Virus Attack

I followed the steps as instructed in the "Read Me First" notice, but I am still having problems. Connection to the Internet is hit and miss. I now have connection to the Internet after following the directed steps, but the pages do not display. I have to refresh a few times before they appear. In Windows 7 (64 bit), when I tick the network discovery and share to "on," it doesn't take, so I cannot access my home network. Is this damage remaining from the viruses? Does a fix exist for these problems?

Attached are the logs:

RogueKiller
Malwarebytes
TDSSKILLER
HitmanPro
MGtools

Your help is greatly appreciated.

 

Thank you so much for your response. I've been beside myself with these viruses.

It appears that the "Read Me First" steps worked--Fingers crossed--, although I'm still having Internet connection issues. I'm not sure whether this is virus related.

I was able to establish a network connection by importing the SharedAccess key from my other computer in the home network.

I don't have the Windows 7 installation disk to complete the next set of steps you have sent me. However, I did download the FANBAR Recovery Scan Tool x64 and completed the scan. It also generated an "addition" log, which I have attached along with the FRST log.

Do the logs look copacetic?

Thank you so much for your assistance.

 

Thank you for the fixlist. I ran it, and I have attached the log and the scan completed after applying the fix.

I noticed that the fixlog shows the following as needing completion outside recovery mode:

Error: The HKCU key should be fixed outside recovery mode.
Error: The HKCU key should be fixed outside recovery mode.
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF => Error: The entry should be fixed outside recovery mode.

However, I noticed in the scan report that they no longer appear.

Before I proceed with the completion of the malware removal as instructed, are the following files/keys questionable and is it safe to have the FANBAR tool remove these?:

HKU\Angelica Duran\...\Run: [AdobeBridge] - [x]
HKLM-x32\...\Run: [] - [x]
HKU\Guest.KENKA\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]

I noticed that they have an "[x]" after the file names. I removed LightScribe from my computer many months ago (if not an year ago). I don't know what the other two are.

I'll continue to monitor my computer for any unusual behavior.

Your help is much appreciated through this arduous process

 

Hi once again

I followed the last steps as directed by completing Step 5 successfully, but Step 6 (Toggle System Restore) doesn't appear to work. The system restore points (8/23/2013; 8/21/2013; 1/20/2013) are still showing up. Is there any way to successfully delete them and create a new system restore point with the clean system?

Thank you for all your help. The computer is running smoothly at this point, and I wouldn't have been able to remove the infection without your help. I'm now hoping to create a clean system restore point.

 

Yes, I disabled it; then I restarted the computer, but when I checked they kept showing up. I just now created a restore point, and when I checked, the other three are not longer showing up. It looks like they were successfully deleted.

I set Internet Explorer 10 to "enable enhanced protection mode" because when I turned on the UAC on to "always notify" IE wouldn't start up, unless I used "run as administrator."

The only problem is that Adobe PDF doesn't work with "enable enhanced protection mode." Do you know of a fix?

Thank you Everything is just about done.