No internet, desktop icons rearranging

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by dlmcmurr, Mar 24, 2013.

  1. dlmcmurr

    dlmcmurr Private E-2

    Ran all the tools as listed in the instructions and still no internet access plus the desktop icons keep sorting and moving themselves. Files are attached.

    Thanks,
    David
     

    Attached Files:

    dlmcmurr, Mar 24, 2013
    #1
  2. dlmcmurr

    dlmcmurr Private E-2

    I hope you'll forgive the bump, but its been 35 hours and I've seen every thread active except mine. It seems to have been missed. I do know that the volunteers here do have have a life. Thanks for your consideration.

    David
     
    dlmcmurr, Mar 25, 2013
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R3 - URLSearchHook: RadioHoops Toolbar - {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} - C:\Program Files\RadioHoops\prxtbRad0.dll
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: RadioHoops - {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} - C:\Program Files\RadioHoops\prxtbRad0.dll
    O3 - Toolbar: RadioHoops Toolbar - {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} - C:\Program Files\RadioHoops\prxtbRad0.dll

    After clicking Fix, exit HJT.

    Now uninstall the below software:
    Java(TM) 6 Update 20
    RadioHoops Toolbar
    Viewpoint Media Player

    Now install the current version of Sun Java from: Sun Java Runtime Environment


    Please download OTM by Old Timer and save it to your Desktop.
    • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Files
C:\WINDOWS\Tasks\SentryBayUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\SentryBayUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\SpeedyPC Update Version3.job
C:\WINDOWS\Tasks\SpeedyPC Registration3.job
C:\RECYCLER\S-1-5-18\$aa80bc6bf9145bf825b8ce2a7f1dddb0\@
C:\RECYCLER\S-1-5-18\$aa80bc6bf9145bf825b8ce2a7f1dddb0\U
C:\RECYCLER\S-1-5-18\$aa80bc6bf9145bf825b8ce2a7f1dddb0\L
C:\RECYCLER\S-1-5-18\$aa80bc6bf9145bf825b8ce2a7f1dddb0
C:\Documents and Settings\Administrator\Application Data\Inbox Toolbar
C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
C:\Program Files\Inbox Toolbar
C:\WINDOWS\Tasks\SpeedyPC Update Version3.job
C:\WINDOWS\Tasks\SpeedyPC Registration3.job
C:\WINDOWS\Temp\*.*
C:\Documents and Settings\Administrator\Local Settings\Temp\*.*
 
:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"InboxToolbar"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c66a678d-5e6c-4af9-8f57-c6192f42cf74}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}]
:Commands
[purity]
[EmptyTemp]
[start explorer]

[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.

    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Repair Windows Firewall
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Proxy Settings
      • Repair Windows Updates
      • Set Windows Services To Default Startup
    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 25, 2013
    #3
  4. dlmcmurr

    dlmcmurr Private E-2

    Chaslang,

    Thanks for the reply last night.

    I had decided to remove radiohoops yesterday afternoon while I was waiting on a response. Just FYI, I had also removed McAfee.

    In response to your instructions, I was only able to select one of the four lines you asked for in the first step. Then I removed Java and Viewpoint and installed Java 7.17. OTM seemed to run okay.

    Windows Repair had some issues, though. I got frequent popups that Execute Processes Remotely had failed and needed to close. When it finished, I manually rebooted and ran it again just in case it had fixed the problem that was causing the failure. This time I counted about 28 instances of the Execute Processes Remotely failing.

    The firewall came on after rebooting, but I still have no IE or Chrome connectivity.

    Thanks,
    David
     

    Attached Files:

    dlmcmurr, Mar 26, 2013
    #4
  5. dlmcmurr

    dlmcmurr Private E-2

    There are other issues, but the most pressing is the lack of web browsing. I can ping my router, gateway, DNS servers and even google.com if I use 173.194.77.101. If I use that address as the URL in IE, then google.com opens. However, I can't do anything that requires a DNS lookup.

    There is currently no antivirus running and the Windows firewall is turned off.

    Thanks,
    David
     
    dlmcmurr, Mar 27, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Reboot your PC into Safe Boot mode and try running Windows Repair again. The reboot back into normal mode.

    How did Windows Repair run in safe mode?
    Also any change to your internet issues with DNS?
     
    chaslang, Mar 31, 2013
    #6
  7. dlmcmurr

    dlmcmurr Private E-2

    Chaslang,

    I tried running Windows Repair in safe mode. It didn't error, but didn't fix anything that I could tell. I ran chkdsk and found 20 bad blocks, then did SFC. Both of those were suggested in Windows Repair. Still no positive results.

    Fearing that even if we got the DNS working again and the icons where they would stay in their assigned places, there might still be other problems that would remain. That's when I decided to swap out the hard drive for a known good drive and reload from scratch. Last night I loaded XP SP1 and now have it fully patched and the data restored along with about half the applications.

    I thank you for your efforts, but either we weren't finding the right combination or the system was too far gone.

    Thanks for trying,
    David
     
    dlmcmurr, Mar 31, 2013
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Probably the later! There was likely significant damage from the malware that was making life difficult. Glad to hear you have it running now.

    It would be a good idea to see the below now.

    How to Protect yourself from malware!
     
    chaslang, Apr 3, 2013
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds