TechSpot

Cannot access internet to be able to download & follow preliminary instructions!

Inactive-A
By rojomateus
Jun 1, 2013
Topic Status:
Not open for further replies.
  1. Hi

    Was having a problem with a virus (on my laptop) which seemed to be redirecting google search to different websites and also had pop up's advertising - however somewhere while following a fix I have now lost the capacity to access the internet - I have the warning yellow triangle with exclamation mark - but it says limited access - no browser (IE, Chrome or Firefox) will let me go to a website so although I have a malwarebytes log (because it was already installed) I cannot follow the next step as I cannot do the download. Typing this on my imac
  2. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    Download necessary tools on your Mac and use USB flash drive to transfer them to this computer.
  3. rojomateus

    rojomateus TS Rookie Topic Starter

    Thank you

    Was nervous about doing this in case anything else went wrong!

    Here are the results:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.27.06

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 10.0.9200.16576
    user :: ACER-5230EA [administrator]

    01/06/2013 19:36:01
    mbam-log-2013-06-01 (19-36-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 222807
    Time elapsed: 6 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.17.2
    Run by user at 6:23:14 on 2013-06-02
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.1977.1090 [GMT 1:00]
    .
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\1Password\Agile1pService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
    C:\Program Files\Jungle Disk Simply Backup\JungleDiskSimplyBackup.exe
    C:\Windows\system32\lxedcoms.exe
    C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\Windows\system32\NLSSRV32.EXE
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Lexmark S600 Series\lxedmon.exe
    C:\Program Files\Lexmark S600 Series\ezprint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Leawo\Video Accelerator\VideoAccelerator.exe
    C:\Program Files\TouchFreeze\TouchFreeze.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\TechSmith\Jing\Jing.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Jungle Disk Simply Backup\JungleDiskSimplyBackup.exe
    C:\Program Files\TechSmith\Snagit 11\Snagit32.exe
    C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\TechSmith\Snagit 11\SnagPriv.exe
    C:\Program Files\Leawo\Video Accelerator\FLVPlayer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\svchost.exe -k SDRSVC
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: 1Password: {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - c:\program files\1password\Agile1pIE.dll
    BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
    BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - c:\program files\inbox toolbar\Inbox.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
    TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -
    TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Video Accelerator] "c:\program files\leawo\video accelerator\VideoAccelerator.exe" -auto
    uRun: [TouchFreeze] c:\program files\touchfreeze\TouchFreeze.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
    mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [lxedmon.exe] "c:\program files\lexmark s600 series\lxedmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark s600 series\ezprint.exe"
    mRun: [EPSON_UD_START] "c:\program files\epson projector\epson usb display v1.5\EMP_UD.exe" -UDCONNECT
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\jungle~1.lnk - c:\program files\jungle disk simply backup\JungleDiskSimplyBackup.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 11\Snagit32.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - c:\program files\1password\Agile1pIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\program files\inbox toolbar\Inbox.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\k0kl4qrz.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine -
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2013-05-10 11:33; d0b7msrom@gz-I.net; c:\users\user\appdata\roaming\mozilla\firefox\profiles\k0kl4qrz.default\extensions\d0b7msrom@gz-I.net
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 Agile1Password;1Password;c:\program files\1password\Agile1pService.exe [2011-11-7 767240]
    R2 EMP_UDSA;EMP_UDSA;c:\program files\epson projector\epson usb display v1.5\EMP_UDSA.exe [2012-11-19 98304]
    R2 JungleDiskSimplyBackupService;JungleDiskSimplyBackupService;c:\program files\jungle disk simply backup\JungleDiskSimplyBackup.exe [2011-5-17 7332168]
    R2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe -service --> c:\windows\system32\lxedcoms.exe -service [?]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-6-24 196928]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-6-24 65856]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-3-11 1153368]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [2012-11-19 17664]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxedserv.exe [2012-8-9 193192]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-14 15872]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-9 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-26 1343400]
    .
    =============== Created Last 30 ================
    .
    2013-06-01 15:09:30--------d-sh--w-C:\$RECYCLE.BIN
    2013-06-01 14:48:51--------d-s---w-C:\ComboFix
    2013-05-27 22:29:16--------d-----w-c:\programdata\HitmanPro
    2013-05-27 21:59:4498816----a-w-c:\windows\sed.exe
    2013-05-27 21:59:44256000----a-w-c:\windows\PEV.exe
    2013-05-27 21:59:44208896----a-w-c:\windows\MBR.exe
    2013-05-27 21:59:34--------d-----w-c:\users\user\appdata\local\CrashDumps
    2013-05-27 21:55:276906960----a-w-c:\programdata\microsoft\windows defender\definition updates\{3fc054c5-075e-406b-ac1f-ac50ec469e53}\mpengine.dll
    2013-05-27 20:58:12--------d-----w-c:\users\user\appdata\roaming\SUPERAntiSpyware.com
    2013-05-27 20:58:00--------d-----w-c:\programdata\SUPERAntiSpyware.com
    2013-05-27 20:58:00--------d-----w-c:\program files\SUPERAntiSpyware
    2013-05-27 18:39:31--------d-----w-C:\Program Files (x86)
    2013-05-27 17:55:55--------d-----w-c:\users\user\appdata\local\Programs
    2013-05-27 08:59:469728---ha-w-c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-05-24 11:40:30262552----a-w-c:\program files\mozilla firefox\browser\components\browsercomps.dll
    2013-05-24 10:42:58--------d-----w-c:\users\user\appdata\local\Macromedia
    2013-05-24 10:42:38692104----a-w-c:\windows\system32\FlashPlayerApp.exe
    2013-05-16 11:11:28--------d-----w-C:\7f71d58cf1e13845edafc196938ad37a
    2013-05-16 09:46:372347520----a-w-c:\windows\system32\win32k.sys
    2013-05-16 09:46:34728424----a-w-c:\windows\system32\drivers\dxgkrnl.sys
    2013-05-16 09:46:34218984----a-w-c:\windows\system32\drivers\dxgmms1.sys
    2013-05-16 09:46:2747104----a-w-c:\windows\system32\appinfo.dll
    2013-05-16 09:46:271796096----a-w-c:\windows\system32\authui.dll
    2013-05-16 09:46:27101720----a-w-c:\windows\system32\consent.exe
    2013-05-10 07:57:26187456----a-w-c:\program files\internet explorer\plugins\nppdf32.dll
    2013-05-04 13:00:37--------d-----w-c:\users\user\appdata\roaming\NCdownloader
    2013-05-04 06:45:07--------d-----w-c:\programdata\StarApp
    2013-05-04 06:45:00--------d-----w-c:\program files\ContinueToSave
    2013-05-04 06:43:54--------d-----w-c:\programdata\InstallMate
    .
    ==================== Find3M ====================
    .
    2013-05-27 08:59:46906240----a-w-c:\windows\system32\FntCache.dll
    2013-05-24 10:42:3871048----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-04-12 13:45:291211752----a-w-c:\windows\system32\drivers\ntfs.sys
    2013-04-04 13:50:3222856----a-w-c:\windows\system32\drivers\mbam.sys
    2013-03-19 05:04:133968856----a-w-c:\windows\system32\ntkrnlpa.exe
    2013-03-19 05:04:103913560----a-w-c:\windows\system32\ntoskrnl.exe
    2013-03-19 04:48:4538912----a-w-c:\windows\system32\csrsrv.dll
    2013-03-19 02:49:1669632----a-w-c:\windows\system32\smss.exe
    2013-03-16 14:45:0694112----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2013-03-16 14:45:06861088----a-w-c:\windows\system32\npDeployJava1.dll
    2013-03-16 14:45:06782240----a-w-c:\windows\system32\deployJava1.dll
    .
    ============= FINISH: 6:24:53.36 ===============


