Avast error code 10050/No internet connection/Cannot start web shield in Avast

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by dysalguero, Oct 23, 2012.

  1. dysalguero

    dysalguero Private E-2

    I am having a problem in my sister's laptop. She does have antivirus installed (AVG Internet Security). However, its license expired, so I downgraded it to free version. After, downgrading it, I installed Avast! as it's antivirus and decided to uninstall AVG. Then, a few minutes ago after rebooting the laptop, a window opened saying that Trojan is infecting my computer, I heal it.. Then, another pops out. Heal and heal and heal..

    After doing it, I rebooted the laptop thinking that it will refresh the system. Unfortunately, after rebooting, I cannot connect to Internet now. :cry :cry :cry Help me please? I already performed the Malware removing however, it did not help the laptop. I attached the files you asked me.. Please, help please? Thank you!
     

    Attached Files:

    dysalguero, Oct 23, 2012
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please attach the below log from Malwarebytes as requested:
    Code:
    "C:\Users\MSI\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
Oct 23 2012  11802 "mbam-log-2012-10-23 (21-32-26).txt"

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com?si=29053&bs=true&q=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=101702
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com?si=29053&bs=true&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.searchcompletion.com?si=29053&bs=true&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchcompletion.com?si=29053&bs=true&q=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcompletion.com?si=29053&home=true
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=29053&bs=true&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=29053&bs=true&q=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=fmtgl&s={searchTerms}&f=4
    R3 - URLSearchHook: (no name) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - (no file)
    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    R3 - URLSearchHook: (no name) - {c34bfb11-eff0-4123-a7a5-79051ef24cf5} - (no file)
    O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\MSI\AppData\Roaming\Complitly\Complitly.dll
    O4 - Startup: SystweakDisabled

    After clicking Fix, exit HJT.

    Now uninstall the below programs:
    Complitly
    Java(TM) 6 Update 21

    Now install the current version of Sun Java from: Sun Java Runtime Environment


    Please download OTM by Old Timer and save it to your Desktop.
    • Right-click OTM.exe and select Run as administrator to run it.
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Files
C:\Users\MSI\AppData\Roaming\Systweak
C:\Users\MSI\Desktop\1.exe
C:\Program Files\GUTD9CB.tmp
C:\Users\MSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystweakDisabled
C:\Program Files\GUMD9CA.tmp       
C:\$AVG
C:\StartUpManager_scandataINPUT.xml
C:\StartUpManager_scandataOUTPUT.xml
C:\Windows\Temp\TS_6F07.tmp
C:\Users\MSI\AppData\Local\Temp\avguidx.dll
C:\Users\MSI\AppData\Local\Temp\avg_a01736
C:\Users\MSI\AppData\Local\Temp\avg_a00636
C:\Users\MSI\AppData\Local\Temp\GenericWndApi.dll
C:\Users\MSI\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\MSI\AppData\Local\Temp\oi_{27FEDCE8-0BC9-43DC-A638-BD2814DC6D99}.exe
C:\Users\MSI\AppData\Local\Temp\oi_{5FC3A217-24D9-4E1A-8521-B0C4D98B87F7}.exe
C:\Users\MSI\AppData\Local\Temp\Start Advanced System Optimizer.lnk
 
:Reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"DisplayName"="Google"
"URL"="[URL]http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7[/URL]"
"SortIndex"=dword:00000000
"FaviconPath"="C:\\Users\\MSI\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{6A1806CD-94D4-4689-BA73-E35EA1EA9990}.ico"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A2BC9D36-8042-4fc3-9268-6B63AFBD6272}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
:Commands
[purity]
[EmptyTemp]
[start explorer]

[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Oct 25, 2012
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds