Been thru the readme for vista, now internet doesnt work

Welcome to Major Geeks!

On the PC with the problem, how do you connect to the internet (dial-up, DSL, cable)?
Also answer the below

• do you use a router
• is your network connection setup for DHCP (that is, to obtain an IP Address automatically)
• are there any errors showing in device manager for your hardware especially for your Network Adapter

Can you copy the log files from the problem PC to your working PC using a flashdrive or floppy...etc so that you can attach them?

 

Okay but the question is whether it is DSL or cable. If DSL you could have an issue due to the items you mentioned with the yellow ! which means those features are not working and they are required for authentication.

I suggest that you try using System Restore to go back to a restore point just prior to running the READ & RUN ME to see if you can get your connection back. We can remove any malware manually later.

 

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below log:

• C:\MGlogs.zip

 

The MGlogs.zip file you have is the old one already posted. You cannot post the same log again and it does not have the new info. You will need to redownload MGtools.exe and run it again to attach a new log.

 

Okay let's continue with manual removal steps. This PC is very baddly infected. I'm not sure where you are surfing or what you are downloading but you need to be more selective and more careful.

Uninstall the below old versions of software:
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) SE Runtime Environment 6

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O4 - HKLM\..\Run: [6443a713] rundll32.exe "C:\Users\Nick\AppData\Local\Temp\uawucurr.dll",b
O4 - HKLM\..\Run: [BM6770948f] Rundll32.exe "C:\Users\Nick\AppData\Local\Temp\bgogruev.dll",s
O4 - HKCU\..\Run: [BM6770948f] Rundll32.exe "C:\Users\Nick\AppData\Local\Temp\bgogruev.dll",s
O4 - HKCU\..\Run: [6443a713] rundll32.exe "C:\Users\Nick\AppData\Local\Temp\uawucurr.dll",b
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot, copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

None of the items I asked you to fix with analyse.exe were fixed. Did you remember to put check marks on each item, and then close all browsers, and then click Fix checked? Try the analyse.exe fix again. Avenger worked okay and you don't need to do it again. But after doing the analyse.exe fix, I will need a new MGlogs.zip file obtained from running GetLogs.bat again.

 

That's much better. Your logs are clean now. I do have to ask about one item I see running which I feel is an unnecessary waste of system resources. Did you knowingly install the Kontiki stuff? See this: http://www.castlecops.com/s1758-KHost_exe.html

 

Did you uninstall these? I would if you don't need them.

This is one reason why I questioned it being here. It is installed without your knowledge and does not provide a method to uninstall. These are two traits of malware whether the program is really malware or not. We can remove it if you want. Just let me know.

While none of the infections that you had were known to be password/information stealers, it would not hurt you to do so just to be on the safe side.

 

You're welcome.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to KService
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run C:\MGtools\analyse.exe which is really HijackThis, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteKService into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix aother item.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all

After clicking Fix, exit HJT.

Now reboot your PC.

After reboot, delete the below folder:
C:\Program Files\Kontiki

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.


Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!