    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 25/06/2010 12:01:28
    System Uptime: 02/06/2013 06:17:11 (0 hours ago)
    .
    Motherboard: Acer | | Homa
    Processor: Genuine Intel(R) CPU T1600 @ 1.66GHz | U2E1 | 1662/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 192.207 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP188: 03/05/2013 12:28:47 - Scheduled Checkpoint
    RP189: 12/05/2013 13:02:32 - Scheduled Checkpoint
    RP190: 21/05/2013 09:54:23 - Windows Update
    RP191: 27/05/2013 09:53:41 - Windows Update
    RP192: 01/06/2013 14:57:25 - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Leawo Free FLV Converter version 2.5.0.0
    Update for Microsoft Office 2007 (KB2508958)
    1Password 1.0.9.231
    ABBYY FineReader 6.0 Sprint
    Accounts
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.7)
    Amazon MP3 Downloader 1.0.9
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    BitZipper 2010
    Bonjour
    Camtasia Studio 8
    CCleaner
    ContinueToSave 1.74
    Dropbox
    EasyBook
    Epson USB Display
    Fix Redirect Virus
    Free PDF to Word Converter 5.1.0.379
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Inbox Toolbar
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Internet Explorer (Enable DEP)
    iTunes
    Java 7 Update 17
    Java Auto Updater
    Jing
    join.me
    Jungle Disk Simply Backup
    K-Lite Codec Pack 5.4.4 (Basic)
    Leawo Free Video Accelerator Version: 3.0.5.0
    Lexmark Printable Web
    Lexmark S600 Series
    Lexmark Toolbar
    Lexmark Tools for Office
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ Run Time Lib Setup
    Mozilla Firefox 21.0 (x86 en-US)
    Mozilla Maintenance Service
    Nitro PDF Professional
    Prezi Desktop
    PRS-500 USB driver
    QuickTime
    Reader Library by Sony
    Reflector
    Sage 50 Accounts 2008
    Sage SBD Desktop Install
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skype Toolbars
    Skypeô 5.10
    Snagit 11
    Spybot - Search & Destroy
    SUPERAntiSpyware
    TouchFreeze
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
    Windows Mobile Device Center
    WinZip 15.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    28/05/2013 21:23:25, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    27/05/2013 23:14:24, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    02/06/2013 06:22:04, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    02/06/2013 06:18:33, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    02/06/2013 06:17:30, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxedCATSCustConnectService service to connect.
    02/06/2013 06:17:30, Error: Service Control Manager [7000] - The lxedCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    01/06/2013 15:02:44, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.
    .
    ==== End Of File ===========================
  4. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    I don't see any AV program running but we'll get back to it since you can't connect now.

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  5. rojomateus

    rojomateus TS Rookie Topic Starter

    Hi - sorry - not sure what I am meant to be downloading? is it something called Faber Service Scanner? Don't seem to be able to download this to the usb
  6. rojomateus

    rojomateus TS Rookie Topic Starter

    Sorry - got it to work. This is the result:

    Farbar Service Scanner Version: 31-05-2013 01
    Ran by user (administrator) on 02-06-2013 at 16:16:36
    Running from "E:\"
    Windows 7 Ultimate Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is set to Disabled. The default start type is Auto.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error.
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error.
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\ipnathlp.dll => MD5 is legit
    C:\Windows\system32\iphlpsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
  7. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Go Start and in "Start search" type:
    services.msc
    Press Enter.

    Services window will open.
    Find DHCP Client service.
    Right click on it, click "Properties".
    Under "Startup type" select "Automatic" from drop down menu.
    Click OK.

    Restart computer and see if your connection is back.
  8. rojomateus

    rojomateus TS Rookie Topic Starter

    Yes - many thanks - surprising as I had tried this a number of times previously - but think things got altered when I was trying to sort the virus - but thank you - now can you help with the pop ups/redirect ads please?
  9. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Good news :)

    [​IMG] I don't see any AV program running.

    Install ONE of these:

    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
    You can keep it or you have to disable it before installing another AV program. How to...

    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    Update, run full scan, report on any findings.
    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  10. rojomateus

    rojomateus TS Rookie Topic Starter

    Hi Downloaded Avast antivirus - it found nothing.

    Report from Roguekiller:

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : user [Admin rights]
    Mode : Remove -- Date : 06/02/2013 22:35:51
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] iTunesSetup.exe -- C:\Windows\temp\avast_ash\iTunes (32 Bit)\iTunesSetup.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD2500BEVT-00A23T0 ATA Device +++++
    --- User ---
    [MBR] 59488b7bb6dc24ca53012bb290182325
    [BSP] 5681ed32f69e2ba273bc805360b58ced : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[3]_D_06022013_02d2235.txt >>
    RKreport[1]_S_06022013_02d2218.txt ; RKreport[2]_D_06022013_02d2224.txt ; RKreport[3]_D_06022013_02d2235.txt


    Report from MBAR said scan finished and nothing found - could not find any reports?
  11. rojomateus

    rojomateus TS Rookie Topic Starter

    And it would appear from my brief trying of things that the ads and diverts have stopped? - going to end here for tonight but will check again in the morning - happy to follow any further advice that you give me.

    Many thanks
     
  12. Broni

    Broni Malware Annihilator Posts: 46,787   +254

  13. rojomateus

    rojomateus TS Rookie Topic Starter

    Many many thanks - will keep you informed when I get a chance to fully check later today. Donate made!
  14. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    We're not done yet.
    I still need MBAR logs.
  15. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Still with me?
  16. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.