lost internet after removal of 3 items with super anti spyware?

removal of malware caused loss of internet (wired connection) wireless router works though. logs are attached. also lost connection prevented combo fix to download recovery console.

 

mgtools log

 

I would like you try the below.

Click Start, and then click Run.
In the Open box, type regedit, and then click OK.
In Registry Editor, locate the following keys, right-click each key, and then click Delete:

• HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
• HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2

When you are prompted to confirm the deletion, click Yes.
Close the Registry Editor.

Locate the Nettcpip.inf file in C:\WINDOWS\inf and then open the file in Notepad.
Locate the [MS_TCPIP.PrimaryInstall] section. Change the Characteristics = 0xA0 entry by replacing 0xA0 with 0x80. Save the file. Exit Notepad.
In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
On the General tab, click Install, select Protocol, and then click Add.
In the Select Network Protocols window, click Have Disk.
In the Copy manufacturer's files from text box, type C:\WINDOWS\inf, and then click OK.
Select Internet Protocol (TCP/IP), and then click OK. It will report as unsigned, this is the one we want! Do not choose Microsoft TCP/IP v6!

Note This step returns you to the Local Area Connection Properties screen. However, the Uninstall button is now available.
Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.
You will be asked to reboot your PC for the changes to take affect, go ahead and do this now.

Once you have rebooted...
In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.
On the General tab, click Install, select Protocol, and then click Add.
In the Select Network Protocols window, click Have Disk.
In the Copy Manufacturer's files from text box, type C:\WINDOWS\inf, and then click OK.
Select Internet Protocol (TCP/IP), and then click OK.
Restart your computer.
Test your Internet connectivity.

 

Above steps performed with no change in internet connectivity.

 

http://img97.imageshack.us/img97/8120/fss.gif Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please attach FSS.txt to your next message. (How to attach)

 

farbar scanner log attached

 

http://img600.imageshack.us/img600/2693/mgtools.gif Now download the latest MGtools.exe to the root of your c: drive.

• Replace your existing MGtools.exe with this one.
• Now run this new MGtools.exe by double-clicking it. (Vista/7 right-click and select Run as Administrator)
• When it is finished, attach c:\MGlogs.zip to your next message. (How to attach)

 

MGtools replaced, log attached

 

I see some proxy settings too, I will post some instructions on how to remove those:

See the below set of instructions:

 

http://img194.imageshack.us/img194/4930/combofix.gif Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]ClearJavaCache::[/COLOR]
[COLOR="DarkRed"]DDS::[/COLOR]
uInternet Settings,ProxyServer = http=127.0.0.1:2829
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
[COLOR="DarkRed"]Domains::[/COLOR]
[COLOR="DarkRed"]FireFox::[/COLOR]
FF - ProfilePath - c:\documents and settings\Skip\Application Data\Mozilla\Firefox\Profiles\r668shef.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 2829
FF - prefs.js: network.proxy.type - 4
[COLOR="DarkRed"]Folder::[/COLOR]
C:\Documents and Settings\Skip\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[COLOR="DarkRed"]Registry::[/COLOR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-

Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.exe on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
http://softvisia.com/users/Night_Raven/Security/cfsdnd2.gif
This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

"notepad drop" on combofix performed log attached, mgtools log attached

 

http://img194.imageshack.us/img194/4930/combofix.gif Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]RegLock::[/COLOR]
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp]
@DACL=(02 0000)
"LLInterface"="WANARP"
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{ED489640-2C4C-4837-9946-819A674DC62D}\00Tcpip\\Parameters\\Interfaces\\{21E5CBB0-6AF8-40B2-9A91-5CCA1BB7F10E}\00\00"
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:40,96,48,ed,4c,2c,37,48,99,46,81,9a,67,4d,c6,2d,b0,cb,e5,21,
   f8,6a,b2,40,9a,91,5c,ca,1b,b7,f1,0e
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Adapters\{69E45AF6-3D89-4A8B-A8E9-BE41052F5C73}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{69E45AF6-3D89-4A8B-A8E9-BE41052F5C73}\00\00"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Adapters\{79CDB7A8-A5D1-426A-A292-3868A42A89BD}]
@DACL=(02 0000)
"LLInterface"="ARP1394"
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{79CDB7A8-A5D1-426A-A292-3868A42A89BD}\00\00"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Adapters\{892900FC-9814-4488-99C0-81491C1EE93D}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{892900FC-9814-4488-99C0-81491C1EE93D}\00\00"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Adapters\{B2B5BEDE-A71B-41BE-8934-47FE2B2718E4}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{B2B5BEDE-A71B-41BE-8934-47FE2B2718E4}\00\00"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{21E5CBB0-6AF8-40B2-9A91-5CCA1BB7F10E}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{69E45AF6-3D89-4A8B-A8E9-BE41052F5C73}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"DefaultGatewayMetric"=multi:"\00"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=multi:"0\00\00"
"UDPAllowedPorts"=multi:"0\00\00"
"RawIPAllowedProtocols"=multi:"0\00\00"
"NTEContextList"=multi:"0x00000002\00\00"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{79CDB7A8-A5D1-426A-A292-3868A42A89BD}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000001
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"DefaultGatewayMetric"=multi:"\00"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=multi:"0\00\00"
"UDPAllowedPorts"=multi:"0\00\00"
"RawIPAllowedProtocols"=multi:"0\00\00"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"DefaultGatewayMetric"=multi:"\00"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=multi:"0\00\00"
"UDPAllowedPorts"=multi:"0\00\00"
"RawIPAllowedProtocols"=multi:"0\00\00"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8950D9B4-DAC3-43C0-80F6-59A118A1F4AF}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{B2B5BEDE-A71B-41BE-8934-47FE2B2718E4}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"DefaultGatewayMetric"=multi:"\00"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=multi:"0\00\00"
"UDPAllowedPorts"=multi:"0\00\00"
"RawIPAllowedProtocols"=multi:"0\00\00"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{CFEBE7FD-6E1F-47B1-A552-19B0A9B14D99}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{DB883CDC-F292-4114-9DAC-223FEC1BDAA9}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED489640-2C4C-4837-9946-819A674DC62D}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.exe on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
http://softvisia.com/users/Night_Raven/Security/cfsdnd2.gif
This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)

Once you are back in Windows, test your internet again.

If it still is not working, complete the following:

Open the Device Manager

Click the http://www.techsupportforum.com/forums/sectools/tetonbob/StartBtn.gif button. > Run - copy and paste this command in the box devmgmt.msc then click OK.

Collapse the Network Adapters list.
Right mouse click: NVIDIA nForce Networking Controller
Choose "Uninstall".
You be asked to confirm your actions, choose OK and let it uninstall.
If it asks you if you want to delete the driver software / files too, say No.
When you have done this and NVIDIA nForce Networking Controller is no longer in the Device Manager list -- Press the Scan for hardware changes button (http://img803.imageshack.us/img803/2868/scanhardware.png) or Action -> Scan for hardware changes
Allow it to reinstall your network adapter.
Reboot for changes to occur.
Test internet once you have rebooted.

 

router also was reset just before the "notepad drop" was performed ..ok?

 

working on next step.stand by,

 

Yes this is fine.

If you find that your internet still does work after completing the above, I want you to run the following .bat file: c:\MGtools\FixNet.bat

It will reboot your computer, after it does and you are back in Windows, attach c:\Mgtools\Fixnet.txt

Then test your internet again.

 

"notepad drop 2" performed, log attached, no internet connectivity. performed reinstall of network adapter, no internet...working on thread #15

 

fixnet.txt attached, no internet connectivity...

 

Attach the ComboFix log, not the CFScript.txt

Have you tested internet with both IE and Firefox? You at least have an IP address on your wired connection, all the required services and drivers are correct. We must be very close.

Can you perform the Device Manager uninstall/reinstall of NVIDIA nForce Networking Controller like you previously did in post #12 once more.

Also let's get some new logs, run the following: C:\MGtools\Getlogs.bat then attach the latest c:\MGlogs.zip

 

sorry getting burned out lol, rebooting for the newtork...

 

have tested with safari,IE,Firefox. also linksys IS recognizing the internet, but still the browsers are down.uninstall/ re installed NVIDIA , MGLogs attached

 

Open up a browser and enter the following into the address bar: 74.125.113.106
then press ENTER

Did google come up?

 

yes!

 

I'd like to get a log from the below:

http://img805.imageshack.us/img805/9659/rktigzy.gif Please download RogueKiller to your desktop.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
When it is finished, there will be a log on your desktop called: RKreport[1].txt
Attach RKreport[1].txt to your next message. (How to attach)

It seems that you just cannot browse via http at the moment. Kind of a unique problem. From what I've read the easiest way be to uninstall and reinstall SP3 for Windows XP.

