Solved Virus won't allow my laptop to connect to internet at all

AJRoss94 · Dec 20, 2013

OTL:

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine\Search Protection folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\ScorpionSaver\tests folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\ScorpionSaver\lib folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\ScorpionSaver\data folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\ScorpionSaver folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib\window folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib\system folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib\private-browsing folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib\l10n folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib\event folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib\addon folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\lib folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils\data folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\api-utils folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\addon-kit\lib folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\addon-kit\data folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources\addon-kit folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\resources folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\locale folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\defaults\preferences folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack\defaults folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver@jetpack folder moved successfully.
C:\FRST\Quarantine\ScorpionSaver folder moved successfully.
C:\FRST\Quarantine\oclgomenfkljhfkfflghppidonpkljjg\5.0_0 folder moved successfully.
C:\FRST\Quarantine\oclgomenfkljhfkfflghppidonpkljjg folder moved successfully.
C:\FRST\Quarantine\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons folder moved successfully.
C:\FRST\Quarantine\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts folder moved successfully.
C:\FRST\Quarantine\Best Buy pc app\3.2.0420.05\Resources\StaticResources folder moved successfully.
C:\FRST\Quarantine\Best Buy pc app\3.2.0420.05\Resources\Localization\en-US\RTFs folder moved successfully.
C:\FRST\Quarantine\Best Buy pc app\3.2.0420.05\Resources\Localization\en-US folder moved successfully.
C:\FRST\Quarantine\Best Buy pc app\3.2.0420.05\Resources\Localization folder moved successfully.
C:\FRST\Quarantine\Best Buy pc app\3.2.0420.05\Resources folder moved successfully.
C:\FRST\Quarantine\Best Buy pc app\3.2.0420.05 folder moved successfully.
C:\FRST\Quarantine\Best Buy pc app folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Andrew
->Temp folder emptied: 3951310 bytes
->Temporary Internet Files folder emptied: 334540 bytes
->Java cache emptied: 594285 bytes
->FireFox cache emptied: 110697671 bytes
->Google Chrome cache emptied: 32780955 bytes
->Flash cache emptied: 82781 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1128530 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 77972 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 143.00 mb
[EMPTYJAVA]
User: All Users
User: Andrew
->Java cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Andrew
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12202013_170320

Files\Folders moved on Reboot...
C:\Users\Andrew\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QPB6WVVG\index[1].htm moved successfully.
C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOVH45QM\dinpro-medium-webfont[1].eot moved successfully.
C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\temp\~DFD83ADB70FAF61523.TMP moved successfully.
File move failed. C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

AJRoss94 · Dec 20, 2013

Security checkup:

Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java 7 Update 45
Adobe Flash Player 11.9.900.170
Adobe Reader XI
Mozilla Firefox 23.0.1 Firefox out of Date!
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

AJRoss94 · Dec 20, 2013

FSS:

Farbar Service Scanner Version: 05-12-2013
Ran by Andrew (administrator) on 20-12-2013 at 17:42:13
Running from "C:\Users\Andrew\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

AJRoss94 · Dec 20, 2013

ESET:

C:\Qoobox\Quarantine\C\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogeooilicmmelinljimlihiafhpkdh\1\51621224cee319.86570269.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofonjpakhpipiijgghcljklmhekiiej\1\516212cbbad863.06362280.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\temp\InstallServices64.msi multiple threats deleted - quarantined
C:\_OTL\MovedFiles\12202013_170320\C_FRST\Quarantine\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js Win32/AdWare.Adpeak.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\12202013_170320\C_FRST\Quarantine\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js.old Win32/AdWare.Adpeak.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\12202013_170320\C_FRST\Quarantine\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\manifest.json Win32/AdWare.Adpeak.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\12202013_170320\C_FRST\Quarantine\ScorpionSaver\CustomActionInstall a variant of Win32/AdWare.Adpeak.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\12202013_170320\C_FRST\Quarantine\ScorpionSaver\CustomActionUninstall a variant of Win32/AdWare.Adpeak.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\12202013_170320\C_FRST\Quarantine\ScorpionSaver\IECore.dll a variant of Win32/AdWare.Adpeak.B application cleaned by deleting - quarantined

Broni · Dec 20, 2013

Update Firefox to the current 26.0 version.

==================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

AJRoss94 · Dec 21, 2013

Here's the last OTL:

All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Andrew
->Temp folder emptied: 16060 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20238500 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17502 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 19.00 mb
[EMPTYFLASH]
User: All Users
User: Andrew
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: All Users
User: Andrew
->Java cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Java Files Cleaned = 0.00 mb
System Restore Service not available.
OTL by OldTimer - Version 3.2.69.0 log created on 12212013_002910

Files\Folders moved on Reboot...
C:\Users\Andrew\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\temp\~DF0B978750649E7FF5.TMP moved successfully.
File move failed. C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

AJRoss94 · Dec 21, 2013

Computer is running fine. Thank you =]

Broni · Dec 21, 2013

Way to go!!
Good luck and stay safe

Solved Virus won't allow my laptop to connect to internet at all

AJRoss94

Posts: 71 +0

AJRoss94

Posts: 71 +0

AJRoss94

Posts: 71 +0

AJRoss94

Posts: 71 +0

Broni

Posts: 56,041 +516

AJRoss94

Posts: 71 +0

AJRoss94

Posts: 71 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts