TechSpot

Can only connect to Internet in safe mode

By Zemo
Mar 17, 2009
Topic Status:
Not open for further replies.
  1. Hello,
    I'm working on a friend's laptop and I just removed about 20 trojans using Avira's AntiVir program. Everything seems to be working fine now, except for the fact that I cannot connect to the internet unless I boot into safe mode with networking. And even when I am in safe mode, I can't download any Windows updates (message says "The website has encountered a problem and cannot display the page you are trying to view"), nor can I update the existing anti-vurus software on the machine (Trend Micro)... it just freezes and does nothing. I am hoping that someone can take a look at the Hijackthis log-file (attached) to see if there is anything listed that might be causing this problem.
    Thanks for any help!!
    Zemo
  2. kritius

    kritius TS Guru Posts: 2,087

    I need you to follow all the steps HERE and then post back with the three requested logs as attachments
    • Malwarebytes
    • SAS
    • Hijackthis
    Dont forget to make sure that Malwarebytes is set to remove the results.

    When running HJT make sure that it's run in normal mode as opposed to safe mode.
  3. Zemo

    Zemo TS Rookie Topic Starter

    Here are the logs you requested. Thank you for your help!!
  4. Zemo

    Zemo TS Rookie Topic Starter

    FYI - after running these scans and cleaning up everything the programs found, the system is fully functional again with no error messages. :)
  5. kritius

    kritius TS Guru Posts: 2,087

    Delete Domains



    Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.



    Hosts File Corrupted



    Download HostsXpert v4.1 and unzip it to your computer, somewhere where you can find it.
    • Double click on HostsXpert.exe to launch the program.
    • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
    • Click on Make ReadOnly to secure it against further infection.
    • Exit the program.

    Visit the Website for more information.


    Fix entries using HiJackThis

    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below


    O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
    O2 - BHO: (no name) - {79079250-9B03-54D9-C810-71AB5209A236} - (no file)
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKCU\..\Policies\Explorer\Run: [svcho] C:\WINDOWS\svcho.exe
    O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
    O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)


    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    Delete the following files and folders,
    C:\Program Files\ppcbooster
    C:\WINDOWS\svcho.exe
    C:\Program Files\p2pmax

    This next step is purely optional however viewpoint is considered foistware and is not needed on your computer,



    Go to Start > Run and copy/paste or type: taskmgr

    • Under the Processes tab find the following tasks or processes:

      ViewpointService.exe

      ViewMgr.exe

    • Highlight and click "End Process".
    • Exit Task Manager.

    Click on Start > Run and type: services.msc

    • Press "OK".
    • Click the "Extended tab".
    • Scroll down the list and find the service called "Viewpoint Manager Service"
    • When you find the service, double-click on it.
    • In the Properties Window > General Tab that opens, click the "Stop" button.
    • From the drop-down menu next to "Startup Type", click on "Disabled".
    • Now click "Apply", then "OK" and close any open windows.

    Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.



    Finally, delete the following folders if they still exist:

    C:\Program Files\ViewManager\ <-- and delete this folder

    C:\Program Files\Viewpoint\ <-- and delete this folder


    To get an Uninstall List from HijackThis:

    • Open HijackThis, click Config, click Misc Tools
    • Click "Open Uninstall Manager"
    • Click "Save List" (generates uninstall_list.txt)
    • Click Save, copy and paste the results in your next post.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.