Can't connect to internet after presumed infection

Hi there,

Last night, I printed a .doc file from someone else's USB drive. They've been having issues with a virus or something and I should have scanned the USB drive, but I didn't, and this morning I was not able to connect to the internet. I also did some craft searching via Pinterest, but I didn't think I came across anything weird, but I suppose it could've been from that.

Anyway, I've finally made it through "Read & Run Me First" and below are the logs.

I am running Vista SP2, 64 bit. I didn't run Root Repeal.
I am not sure that Combo Fix or MGTools ran correctly. I can't find a Combo Fix log, and MGTools didn't seem to match my understanding of what I was reading. I might've done something wrong. I did disable User Account Controls at the beginning of the process, as well as CD Emulation software (not even sure what that is?) Windows Firewall, and all of my AV and spyware programs.

I was able to get online for a few minutes after running SUPERAntiSpywhere and a reboot, twice, but was not able to maintain my connection. We have two other computers and two game systems which are all able to get online, so it shouldn't be the router or modem.

Thanks in advance for any help you can give me.

 

Hello,

I am not finding any malware in your logs. What symptoms are you experiencing, other than not being able to connect?

Question: Do you have Akamai NetSession Interface Service installed on the other computers?

For troubleshooting purposes, can you uninstall it from this one with the connectivity issue and see if that helps. Also double-check that the ethernet cable is properly plugged in. Your logs are showing:

Code:

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected

 

Interesting! No, that's not on the computer I'm currently using. I uninstalled it but it doesn't seem to help.

The reason I figured it was malware was because of the timing of the young friend using my computer. Also, the other times someone here has gotten an infection, it has impacted the connectivity.

I think possibly I had my wireless adapter disabled at the time that log was generated. As I disabled Comodo and other things, I was concerned about acquiring another unwelcome issue if this was a dysfunctional connection, so I disabled the adapter, too. It's enabled right now and was showing a connection until a minute ago, and I haven't done anything.

 

When it was showing a connection, were you able to browse?

Leave your ethernet cable plugged in for the below scans:

http://img196.imageshack.us/img196/3557/tdsskiller.gif I want you to read and follow these instructions: TDSSKiller - How to run

http://img97.imageshack.us/img97/8120/fss.gif Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure all the options are checked
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool was run.
• Please attach FSS.txt to your next message. (How to attach)

http://img706.imageshack.us/img706/3941/minitoolbox.gif Please download MiniToolBox and run it on the computer with the issue.

Checkmark following checkboxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List IP configuration
• List Winsock Entries
• List Devices -> All
• List last 10 Event Viewer log

Press Go and attach the result (Result.txt) that pops up. A copy of Result.txt will be saved in the same directory the tool is run.

 

I will hunt down a cable and plug it in and get going on that.

Thanks!

 

Ok

 

Okay, here are the log files.

Oh, and I plugged straight into the modem, and the icon in my system tray reflected a connection to the cable, at least, but not to the internet.

Thanks for your time!

 

Can you reword this please? I am having difficulty understanding what you are trying to tell me here.

I do not think this is malware related as the logs you have provided me with are all clean.

Ultimately I may have to send you to the Networking forum. However, if you would like to continue troubleshooting here - I'd like you to uninstall the following software and reboot afterwards:

• Bonjour
• COMODO Internet Security
• Driver Performer
• Java(TM) 6 Update 20
• Java(TM) 6 Update 29
• OpenDNS Updater 2.2.1
• Spybot - Search & Destroy
• SUPERAntiSpyware

After the reboot if the internet is still not working complete the below steps too:

Download and run avg_remover_stf_x64_2012_1796.exe

Reboot again.

Start -> Control Panel -> Network and Sharing Center -> Change Adapter Settings -> Delete:

• Tunnel adapter Local Area Connection* 7
• Tunnel adapter Local Area Connection* 11

Then run c:\MGtools\FixNet.bat

This reboots your PC again.

__

After the reboot, if the internet is still not working:

http://img17.imageshack.us/img17/3214/baticonvista7.gif Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

I was just saying that even if the cable modem is off, it will still connect to our network, just not the internet.

Also, since uninstalling the listed programs, the afflicted computer no longer communicates with the router at all. I'm getting the following:

APAgent.exe - Unable to Locate Component
This application has failed to start because dnssd.dll was not found. Re-installing the application may fix this problem.

and

AirPort Base Station Agent has stopped working.

