Unable to connect to internet.

[manishteotia]

Hello,

3 weeks ago I was not able to open gmail on my laptop due to error: “your browser cookie is turned off.please turn it on” however I was able to open it using another computer. I Google this error and tried several solution but nothing worked.
After 3-4 days of above problem my internet started showing abnormal behavior, whenever I open a site it open something else and when I go back using Back button then it opens the site I entered.
Then I scanned my computer for malware using information for Security Shield virus on your site (I had Security Shield virus issue 2-3 months ago and after following your instructions I was able to clear it). This time I was not able to proceed with HitmanPro because it asks for activation key. HitmanPro caught several items in list but not allowed to fix them .
After 1 week of above problem my laptop stopped connecting to internet(LAN and Wireless both) however internet is working fine on other computer.It’s already more than 2 weeks that I am unable to connect to internet.

I am guessing this internet problem is also due to some virus because my firewall setting are off and I am unable to turn it on. Whenever I try to turn it on it says that “Due to some identified problem, unable to turn it on”. Also 2 days ago I installed 1 month trial version of avast antivirus to scan for virus it found 2-3 items and deleted them but no luck in internet. Also, I am not able to turn on real time scanning in Avast.

Please help me in resolving my problem.

Many thanks in advance.

Regards,
Manish

 

[Fiery]

Hi, Welcome to the forums!

May I know what your operating system is?

 

[manishteotia]

Hi Fiery,

I am using Vista 32-Bit.

Thank you.
--Manish

 

[Fiery]

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For x32 (x86) bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a flash drive.
For x64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
<>To enter System Recovery Options by using Windows installation disc:</>
<ul>
<li>Insert the installation disc.</li>
<li>Restart your computer.</li>
<li>If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.</li>
<li>Click <>Repair your computer</>.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account and click <>Next</>.</li>
</ul>
<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> (for x64 bit version type <><span style="color: #ff0000;">e</span>:\frst64</>) and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close out this message, then type the following into the search box:
<>services.exe</></li>
<li>Now press the <>Search</> button</li>
<li>When the search is complete, search.txt will also be written to your USB</li>
<li>Type <>exit</> and reboot the computer normally</li>
<li>Please copy and paste both logs in your reply.(FRST.txt and Search.txt)</li></li>
</ol>
</ul>

 

[manishteotia]

Hi.
I am not able to see Repair your computer item under Advanced Boot Options.

Only the available options are to start computer in safe mode, command mode, normally etc.

Please help.

Thank you
- Manish

 

[Fiery]

Hi Manish, let's try a different program as your system may not have system recovery. Please transfer the following tool to your infected PC if it can't access the internet.

Download OTL by Old Timer from here and save it to your Desktop.

• Double click on OTL.exe to run it.
• Click the Scan All Users checkbox.
• Change Standard Registry to All
• Check the boxes beside LOP Check and Purity Check
• Click on Quick Scan at the top left hand corner.
• When done, two Notepad files will open.
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please attach the contents of these 2 Notepad files in your next reply.

---

1. Download aswmbr.exe from the below link:
   aswMBR DOWNLOAD LINK <em>(This link will automatically download aswMBR on your computer)</em>
2. Double click the aswMBR.exe to run it.
   
3. Click the [Scan] button to start scan
   
   
4. On completion of the scan click [Save log], save it to your desktop and post in your next reply.
   
   

 

[manishteotia]

Hi Fiery,

Please find the attached lo file.

Thank you
- Manish

 

[Fiery]

Hi, let's start fixing your computer Please perform the following scan/fixes in the order I presented them.

