Cannot use search engines (google, yahoo, etc.)

[tellor]

Hello. Two weeks ago my computer received a message that my computer was infected and that I needed to download a specific spyware to combat the problem. I realized it was a money-making scheme and instead downloaded Malwarebytes Anti-Malware. The program ran - see the first attachment from December 20 - and the computer went back to normal.

However, two days ago the problem arose that I could not use any search engine. I have attached the Malwarebytes log ran last night - December 31.

How can I correct the problem. Please note that I am not computer-savvy. I'm fine with downloading software, but my knowledge ends there.

Thanks for any advice, and Happy New Year!

 

[Luckymasu]

Do you use Facebook?

The problem may have arisen from there.

 

[Luckymasu]

Do you use Facebook?

The problem may have arisen from there.

 

[tellor]

Do you use Facebook?

The problem may have arisen from there.

Yes, I used Facebook around 2-3 times a week.

 

[Bobbye]

Welcome to TechSpot, tellor. I'll help with the malware..

Bur first, I'd like you to complete the steps HERE.

When you have finished, please leave all 3 logs in your next reply.

Mbam shows extensive infections on both dates, but that alone isn't sufficient for me to help you. I'll review the logs after you post them. Please delete the 2 current Mbam logs, update and rescan with Malwarebytes as instructed in the steps.

 

[tellor]

Welcome to TechSpot, tellor. I'll help with the malware..

Bur first, I'd like you to complete the steps HERE.

When you have finished, please leave all 3 logs in your next reply.

Mbam shows extensive infections on both dates, but that alone isn't sufficient for me to help you. I'll review the logs after you post them. Please delete the 2 current Mbam logs, update and rescan with Malwarebytes as instructed in the steps.

Thank you for the response. I am about to use CCleaner. The 8-step instructions note this:

Run the program and make sure all the boxes are ticked under the Windows and Applications tabs, including "Advanced" tabs(except for the Old prefetch Data option, this should be unticked)

When I check some of the boxes, warnings pop up. Should I ignore them and tick everything except Old prefetch Data option? I'm sorry, I am just afraid that I may mess up my computer even more.

Thanks.

 

[Bobbye]

Better to just follow the screen prompts.

 

[tellor]

Here are my logs:

Thank you.

 

[tellor]

Do you use Facebook?

The problem may have arisen from there.

I just found out that my Facebook account had been hacked. A message with a web site link was sent to my friends' inboxes.

 

[tellor]

Here are my logs:

Thank you.

Could someone please review the attached logs? Thanks

 

[Bobbye]

Please reopen HijackThis to 'do system scan only.' Check the following if present: Note: Do not click on 'Fix Checked' until ALL of the entries have been checked:

Start with this entry:

O1 - Hosts: 74.125.45.100 4-open-davinci.com..........................

--------------check ALL of the following 01 entries through the entry below---------------------

O1 - Hosts: 95.211.99.111 google.co.uk

This will be 101 entries> ALL of the 01 - Hosts entries.

Close all Windows except HijackThis and click on "Fix Checked."

Reboot the system. Empty the Recycle Bin

There are still entries from the Eset Security running. Did you replace that with Avira? IF so, here are the instructions for the uninstall:

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Uninstall Eset Security"

• 
  [1] Click Start → Programs → ESET → Uninstall. After you uninstall, you will need to restart your computer.
  (Warning: Do not attempt to uninstall your ESET security product using the Windows Add or Remove Programs utility from the Control Panel.)
  [2] After restarting, confirm that you can see hidden files and folders by clicking Start → Control Panel → Folder Options → View and select the Show hidden files and folders option.
  [3] Click Start → My Computer and then navigate to and delete the following folders:
  C:\Program Files\ESET
  C:\Documents and Settings\All Users\Application Data\ESET
  C:\Documents and Settings\%USER%\Application Data\ESET

Reboot the computer back into Normal Mode when finished.

Then download the following:
MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.

When you have finished, rescan with HiJackThis and include new log in next reply.

We'll go from there.

 

[tellor]

I must be doing something wrong. I followed your instructions regarding HIJACK THIS. I checked all of the boxes and clicked FIX. Then, I restarted the computer. I checked the Recycle Bin, but nothing was in it. As such, I checked HIJACK THIS again, but the files that I deleted were still there. Should I remove ESET first?

Thank you.

 

[Bobbye]

Check this first:
Right click on the Recycle Bin> Properties> make sure there is NO check in "Do not move files to Recycle Bin"> Set slider to at least 10%> Apply> OK

When you say the files you checked for removal are still there, are you referring to the 01 entries for Hosts files?

You have a rogue program called PC Live Guard. Most of it if not all can be removed using Malwarebytes. Your scan found it- it just has more entries. Instead of going through all of the manual removal processes, please use Combofix. If necessary, we can reset the Host files when through::

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.

Important! Save the renamed download to your desktop.

• Double click on the setup file on the desktop to run
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
• When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
  
• Query- Recovery Console image
  
  
  
  
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
  
  
• Click on Yes, to continue scanning for malware.
  
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Rescan with HijackThis when through.

Attach both Combofix report and new HijackThis log in next reply.