LIST][B]Make sure you tell me how things are working now![/B]

 

I doubt it will do any good until the hardware itself is being found by Windows. This is something you will need to work in the Networking Forum. Windows needs to identify the network interface hardware and then you can install the drivers for it. You may need to run a search of new hardware if it is not finding it automatically.

We still have one bad driver to remove and I want to repair a few things that ComboFix should not have removed. To complete this repair, I will need you to attach a couple files here by first putting them into a ZIP file and then attach it. Put the below into a ZIP to attach:
C:\Qoobox\Quarantine\Registry_backups\Legacy_STEC3.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Service_STEC3.reg.dat



Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now we need to use ComboFix to DeQuarantine some files

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
  
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use
right click and select Run As Administrator).


Then attach the below logs:

• C:\avenger.txt
• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Yes!

Before I add the drivers back to your registry, do you have any idea what the below file is for:

c:\windows\system32\STEC3.sys

Info on it states SVKP driver for NT by AntiCracking

Does any of this look familar?

 

Okay than let's avoid adding those keys back for now. Also please put copies of the below two files into a ZIP file and attach it and perhaps we can get some additional info from them.

C:\WINDOWS\system32\ijl11.dll
C:\WINDOWS\system32\STEC3.sys

 

The ijl11.dll file is part of an Intel Jpeg Library.

The svkp.sys file appears to be related to some kind of software copy protection. Posssibly used for games. If removed some games or the software using it may not work. It would be best to add these registry keys back in to avoid problems with some software you may be using.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

Try running it in safe boot mode.

You will have to worry about Daemon Tools after we finish your cleaning process. You may need to reinstall it which is not something we recommend due to all the problems it cause especially they way it makes your system appear to be infected.

 

What about the below registry patch?


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

Okay that's good. How are things working?

If still having problems using Daemon Tools after reenabling, you may have to reinstall it.

Also as stated earlier, if still having a problem connecting to the internet, you will need to post in the Networking Forum since from your logs it looked like no network interface hardware was installed. I was seeing the below error when trying to check network information. You can google this to check what people have tried but seems there is a lack of success.

Unable to contact IP driver, error code 2

You may want to look at this link: http://www.ehow.com/how_4910210_reinstall-ip-driver-windows-xp.html

If you run into problems trying to fix this, you may be headed towards a clean reinstall.

 

Not a malware problem. Just reinstall whatever software from Google you are using. Post in the Software Forum for any help you need related to this.

Also not a malware problem. Just double click anywhere on the border of the Task Manager form.

It's not missing. It is right where it is supposed to be. The below is right from your logs:

Code:

"C:\Program Files\Internet Explorer\"
iexplore.exe   2004-08-04       93184  "IEXPLORE.EXE"

Since you are not having malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!