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
O2 - BHO: (no name) - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - No CLSID value found.
[2010/07/16 12:00:05 | 000,004,974 | ---- | C] () -- C:\Users\manish\AppData\Roaming\3r1FtB.full.jpeg
[2010/07/14 12:06:14 | 000,004,070 | ---- | C] () -- C:\Users\manish\AppData\Roaming\1FNLrd.full.jpeg
[2010/07/14 11:51:38 | 000,006,375 | ---- | C] () -- C:\Users\manish\AppData\Roaming\CjgH.full.jpeg
[2010/07/11 15:20:40 | 000,006,316 | ---- | C] () -- C:\Users\manish\AppData\Roaming\ZLi5u9.full.jpeg
[2010/07/11 13:29:50 | 000,005,820 | ---- | C] () -- C:\Users\manish\AppData\Roaming\me.piya90@rediffmail.com6L25PK1KYKlU1Rov9WokTbtKrGm1HUr0.full.jpeg
[2010/07/10 17:24:40 | 000,006,276 | ---- | C] () -- C:\Users\manish\AppData\Roaming\3i2FG9.full.jpeg
[2010/07/08 10:31:53 | 000,007,927 | ---- | C] () -- C:\Users\manish\AppData\Roaming\hxtRvp.full.jpeg
[2010/07/08 10:31:41 | 000,008,390 | ---- | C] () -- C:\Users\manish\AppData\Roaming\De5gtB.full.jpeg
[2010/07/06 18:44:30 | 000,008,272 | ---- | C] () -- C:\Users\manish\AppData\Roaming\z7FG3U.full.jpeg
[2010/07/04 23:32:50 | 000,004,164 | ---- | C] () -- C:\Users\manish\AppData\Roaming\6oLGNR.full.jpeg
[2010/07/03 22:20:08 | 000,004,639 | ---- | C] () -- C:\Users\manish\AppData\Roaming\Lmfefj.full.jpeg
[2010/07/03 19:41:26 | 000,008,183 | ---- | C] () -- C:\Users\manish\AppData\Roaming\rnzSKl.full.jpeg
[2010/07/02 21:12:15 | 000,004,793 | ---- | C] () -- C:\Users\manish\AppData\Roaming\arOSeT.full.jpeg
[2010/07/02 14:50:29 | 000,005,650 | ---- | C] () -- C:\Users\manish\AppData\Roaming\NUmhP2.full.jpeg
[2010/07/02 14:10:15 | 000,006,781 | ---- | C] () -- C:\Users\manish\AppData\Roaming\PjIKB2.full.jpeg
[2010/06/28 14:07:43 | 000,004,918 | ---- | C] () -- C:\Users\manish\AppData\Roaming\Q2ql2n.full.jpeg
[2010/06/28 00:08:35 | 000,008,102 | ---- | C] () -- C:\Users\manish\AppData\Roaming\ZbdRiD.full.jpeg
[2010/06/27 08:34:44 | 000,005,820 | ---- | C] () -- C:\Users\manish\AppData\Roaming\innocent9183@rediffmail.com6L25PK1KZKHGHxcxUOVtgUABbqrvyXTV.full.jpeg
[2010/06/26 15:44:21 | 000,005,459 | ---- | C] () -- C:\Users\manish\AppData\Roaming\AIsVN2.full.jpeg
[2010/06/26 14:48:26 | 000,009,856 | ---- | C] () -- C:\Users\manish\AppData\Roaming\VcHMx3.full.jpeg
[2010/06/26 00:30:35 | 000,011,037 | ---- | C] () -- C:\Users\manish\AppData\Roaming\xUIKke.full.jpeg
[2010/06/26 00:09:52 | 000,003,578 | ---- | C] () -- C:\Users\manish\AppData\Roaming\dYAA6Z.full.jpeg
[2010/06/25 10:52:19 | 000,006,563 | ---- | C] () -- C:\Users\manish\AppData\Roaming\c70vEb.full.jpeg
[2010/06/25 10:47:18 | 000,007,111 | ---- | C] () -- C:\Users\manish\AppData\Roaming\mJacNC.full.jpeg
[2010/06/25 10:36:02 | 000,004,731 | ---- | C] () -- C:\Users\manish\AppData\Roaming\h4Kv8a.full.jpeg
[2010/06/25 10:08:11 | 000,007,250 | ---- | C] () -- C:\Users\manish\AppData\Roaming\2qYapl.full.jpeg
[2010/06/24 10:57:27 | 000,004,283 | ---- | C] () -- C:\Users\manish\AppData\Roaming\q93XIC.full.jpeg
[2009/12/21 11:36:41 | 000,004,486 | ---- | C] () -- C:\Users\manish\AppData\Roaming\5TTr80.full.jpeg
[2009/12/08 22:24:29 | 000,005,820 | ---- | C] () -- C:\Users\manish\AppData\Roaming\default.full.jpeg
[2009/12/06 15:20:23 | 000,000,135 | ---- | C] () -- C:\Users\manish\AppData\Roaming\default.rss
[2009/11/15 00:46:42 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\LTHSa4.thumbnail
[2009/11/15 00:44:05 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\S9ia62.thumbnail
[2009/11/15 00:26:06 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\crVYES.thumbnail
[2009/11/15 00:25:50 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\jCXG8u.thumbnail
[2009/11/15 00:19:17 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\QmSPU.thumbnail