Okay, I've done everything up to this point. Is there something between Network and Sharing Center and Change Adapter Settings? I can't find anything that says "Change Adapter Settings"

Thanks for your time!

 

If you are able to reinstall AirPort, uninstall AirPort it since it apparently requires Bonjour to run properly.

__

I use Small Icons while in Control Panel.
Look at the top right while you're in Control Panel. Look for: View By:
Change this to Small Icons

You should now be able to see "Change adapter settings" on the left hand side of the screen after you have clicked: Network and Sharing Center

Let me know if you run into trouble.

 

Okay, I managed to get Bonjour reinstalled and the APX is showing up again, though intermittently. Again.

I still can't find anything that says Change Adapter Settings. I'm attaching screenshots so that you can see what I'm seeing. Maybe I'm in the wrong place?

Thanks for your time!

 

Uninstall both AirPort and Bonjour.

From the 2nd screenshot, choose "Manage Network Connections".

 

Okay, I have uninstalled both Bonjour and AirPort.

I went into "Manage Network Connections". I couldn't find anything about changing adapter settings, but there was "Change settings of this connection". Is that the same thing? If not, then ignore the attached screenshot.

If so, please see the attached screenshot and tell me if something on there equates to Tunnel adapter Local Area Connection* 7 and Tunnel adapter Local Area Connection* 11.

I'm sorry! I don't mean to be thick! Thanks so much for taking the time to try to sort this out. I really appreciate it!

 

Oops! I forgot the screenshot. Sorry! Here it is:

 

No problem.

Here are the next steps I'd like you to take:

Run c:\MGtools\FixNet.bat by right-mouse clicking it and selecting "Run as Administrator".

This reboots your PC.

__

After the reboot, if the internet is still not working:

http://img17.imageshack.us/img17/3214/baticonvista7.gif Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

Still no connection. The network shows up on the list and with a strong signal, but the message I just got says there was no response from the network.

 

http://img825.imageshack.us/img825/2648/hjt.gif Run C:\MGtools\analyse.exe by double-clicking it (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Choose "Do a system scan only" and select the following lines but do not click fix until you exit all explorer windows and all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Mom\AppData\Local\Akamai\netsession_win.exe"

After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4

__

Open the Device Manager

• Press the Windows Logo in the bottom left corner of your screen.
• In the http://billy-oneal.com/forums/10-16-2011%204-33-46%20PM.png box, enter devmgmt.msc and press Enter.

The Device Manager opens.

• Collapse the Network Adapters list.
• Right mouse click: Broadcom NetLink (TM) Gigabit Ethernet
• Choose "Uninstall".
• You be asked to confirm your actions, choose OK and let it uninstall.
• If it asks you if you want to delete the driver software / files too, say No.
• When you have done this and Broadcom NetLink (TM) Gigabit Ethernet is no longer in the Device Manager list -- Press the Scan for hardware changes button (http://img803.imageshack.us/img803/2868/scanhardware.png) or Action -> Scan for hardware changes
• Allow it to reinstall your network adapter.

Do this same process for Intel(R) WiFi Link 5100 AGN which should also be in the Network Adapters list.

• Reboot for changes to occur.
• Test internet once you have rebooted.

 

Steps to follow if the above does not solve the problem:

http://img205.imageshack.us/img205/1894/otl.gif Please download OTL by OldTimer.

• Save it to your desktop.
• Right mouse click on the OTL icon on your desktop and select Run as Administrator
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  activex
  netsvcs
  /md5start
  afd.sys
  i8042prt.sys
  netbt.sys
  nsiproxy.sys
  svchost.exe
  tcpip.sys
  tdx.sys
  /md5stop
  %windir%\$ntuninstallkb*. /120
  %windir%\system32\drivers\*.sys /lockedfiles
  %windir%\*.* /mp
  %windir%\*.* /rp
  %windir%\*.* /sl
  %systemdrive%\mgtools\*.*
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

 

Same story, 6th or 7th verse:

 

This OTL log is clean too.

It could be a multitude of things at this point. Further advice should be sought in the Networking forum.
__

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Be safe

 

Thank you for all of your help, time and patience!

 

You're welcome.