 

attached

 

http://img205.imageshack.us/img205/4783/regeditb.gif Open Notepad and copy everything in the code box below into it.

Code:

REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-

• File -> Save As -> Save as type: "All Files" -> File Name: fixme.reg > Save.

Now merge this into the registry by double-clicking it.
Let me know if the merge was successful or not.

http://img406.imageshack.us/img406/3189/windowsrepair.gif Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now open Repair_Windows.exe
• Go to Start Repairs tab.
• Choose "Custom Mode" and press "Start".
• Create a System Restore point if prompted.
• In the Custom Mode window, select the following repair options:
  • Repair Internet Explorer
  • Repair MDAC/MS Jet
  • Repair Hosts File
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• If asked to reboot the computer for the changes to take affect, make sure other tasks in the program are not still running before accepting to restart.

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

merge successful

 

If none of the above fixes the problem, I know it's a bit drastic but it's proven to work for some people with this similar issue in the past. Uninstall and reinstall Service Pack 3 for Windows XP.

You can download it here: Microsoft Windows XP Service Pack 3

Going to sleep now. It's past 2am here.

Post your results whenever you get a chance and I will review them tomorrow.

 

goodnight for now to you. thank you for all your time spent, i do appreciate your help. will finish this up and post soon

 

logs zip...no http...moving on to sp3 in the morning.

 

removed sp3 per microsoft tip"Click Start, click Run, type c:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe in the Open box, and then click OK. "
Booted up and reinstalled sp3 rebooted, no internet connectivity. MGlog attached

 

http://img406.imageshack.us/img406/3189/windowsrepair.gif Use Windows Repair by Tweaking.com again.

• Now open Repair_Windows.exe
• Go to Start Repairs tab.
• Choose "Custom Mode" and press "Start".
• Create a System Restore point if prompted.
• In the Custom Mode window, select the following repair options:
  • Reset Registry Permissions
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• If asked to reboot the computer for the changes to take affect, make sure other tasks in the program are not still running before accepting to restart.

Once you have rebooted...

http://img834.imageshack.us/img834/2930/fixiticon.gif Please download Microsoft Fix it 50203 to your desktop.

• Double-click it to run.
• Reboot when asked to.

This will tool will want you to reboot your PC too.
Test your internet when you get back into Windows.

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

steps performed, we have browser capability on IE,firefox, safari, log attached

 

Excellent.

Now we just need to tidy up a bit.

http://img853.imageshack.us/img853/6741/addremovexp.gif From Add/Remove Programs (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 24 (outdated)

http://img823.imageshack.us/img823/2039/msnmsg.gif Please download Disable/Remove Windows Messenger to your desktop.

• Double-click MessengerDisable.exe to run it.
• Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
• Click Apply
• Click Exit

http://img825.imageshack.us/img825/2648/hjt.gif Run C:\MGtools\analyse.exe by double-clicking it (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Choose "Do a system scan only" and select the following lines but do not click fix until you exit all explorer windows and all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4

Delete this bolded folder:

• C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint

http://img195.imageshack.us/img195/9049/javaz.gif Now install the current version of Sun Java from: jre-7u2-windows-i586.exe

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

Let me know how the system is running after you have completed the above steps.

 

browser works fine computer is lagging hard(100%usage), and the windows update icon in tray says "downloading updates 0%". log attached

 

install icon is gone now

 

NO, the icon is back!?

 

Open a command prompt window and type the following: net stop "automatic updates"

Change your Windows Update settings to "Check for updates, but let me choose when to download and install"

They icon may still reappear but only to notify that there are updates available, it won't actually bog down your system by downloading and installing them.

 

internet explorer is very unstable?

 

Provide some examples? Is it only IE that is giving you problems?

 

it is only on IE and it crashes and says it needs to close (twice) then it gives a website error "res://ieframe.dll/acr_error.htm#yahoo.com,http://my.yahoo.com/" unable to restore tabs?

 

You want to try resetting IE settings back to defaults. Perhaps there some addon that is causing it to crash. Additional assistance can be sought out at the Software forum.

Your latest logs are clean.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Take care and be safe!

 

thanks for your time, talents, you have been a great help.

 

You're welcome