[2009/11/15 00:18:25 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\ccR2jr.thumbnail
[2009/11/15 00:10:42 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\Vm0pPl.thumbnail
[2009/11/14 21:52:25 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\GGNjX7.thumbnail
[2009/11/14 21:46:50 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\FOtMc.thumbnail
[2009/11/14 21:43:16 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\G2Zbxc.thumbnail
[2009/11/14 21:43:16 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\EAXyIo.thumbnail
[2009/11/14 21:43:15 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\CE99bN.thumbnail
[2009/11/13 17:03:52 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\RrTfqk.thumbnail
[2009/11/13 17:03:51 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\m3QrSo.thumbnail
[2009/11/13 17:03:50 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\ySIDPI.thumbnail
[2009/11/13 17:03:50 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\uznVKC.thumbnail
[2009/11/13 17:03:50 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\OnQdLv.thumbnail
[2009/11/13 17:03:50 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\DJbs8a.thumbnail
[2009/11/13 17:03:49 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\ikN6XC.thumbnail
[2009/11/13 17:03:49 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\BbcOVy.thumbnail
[2009/11/11 19:53:49 | 000,000,009 | ---- | C] () -- C:\Users\manish\AppData\Roaming\HcA6CV.thumbnail
[2009/11/11 19:51:20 | 000,000,009 | ---- | C] () -- C:\Users\manish\AppData\Roaming\lgps4F.thumbnail
[2009/11/11 19:51:19 | 000,000,009 | ---- | C] () -- C:\Users\manish\AppData\Roaming\SCIdcb.thumbnail
[2009/11/11 19:51:19 | 000,000,009 | ---- | C] () -- C:\Users\manish\AppData\Roaming\3jqHfC.thumbnail
[2009/11/10 20:25:48 | 000,000,009 | ---- | C] () -- C:\Users\manish\AppData\Roaming\LqcFFt.thumbnail
[2009/11/10 20:25:48 | 000,000,009 | ---- | C] () -- C:\Users\manish\AppData\Roaming\bDAJKA.thumbnail
[2009/11/10 20:25:48 | 000,000,009 | ---- | C] () -- C:\Users\manish\AppData\Roaming\7D0gvR.thumbnail
[2009/11/10 20:25:48 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\iDTCxt.thumbnail
[2009/11/10 20:25:47 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\LPsDio.thumbnail
[2009/11/10 20:25:47 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\HMPmZ.thumbnail
[2009/11/10 20:25:47 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\f0FUEx.thumbnail
[2009/11/10 20:25:47 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\dYAA6Z.thumbnail
[2009/11/10 20:25:47 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\ae3Ih0.thumbnail
[2009/11/10 20:25:46 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\7Sh1jY.thumbnail
[2009/11/10 20:25:45 | 000,000,009 | ---- | C] () -- C:\Users\manish\AppData\Roaming\Z3P5ZX.thumbnail
[2009/11/10 20:25:45 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\CAp9kC.thumbnail
[2009/11/10 20:25:45 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\bhS1eC.thumbnail
[2009/11/05 18:43:59 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/03 19:45:32 | 000,005,512 | ---- | C] () -- C:\Users\manish\AppData\Roaming\A84I18.full.jpeg
[2009/11/03 19:43:17 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\EgfXjx.thumbnail
[2009/11/03 19:40:07 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\A84I18.thumbnail
[2009/11/03 19:37:14 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\JfJHio.thumbnail
[2009/11/03 19:34:52 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\5bAxm.thumbnail
[2009/11/03 19:34:15 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\Y0Goh2.thumbnail
[2009/11/03 19:33:09 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\rZCuci.thumbnail
