Jump to content

Internet not working and cannot install malwarebytes


Recommended Posts

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Thank you,

Kevin...

Fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by V (2016-03-31 14:50:52) Run:2
Running from C:\Users\V\Desktop
Loaded Profiles: V (Available Profiles: V)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  No File
ShellIconOverlayIdentifiers: [! IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9F5B9887-1A08-45B1-9C2F-4822F71E5F0C}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C1EE9DB5-838A-4803-9EF1-B38346C2CC5E}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{EB7D0F81-1C75-471B-BF05-C488B9B9A253}: [DhcpNameServer] 103.8.44.5 103.8.45.5
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-738983395-2509345560-3060673778-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 ACDaemon; no ImagePath
S3 7ByteIo; \??\C:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]
2016-03-28 03:40 - 2016-03-28 03:40 - 00004088 ____H C:\Windows\wlnfptjrbftxzezyaprjtxnvfjxbdidc.tvn
2016-03-28 03:40 - 2016-03-28 03:40 - 00004088 ____H C:\Windows\SysWOW64\wlnfptjrbftxzezyaprjtxnvfjxbdidc.tvn
2016-03-28 03:40 - 2016-03-28 03:40 - 00004088 ____H C:\Users\V\AppData\Local\wlnfptjrbftxzezyaprjtxnvfjxbdidc.tvn
2016-03-28 03:40 - 2016-03-28 03:40 - 00004088 ____H C:\Program Files (x86)\wlnfptjrbftxzezyaprjtxnvfjxbdidc.tvn
2016-03-28 03:40 - 2016-03-28 03:40 - 00000272 ____H C:\Windows\SysWOW64\bfwdcvaxwpslcwgulpgnm.khg
2016-03-28 03:40 - 2016-03-28 03:40 - 00000272 ____H C:\Windows\bfwdcvaxwpslcwgulpgnm.khg
2016-03-28 03:40 - 2016-03-28 03:40 - 00000272 ____H C:\Users\V\AppData\Local\bfwdcvaxwpslcwgulpgnm.khg
2016-03-28 03:40 - 2016-03-28 03:40 - 00000272 ____H C:\Program Files (x86)\bfwdcvaxwpslcwgulpgnm.khg
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
File: C:\Users\V\Desktop\FSS.txt
File: C:\ComboFix.txt
Folder: C:\Qoobox
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\   IDM Shell Extension" => key removed successfully
HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\! IDM Shell Extension" => key removed successfully
HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D} => key not found. 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9F5B9887-1A08-45B1-9C2F-4822F71E5F0C}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C1EE9DB5-838A-4803-9EF1-B38346C2CC5E}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EB7D0F81-1C75-471B-BF05-C488B9B9A253}\\DhcpNameServer => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-738983395-2509345560-3060673778-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
ACDaemon => service removed successfully
7ByteIo => service removed successfully
catchme => service removed successfully
gdrv => service removed successfully
taphss6 => service removed successfully
vpnva => service removed successfully
C:\Windows\wlnfptjrbftxzezyaprjtxnvfjxbdidc.tvn => moved successfully
C:\Windows\SysWOW64\wlnfptjrbftxzezyaprjtxnvfjxbdidc.tvn => moved successfully
C:\Users\V\AppData\Local\wlnfptjrbftxzezyaprjtxnvfjxbdidc.tvn => moved successfully
C:\Program Files (x86)\wlnfptjrbftxzezyaprjtxnvfjxbdidc.tvn => moved successfully
C:\Windows\SysWOW64\bfwdcvaxwpslcwgulpgnm.khg => moved successfully
C:\Windows\bfwdcvaxwpslcwgulpgnm.khg => moved successfully
C:\Users\V\AppData\Local\bfwdcvaxwpslcwgulpgnm.khg => moved successfully
C:\Program Files (x86)\bfwdcvaxwpslcwgulpgnm.khg => moved successfully

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-738983395-2509345560-3060673778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-738983395-2509345560-3060673778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration


Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::25f3:f815:8391:71cc%19
   Default Gateway . . . . . . . . . : 

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Tunnel adapter isatap.Belkin:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Belkin
   Link-local IPv6 Address . . . . . : fe80::25f3:f815:8391:71cc%19
   IPv4 Address. . . . . . . . . . . : 192.168.2.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========================= File: C:\Users\V\Desktop\FSS.txt ========================

File not signed
MD5: B7C584258463A6A3902DF6A65D5C9B4B
Creation and modification date: 2016-03-30 20:13 - 2016-03-30 20:14
Size: 0002738
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 

====== End of File: ======


========================= File: C:\ComboFix.txt ========================

File not signed
MD5: DBDDB8ED55C7E351A2CB459822A1F6E3
Creation and modification date: 2016-03-30 13:13 - 2016-03-30 13:13
Size: 0017297
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 

