also @ TechSpot: HP Envy/Pavilion revamp, more touchscreens, 3200x1800 LCD, 20" tablet

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Trojan rootkit proxy problem, can't connect to Internet

Discussion in 'Virus and Malware Removal' started by Miles54321, Sep 5, 2012.

Page 2 of 3

Jay Pfoutz Malware Helper Posts: 4,286 +49
Let's switch to this tool here...

Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.

Click on Search.

A logfile will automatically open after the scan has finished.

Please post the content of that logfile in your reply.

You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
Jay Pfoutz, Sep 9, 2012

#21
Miles54321 Newcomer, in training Posts: 34

# AdwCleaner v2.001 - Logfile created 09/09/2012 at 13:03:45
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\owner\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\drdespqo.default\searchplugins\Plusnetwork.xml
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\Veoh_Web_Player
Folder Found : C:\Program Files (x86)\vShare
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\owner\AppData\Local\Conduit
Folder Found : C:\Users\owner\AppData\Local\Linkury
Folder Found : C:\Users\owner\AppData\Local\OpenCandy
Folder Found : C:\Users\owner\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\owner\AppData\LocalLow\bbrs_002.tb
Folder Found : C:\Users\owner\AppData\LocalLow\Conduit
Folder Found : C:\Users\owner\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\owner\AppData\LocalLow\PriceGong
Folder Found : C:\Users\owner\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\owner\AppData\LocalLow\Veoh_Web_Player
Folder Found : C:\Users\owner\AppData\LocalLow\vShare
Folder Found : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\drdespqo.default\extensions\bbrs_002@blabbers.com
Folder Found : C:\Users\owner\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Veoh_Web_Player
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8D1083C-0E25-4F27-B653-A472DF656396}
Key Found : HKCU\Software\vShare
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\Software\BrowserCompanion
Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\Messenger Plus!\OpenCandy
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D8D1083C-0E25-4F27-B653-A472DF656396}
Key Found : HKLM\Software\Veoh_Web_Player
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8D1083C-0E25-4F27-B653-A472DF656396}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28912070-AE8B-4C0B-804D-DFC8454F2E84}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Veoh_Web_Player Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-700293270-161366171-2932116839-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKU\S-1-5-21-700293270-161366171-2932116839-1001\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Found : HKU\S-1-5-21-700293270-161366171-2932116839-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKU\S-1-5-21-700293270-161366171-2932116839-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.plusnetwork.com/?sp=hp

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\drdespqo.default\prefs.js

Found : user_pref("keyword.URL", "hxxp://www.plusnetwork.com/?sp=addr&q=");

-\\ Google Chrome v21.0.1180.83

File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.11.2109.0

File : C:\Users\owner\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9320 octets] - [09/09/2012 13:03:45]

########## EOF - C:\AdwCleaner[R1].txt - [9380 octets] ##########

Miles54321, Sep 9, 2012

#22
Jay Pfoutz Malware Helper Posts: 4,286 +49
AdwCleaner Fix

Please close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with OK.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile in your reply.

You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log.
Jay Pfoutz, Sep 10, 2012

#23
Miles54321 Newcomer, in training Posts: 34

# AdwCleaner v2.001 - Logfile created 09/10/2012 at 15:49:17
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\owner\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\drdespqo.default\searchplugins\Plusnetwork.xml
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Veoh_Web_Player
Folder Deleted : C:\Program Files (x86)\vShare
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\owner\AppData\Local\Conduit
Folder Deleted : C:\Users\owner\AppData\Local\Linkury
Folder Deleted : C:\Users\owner\AppData\Local\OpenCandy
Folder Deleted : C:\Users\owner\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\owner\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Users\owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\owner\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\owner\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\owner\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\owner\AppData\LocalLow\Veoh_Web_Player
Folder Deleted : C:\Users\owner\AppData\LocalLow\vShare
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\drdespqo.default\extensions\bbrs_002@blabbers.com
Folder Deleted : C:\Users\owner\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Veoh_Web_Player
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8D1083C-0E25-4F27-B653-A472DF656396}
Key Deleted : HKCU\Software\vShare
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\Messenger Plus!\OpenCandy
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D8D1083C-0E25-4F27-B653-A472DF656396}
Key Deleted : HKLM\Software\Veoh_Web_Player
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8D1083C-0E25-4F27-B653-A472DF656396}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28912070-AE8B-4C0B-804D-DFC8454F2E84}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Veoh_Web_Player Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.plusnetwork.com/?sp=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\drdespqo.default\prefs.js

Deleted : user_pref("keyword.URL", "hxxp://www.plusnetwork.com/?sp=addr&q=");

-\\ Google Chrome v21.0.1180.83

File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.11.2109.0

File : C:\Users\owner\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9419 octets] - [09/09/2012 13:03:45]
AdwCleaner[S2].txt - [8855 octets] - [10/09/2012 15:49:17]

########## EOF - C:\AdwCleaner[S2].txt - [8915 octets] ##########

Miles54321, Sep 10, 2012

#24
Miles54321 Newcomer, in training Posts: 34

It still will not allow me to update as I can't get access to the internet still, there is therefore still a problem

Miles54321, Sep 10, 2012

#25

Jay Pfoutz Malware Helper Posts: 4,286 +49

Please download RenewMyDNS by DragonMaster Jay.

Save it to your Desktop.

Double-click RenewMyDNS.exe to start the program.

Follow the prompts, and when finished it will launch a log.

Post that log in your next reply.

After posting the log, delete RenewMyDNS.exe

Jay Pfoutz, Sep 11, 2012

#26

Miles54321 Newcomer, in training Posts: 34

Here's the log and thanks for the program

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.3.2

Microsoft Windows [Version 6.1.7601]

``````````Network and DNS Information``````````

Windows IP Configuration

Host Name . . . . . . . . . . . . : owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel(R) 82578DC Gigabit Network Connection
Physical Address. . . . . . . . . : 90-FB-A6-86-D5-B9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dcf8:d6e5:beea:5fc%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 11 September 2012 09:43:04
Lease Expires . . . . . . . . . . : 18 October 2148 16:19:58
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 194050982
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-61-A6-9B-90-FB-A6-86-D5-B9
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:82e:2c99:a9ec:85c0(Preferred)
Link-local IPv6 Address . . . . . : fe80::82e:2c99:a9ec:85c0%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

``````````Speed-test - Ping``````````

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=306ms TTL=52
Reply from 72.30.38.140: bytes=32 time=274ms TTL=52
Reply from 72.30.38.140: bytes=32 time=413ms TTL=52
Reply from 72.30.38.140: bytes=32 time=648ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 274ms, Maximum = 648ms, Average = 410ms

Pinging geekpolice.net [64.202.189.170] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 64.202.189.170:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Pinging facebook.com [66.220.158.70] with 32 bytes of data:
Reply from 66.220.158.70: bytes=32 time=93ms TTL=242
Reply from 66.220.158.70: bytes=32 time=92ms TTL=242
Reply from 66.220.158.70: bytes=32 time=90ms TTL=242
Reply from 66.220.158.70: bytes=32 time=90ms TTL=242

Ping statistics for 66.220.158.70:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 93ms, Average = 91ms

Pinging google.com [173.194.41.161] with 32 bytes of data:
Reply from 173.194.41.161: bytes=32 time=21ms TTL=53
Reply from 173.194.41.161: bytes=32 time=21ms TTL=55
Reply from 173.194.41.161: bytes=32 time=21ms TTL=54
Reply from 173.194.41.161: bytes=32 time=18ms TTL=55

Ping statistics for 173.194.41.161:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 21ms, Average = 20ms

********************
EOF

Miles54321, Sep 11, 2012

#27
Jay Pfoutz Malware Helper Posts: 4,286 +49

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=306ms TTL=52
Reply from 72.30.38.140: bytes=32 time=274ms TTL=52
Reply from 72.30.38.140: bytes=32 time=413ms TTL=52
Reply from 72.30.38.140: bytes=32 time=648ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 274ms, Maximum = 648ms, Average = 410ms

Pinging facebook.com [66.220.158.70] with 32 bytes of data:
Reply from 66.220.158.70: bytes=32 time=93ms TTL=242
Reply from 66.220.158.70: bytes=32 time=92ms TTL=242
Reply from 66.220.158.70: bytes=32 time=90ms TTL=242
Reply from 66.220.158.70: bytes=32 time=90ms TTL=242

Ping statistics for 66.220.158.70:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 93ms, Average = 91ms

Pinging google.com [173.194.41.161] with 32 bytes of data:
Reply from 173.194.41.161: bytes=32 time=21ms TTL=53
Reply from 173.194.41.161: bytes=32 time=21ms TTL=55
Reply from 173.194.41.161: bytes=32 time=21ms TTL=54
Reply from 173.194.41.161: bytes=32 time=18ms TTL=55

Ping statistics for 173.194.41.161:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 21ms, Average = 20ms

These all had responses...no proxies are enabled. You're saying you cannot connect to sites from any browser?

Jay Pfoutz, Sep 11, 2012

#28
Miles54321 Newcomer, in training Posts: 34

I still cant connect yeh, with a browser or a VOIP program like ventrilo

But in the bottom left when im in google chrome it says "resolving proxy" so perhaps the programs are missing the proxy registry file the virus put there

Miles54321, Sep 11, 2012

#29
Jay Pfoutz Malware Helper Posts: 4,286 +49

Probably something VPN screwed up actually.

In Chrome, hit the wrench icon, select Settings.

Hit the link: Show Advanced Settings...

Under Network, hit Change Proxy Settings.

It will popup with the Internet Properties dialog. Hit LAN Settings. Uncheck "Use a proxy server for your LAN".

Let me know how this works.

Jay Pfoutz, Sep 11, 2012

#30
Miles54321 Newcomer, in training Posts: 34

I already have the proxy box unchecked, I checked and unchecked it again and pressed OK but nothing worked, the only thing I had checked in that window was automatically detect settings

Miles54321, Sep 11, 2012

#31
Jay Pfoutz Malware Helper Posts: 4,286 +49

Uncheck Automatically Detect Settings and see what happens.

Jay Pfoutz, Sep 12, 2012

#32
Miles54321 Newcomer, in training Posts: 34

Ok, I took off "Automatically detect settings" and I still got no webpage appearing

Miles54321, Sep 12, 2012

#33
Jay Pfoutz Malware Helper Posts: 4,286 +49

I can get back to you in a little while, but I need to know what browsers you have so I can further investigate the issue. Also, what error messages, if any, are appearing? Or is just no connection in the browsers?

Jay Pfoutz, Sep 13, 2012

#34
Miles54321 Newcomer, in training Posts: 34

There's no internet connection in any of my progams such as steam, ventrilo, msn messenger so I don't believe its a browser issue

The browsers I use are Internet Explorer, Google Chrome and Mozilla Firefox
Here are the messages:

IE 9 Version 9.0.8112.16421

Internet Explorer cannot display the webpage

What you can try:

Diagnose Connection Problems

More information

This problem can be caused by a variety of issues, including:
•Internet connectivity has been lost.
•The website is temporarily unavailable.
•The Domain Name Server (DNS) is not reachable.
•The Domain Name Server (DNS) does not have a listing for the website's domain.
•There might be a typing error in the address.
•If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.

For offline users

You can still view subscribed feeds and some recently viewed webpages.
To view subscribed feeds:
1.Click the Favorites button , click Feeds, and then click the feed you want to view.

To view recently visited webpages (might not work on all pages):
1.Press Alt, click File, and then click Work Offline.
2.Click the Favorites button , click History, and then click the page you want to view.

Google Chrome Version 21 - 21.0.1180.83 m

This webpage is not available
Google Chrome's connection attempt to www.google.co.uk was rejected. The website may be down, or your network may not be properly configured.
Here are some suggestions:
Reload this webpage later.
Check your Internet connection. Restart any router, modem, or other network devices you may be using.
Add Google Chrome as a permitted program in your firewall's or antivirus software's settings. If it is already a permitted program, try deleting it from the list of permitted programs and adding it again.
If you use a proxy server, check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don't believe you should be using a proxy server, adjust your proxy settings: Go to the wrench menu > Settings > Show advanced settings... > Change proxy settings... > LAN Settings and deselect the "Use a proxy server for your LAN" checkbox.
Error 102 (net::ERR_CONNECTION_REFUSED): The server refused the connection.

Mozilla Firefox 15.0

Unable to connect

Firefox can't establish a connection to the server at www.youtube.com.

The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.

Miles54321, Sep 13, 2012

#35
Jay Pfoutz Malware Helper Posts: 4,286 +49

Gotcha. Appears the Winsock has been terminated somehow.

Press start, then run and enter cmd - then hit OK.

In the command prompt window, press in the following code exactly:

netsh winsock reset catalog

Then, exit out.
==

Do you have Internet after performing the above process?

Jay Pfoutz, Sep 14, 2012

#36
Miles54321 Newcomer, in training Posts: 34

I typed it in, and it told me to restart which I did and the internet still didn't work, both google chrome and firefox and ventrilo my voip program

Miles54321, Sep 14, 2012

#37
Jay Pfoutz Malware Helper Posts: 4,286 +49

Please copy and paste the following in to Notepad:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"GlobalMaxTcpWindowSize"="256960"
"TcpWindowSize"="256960"
"DefaultTTL"="64"
"EnablePMTUDiscovery"="1"
"DisableTaskOffload"="0"

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer"=dword:00000010
"MaxConnectionsPer1_0Server"=dword:00000010

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer"=dword:00000010
"MaxConnectionsPer1_0Server"=dword:00000010

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters]
"SizReqBuf"="16384"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"MaxCmds"=dword:00000064
"MaxThreads"=dword:00000064
"MaxCollectionCount"="65535"

Then click File > Save as
File name: internetFIX.reg
Save as type: All Files
Location: Desktop

==

Once saved, Exit Notepad, and double-click on internetFIX.reg and confirm the prompts.

Then, restart your computer.

Let me know if this works or not.

Jay Pfoutz, Sep 15, 2012

#38
Miles54321 Newcomer, in training Posts: 34

I accepted the prompts and added it into my registry but when I restarted my computer it didn't work, msn is taking ages to sign in rather than giving me a connection error so im still waiting on it, other than that the others like ventrilo, my web browsers are all giving me the same error messages I sent you and none can connect to the internet still

Miles54321, Sep 16, 2012

#39
Jay Pfoutz Malware Helper Posts: 4,286 +49

Open it go Tools>Internet options>Advanced tab and click on "Reset" button.
Restart IE.

Also....

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.

Jay Pfoutz, Sep 16, 2012

#40

Page 2 of 3

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.