[2009/11/03 19:32:55 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\VOK2ZA.thumbnail
[2009/11/03 19:15:20 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\OuZJmB.thumbnail
[2009/11/03 19:14:55 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\brDSc4.thumbnail
[2009/11/03 19:13:56 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\nzEhu.thumbnail
[2009/11/03 19:12:16 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\vy1ek.thumbnail
[2009/11/03 19:12:16 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\usnL5K.thumbnail
[2009/11/03 19:12:16 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\qOEVCM.thumbnail
[2009/11/03 19:12:16 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\N3guia.thumbnail
[2009/11/03 19:12:16 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\Lg74JP.thumbnail
[2009/11/03 19:12:16 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\IEiUzq.thumbnail
[2009/11/03 19:12:16 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\fuzprj.thumbnail
[2009/11/03 19:12:15 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\xjbh3O.thumbnail
[2009/11/03 19:12:15 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\tKQC6V.thumbnail
[2009/11/03 19:12:15 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\sT2lcG.thumbnail
[2009/11/03 19:12:15 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\p3qvZc.thumbnail
[2009/11/03 19:12:15 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\NTei99.thumbnail
[2009/11/03 19:12:15 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\Iuba8z.thumbnail
[2009/11/03 19:12:15 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\ijTpO6.thumbnail
[2009/11/03 19:12:15 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\HXzEy5.thumbnail
[2009/11/03 19:12:15 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\Ggg0lB.thumbnail
[2009/11/03 19:12:15 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\DHno2g.thumbnail
[2009/11/03 19:12:15 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\aiXvBQ.thumbnail
[2009/11/03 19:12:14 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\ZHSkzP.thumbnail
[2009/11/03 19:12:14 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\SdDL7Z.thumbnail
[2009/11/03 19:12:14 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\Qzn3gT.thumbnail
[2009/11/03 19:12:14 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\OCvK1e.thumbnail
[2009/11/03 19:12:14 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\k86Uqu.thumbnail
[2009/11/03 19:12:14 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\HURQuB.thumbnail
[2009/11/03 19:12:14 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\g1ggel.thumbnail
[2009/11/03 19:12:14 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\ekDMQ.thumbnail
[2009/11/03 19:12:14 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\default.thumbnail
[2009/11/03 19:12:14 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\7SmB73.thumbnail
[2009/11/03 19:12:14 | 000,000,000 | ---- | C] () -- C:\Users\manish\AppData\Roaming\3zZ6fQ.thumbnail
[2009/10/29 20:42:52 | 000,001,607 | ---- | C] () -- C:\Users\manish\AppData\Roaming\default.full.swf
[2009/10/29 20:42:19 | 000,000,914 | ---- | C] () -- C:\Users\manish\AppData\Roaming\animationbg.jpg
[2009/10/05 08:50:44 | 000,024,206 | ---- | C] () -- C:\Users\manish\AppData\Roaming\UserTile.png
[2010/08/21 20:19:58 | 000,005,820 | ---- | C] () -- C:\Users\manish\AppData\Roaming\jiya_2kool@rediffmail.com6L25PK1KYK7zbOB4qhuQwLrxDHC1VVy0.full.jpeg
[2010/08/10 20:15:34 | 000,005,820 | ---- | C] () -- C:\Users\manish\AppData\Roaming\me.piya90@rediffmail.com6L25PK1KEKZEHTUR8mQ9uoC656sUcFnV.full.jpeg
[2010/08/07 20:32:26 | 000,007,227 | ---- | C] () -- C:\Users\manish\AppData\Roaming\nLTb0n.full.jpeg