====== End of File: ======


========================= Folder: C:\Qoobox ========================

2016-03-28 19:54 - 2016-03-30 13:12 - 0003991 _____ () C:\Qoobox\Add-Remove Programs.txt
2016-03-30 13:03 - 2016-03-30 12:57 - 0000302 _____ () C:\Qoobox\CFScript_used_2016-03-30_13.03.27.txt
2016-03-28 19:55 - 2016-03-28 19:55 - 0031507 _____ () C:\Qoobox\ComboFix2.txt
2016-03-28 19:55 - 2016-03-30 13:13 - 0002345 _____ () C:\Qoobox\ComboFix-quarantined-files.txt
2016-03-28 19:40 - 2016-03-28 19:42 - 0000000 ____D () C:\Qoobox\BackEnv
2016-03-28 19:40 - 2016-03-30 13:03 - 0000000 ____D () C:\Qoobox\Quarantine
2016-03-28 19:40 - 2016-03-30 13:01 - 0000102 _____ () C:\Qoobox\Quarantine\catchme.log
2016-03-30 13:03 - 2016-03-30 13:03 - 0000000 _____ () C:\Qoobox\Quarantine\catchme.txt
2016-03-28 19:55 - 2016-03-28 19:55 - 0000000 _____ () C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2016-03-28 19:42 - 2016-03-30 13:11 - 0000000 ____D () C:\Qoobox\Quarantine\C
2016-03-16 20:26 - 2016-03-26 06:51 - 0000818 _____ () C:\Qoobox\Quarantine\C\Autorun.inf.vir
2009-04-07 06:51 - 2009-05-09 12:55 - 0516096 _____ () C:\Qoobox\Quarantine\C\nfkfszsdqxova.bat.vir
2009-04-07 06:51 - 2009-05-09 12:55 - 0516096 _____ () C:\Qoobox\Quarantine\C\rhkdotktejy.bat.vir
2009-04-07 06:51 - 2009-05-09 12:55 - 0516096 _____ () C:\Qoobox\Quarantine\C\rlspenivktmvcmm.bat.vir
2016-03-30 13:11 - 2016-03-30 13:11 - 0000000 ____D () C:\Qoobox\Quarantine\C\Program Files (x86)
2016-03-30 13:11 - 2016-03-30 13:11 - 0000000 ____D () C:\Qoobox\Quarantine\C\Program Files (x86)\Internet Download Manager
2015-12-29 17:53 - 2015-08-14 16:22 - 0025624 _____ (Tonec Inc.) C:\Qoobox\Quarantine\C\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll.vir
2016-03-28 19:50 - 2016-03-28 19:50 - 0000000 ____D () C:\Qoobox\Quarantine\C\ProgramData
2014-12-02 01:18 - 2014-12-11 15:44 - 0000258 _____ () C:\Qoobox\Quarantine\C\ProgramData\ntuser.pol.vir
2016-03-28 19:40 - 2016-03-30 13:12 - 0000000 ____D () C:\Qoobox\Quarantine\Registry_backups
2016-03-28 19:54 - 2016-03-28 19:54 - 0000080 _____ () C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Apoint.reg.dat
2016-03-30 13:12 - 2016-03-30 13:12 - 0000246 _____ () C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{CDC95B92-E27C-4745-A8C5-64A52A78855D}.reg.dat
2016-03-28 19:48 - 2016-03-30 13:10 - 0012243 _____ () C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2016-03-28 19:54 - 2016-03-28 19:54 - 0000122 _____ () C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-rhkdotktejy.reg.dat
2016-03-28 19:54 - 2016-03-28 19:54 - 0000131 _____ () C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-mzzpxznt.reg.dat
2016-03-28 19:54 - 2016-03-28 19:54 - 0000169 _____ () C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-ohnjxfzlzhzhnw.reg.dat
2016-03-28 19:54 - 2016-03-30 13:12 - 0000394 _____ () C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2016-03-28 19:50 - 2016-03-28 19:50 - 0000000 ____D () C:\Qoobox\Quarantine\Replicators
2016-03-28 19:50 - 2016-03-01 19:59 - 0602112 _____ () C:\Qoobox\Quarantine\Replicators\15892A77579CC81DD64460600CD071DA
2016-03-28 19:50 - 2016-03-28 19:38 - 0667648 _____ () C:\Qoobox\Quarantine\Replicators\ABA220C7BC2385A6837E8413218BE6F5

====== End of Folder: ======

EmptyTemp: => 13.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:51:44 ====

Link to post
Share on other sites

Can you download and transfer to sick PC desktop the following:

Download Mirror http://www.majorgeeks.com/mg/getmirror/complete_internet_repair,2.html

Double click the icon and select Extract (accept UAC alert if applicable)

Double click the Complete Internet Repair folder on your desktop.

Run the version relevant to your system, 32 bit or 64 bit.

Double click the CIntRep.exe icon <----32 bit version.

Double click the ClntRep_64.exe icon <--- 64 bit version

 

Place a checkmark next to the following entries:
 

Reset Internet Protocol (TCP/IP)

Repair Winsock (Reset Catalog)

Renew Internet Connections

Flush DNS Resolver Cache

Repair Internet Explorer

Clear Windows Update History

Repair Windows / Automatic Updates

Repair SSL / HTTPS / Cryptography

Reset Windows Firewall Configuration

Restore the default hosts file

Repair Workgroup Computers view


 

Click Go!

Ignore any error messages for now

Click OK to reboot your computer....

 

Is the connection restored?

Link to post
Share on other sites

Please download MiniToolBox from here:

http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

Transfer to sick PC save to desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Next,

Farbar scanner, for use when connection or redirect issues:

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Post those logs....

 

Link to post
Share on other sites

Still the same problem.

 

FSS.txt

 

Quote

Farbar Service Scanner Version: 27-01-2016
Ran by V (administrator) on 03-04-2016 at 18:29:35
Running from "C:\Users\V\Desktop"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Link to post
Share on other sites

Download Portable Windows Repair (all in one) from one of the following:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html
http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Unzip the contents into a newly created folder on your desktop.

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"


user posted image

From the main GUI do the following:


Select Tab 5 and Create System Restore Point


user posted image

Select Repairs tab => Click the Open repairs tab


user posted image

The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start...


user posted image

DON'T use the computer while each scan is in progress.

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log


user posted image


Let me see that log,
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.