:Files
C:\ProgramData\Mh2kKTxV.exe.b
C:\ProgramData\Mh2kKTxV.exe_.b
C:\ProgramData\m0158Eub3.dat
C:\Users\manish\AppData\Roaming\Oxvequ
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]
[reboot]

Then click Run Fix. Post the log afterwards.

---

Download TDSSkiller from here

• Double-Click on TDSSKiller.exe to run the application
• When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
• After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
  
  
• click Start scan .
  
• If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
• If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

---

Please download ComboFix from one of these locations:

<a title="External link" href="http://download.bleepingcomputer.com/sUBs/ComboFix.exe" rel="external"><>Link 1</></a>
<a title="External link" href="http://www.infospyware.net/antimalware/combofix/" rel="external"><>Link 2</></a>

<>* IMPORTANT !!! Save ComboFix to your Desktop as Combo-Fix.exe</>
<ul>
<li>Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="external">HERE</a> for help</li>
<li>Double click on Combo-Fix & follow the prompts.</li>
<li>As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's ly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.</li>
<li>Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.</li>
</ul>
**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

<img src="http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif" alt="Posted Image" />
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

<img src="http://img.photobucket.com/albums/v706/ried7/whatnext.png" alt="Posted Image" />
Click on <>Yes</>, to continue scanning for malware.

When finished, ComboFix will produce a log.

<>Note:</>
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

 

[manishteotia]

Hi Fiery,

Thank you very much. I am now able to connect to Internet.

Attached are the logs for your reference.

Anyways, This is great it works very well I just wanted to say thank you for helping I was scared that my PC was done. I will tell everyone about this website. My ratings for you is 5 stars.
Thanks a lot again.

-- Manish

 

[Fiery]

Hi Manish,

You are very welcome Although you now have access to the internet, we are not quite finish yet.

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

---

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

---

Also download AVG Remover here (http://www.avg.com/ca-en/utilities) to remove the remnants of AVG left on your PC. Choose the AVG Remover(32bit) 2013one

 

[manishteotia]

Hi Fiery,

I ran steps as suggested. Following is the outcome:

Malwarebytes Anti-Rootkit:
--------------------------
Message displayed: congratulations, no cleanup is required.
Attached: nmbar-log.txt and system-log.txt


Malwarebytes Anti-Malware:
--------------------------
Message displayed: No malicious items were detected.
Attached: mbam-log-2013-01-09 (10-04-51).txt


AVG Remove
--------------
Removed.
Attached: avgremover_msilog.txt

Please let me know if now all is well for my laptop.

Thank you.
-Manish

 

[Fiery]

Everything looking good, we will be done soon

Download List Parts and do a scan. Post the log (Results.txt) in the next reply.

---

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
  • Scan unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• Re-enable your antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

 

[manishteotia]

Here are the attached logs.

ESET scanner found 4 threats but not removed. Please suggest.

Thank you-Manish

 

[Fiery]

Hi, one of them is a modification of your user preference in Firefox, not a malware. The others are either false positive or temporary files that can easily been clean out.

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
[2010/06/08 11:29:34 | 000,000,921 | ---- | M] () -- C:\Users\manish\AppData\Roaming\Mozilla\Firefox\Profiles\zfhkkuxj.default\searchplugins\conduit.xml

:files
C:\Users\manish\AppData\Roaming\Mozilla\Firefox\Profiles\zfhkkuxj.default\user.js

:Commands
[EMPTYTEMP]
[reboot]

Then click Run Fix. Post the log afterwards.


Other than that, how is your PC running?

 

[manishteotia]

Hi Fiery,

Please see the attached log file.

System is running good now. I did not notice any problem.
Thank you again.

-Manish

 

[Fiery]

Judging from your logs, if you are no longer experiencing any other issues, your PC is clean!

Double click on OTL to run it

• Click on the Cleanup button at the top.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
• This will remove itself and other tools we may have used.

---

Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link

---

Keep your system updated

• Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
• Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
• Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

---

I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

• avast! 7 Home Edition - Don't use it with Online Armor
• Avira AntiVir Personal
• Microsoft Security Essentials

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.

• Online Armor
• Comodo Firewall - If you are an advance user

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

---

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.

• KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
• AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
• NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
• Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

• AdBlock

---

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

• CCleaner
• Malwarebytes Anti-Malware

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask

 

[manishteotia]

Hi Fiery,

Your steps works very well I just wanted to say thank you for helping me. I was scared that my PC was done. You solved my problem and saved a lot of time and trouble.
Thanks a lot again.

-- Manish

 

[Fiery]

You're welcome

 

[manishteotia]

Hi Fiery,

I noticed 1 thing in my laptop that Hibernate option is missing from the list whereas every other option is available like; Switch User, Log Off, Lock, Restart, Sleep and Shut Down.

Please note that before Cleanup and System Restore activities I was able to see Hibernate option.

Please suggest

-- Manish

 

[Fiery]

Hi Manish,

That may happen if the cleanup tool is used on Vista machines. Download the automatic Fixit from http://support.microsoft.com/kb/929658 by Microsoft and your problem should be solved

Fiery