Scanning broke the internet

Nope! Nothing was in your Malwarebytes log.

Again nothing was found by Malwarebytes. At least not in the log you attached. Did you attach the wrong log? Like not the first log?


Now download LSP - Fix

Run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the 4t3g8p.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move 4t3g8p.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.
If it is already in the Remove section, just click Finish.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&t...id=WDCXWD2500AAKX-001CA0_WD-WMAYUC15864558645
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1405789947&from=tugs&uid=WDCXWD2500AAKX-001CA0_WD-WMAYUC15864558645&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groovorio.com/?f=1&a=grv_tut...G0AyEtAtB0CyCtDtAyCtDyDzy2Q&cr=1525667955&ir=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1405789947&from=tugs&uid=WDCXWD2500AAKX-001CA0_WD-WMAYUC15864558645&q={searchTerms}
R3 - URLSearchHook: (no name) - {b287e6b2-868b-4ac1-acce-c69eb5fd29d1} - (no file)
O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\RunOnce: [upfst_us_163.exe] C:\Users\Brenda\AppData\Local\fst_us_163\upfst_us_163.exe -runonce
O4 - HKCU\..\RunOnce: [Groovorio] wscript /E:vbscript /B "C:\Users\Brenda\AppData\Roaming\Groovorio\UpdateProc\bkup.dat"
O4 - Startup: Desktop Temperature Monitor.lnk = Brenda\AppData\Local\DesktopTemperature\DesktopTemperature.exe
O4 - Startup: StormWatchApp.lnk = Brenda\AppData\Local\StormWatch\StormWatchApp.exe


After clicking Fix, exit HJT.


Now uninstall the below programs. If you do not find them or they will not uninstall, just keep going.
Groovorio
InboxAce Internet Explorer Toolbar
istart123 uninstall
Java(TM) 6 Update 35
MapsGalaxy Internet Explorer Toolbar
MyPC Backup
ShopAtHome.com Helper


Now install the current version of Sun Java from:

• Go here for 64 bit OS = Sun Java 64 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.
• Go here for 32 bit OS = Sun Java 32 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.

Make sure that when you install the new version of Java that you uncheck the Install the Ask Toolbar junkware checkbox. Also if it asks if you want to install McAfee Security Scan Plus that you uncheck this too. You do not need to add these unncessary items and to your PC. Also just in case Oracle changes the Java installation in the future to possibly install other junk, uncheck all but just installing Java.


Please download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe

:Services
globalUpdatem


:Files
C:\Program Files\MyPC Backup
C:\Program Files\globalUpdate
C:\Users\Brenda\AppData\Local\DesktopTemperature
C:\Users\Brenda\AppData\Local\StormWatch
C:\Users\Brenda\AppData\Local\fst_us_163
C:\Users\Brenda\AppData\Local\dsisetup12476492.exe
C:\Users\Brenda\AppData\Local\System_Alerts_LLC
C:\Users\Brenda\AppData\Roaming\Advanced Cleaner Pro
C:\Users\Brenda\AppData\Roaming\Aqyverm
C:\Users\Brenda\AppData\Roaming\Groovorio
C:\Users\Brenda\AppData\Roaming\Systweak
C:\Program Files\Advanced System Protector
C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Temperature
C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Temperature Monitor.lnk
C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
C:\Windows\System32\config\systemprofile\AppData\Local\{07858a76-88be-ebca-1dc2-ce203d0b4583}\L
C:\Windows\System32\config\systemprofile\AppData\Local\{07858a76-88be-ebca-1dc2-ce203d0b4583}\U
C:\Windows\System32\config\systemprofile\AppData\Local\{07858a76-88be-ebca-1dc2-ce203d0b4583}
C:\Users\Brenda\AppData\Roaming\Aqyverm
C:\Users\Brenda\AppData\Local\Smartbar
C:\Windows\Tasks\Groovorio.job
c:\progra~1\searchprotect
C:\ProgramData\donutleads
C:\ProgramData\tempimage.bmp
C:\Program Files\Groovorio
C:\Program Files\Super Optimizer
C:\Windows\Temp\*.*
C:\Users\Brenda\AppData\Local\Temp\*.*

:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BackupStack]
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdatem]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BackupStack]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdatem]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BackupStack]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdatem]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Groovorio"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnce]
"upfst_us_163.exe"=-
[HKEY_USERS\S-1-5-21-1225364096-560847764-1285444607-1001\Software\Microsoft\Windows\CurrentVersion\run]
"CCleaner Monitoring"=-
[HKEY_USERS\S-1-5-21-1225364096-560847764-1285444607-1001\Software\Microsoft\Windows\CurrentVersion\runonce]
"Groovorio"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BackupStack]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Brenda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Infrastructure Helper]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccleaner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Imyzyhpoqu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Speed Tracker EPM Support]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{114DB5FA-0AFB-BB92-A75B-F44D3CE875CD}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the C:\_OTM\MovedFiles log
• the JRT.TXT log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Looks like an issue getting an IP address from your router. You logs show that your network card is in a disconnected state and no IP is assigned due to this.

Code:

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Connection
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Is this the only PC connected on the network? If no PCs work on this router then try resetting your router to factory defaults.

Otherwise you may have to reinstall the drivers for your network interface card. However let's give the below a run first.


Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.


Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Repair MSI (Windows Installer)
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished. If it does not then reboot it yourself.

 

Yes that is what my last message was indicating. You have a hardware/software/driver issue not a malware issue. You need to reinstall drivers ( post in the Software Forum ) or you could try using a System Restore point from before the problem began which may or may not help.

 

Yes that is what my last message was indicating. You have a hardware/software/driver issue not a malware issue. You need to reinstall drivers ( post in the Software Forum ) or you could try using a System Restore point from before the problem began which may or may not help. But after doing a restore, you will most likely be restoring some malware/junkware that we will have to remove again.

I have to repeat something too. The cleaning process did not break the internet connection. You first logs showed that nothing was fixed/removed by the cleaning process.

 

Looks to be a coincedence. Possibly due to an old infection. I saw remnants of a Zero Access infection that was not fully removed but even this does not break the network card drivers. It could impact network access but not like how yours currently it.

If driver reinstall does not help, try the an older restore point. There are several from the day you came here and then a few back in December and earlier.

 

Are you sure that your ethernet cable is good?

Do the LEDs light up on both the PC and the router/switch port where the PC is connected to?

Try a different cable and a different port on the switch too.

 

Any luck? If the first restore point you try does not work, try another.

 

Where did you get the drivers installation file from? I not from the PC manufacturer then you need to get it from them.

Based on you initital logs something is seriously wrong with this Windows Installation. There are way too few services running per you logs and also process missing. Since nothing was removed by the cleaning process in this area, I have to assume that some large amount of tweaking was being performed and Windows was broken. There is no way you should only have the below listed in HijackThis

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

You should have at least 5 times this and quite a few that are not running could be impacting network capabilities. I was hoping that running the Windows Repair tool a few messages ago would help with some of this. Did it really run properly and did you select all the options specified? Let's try running it again with some additional options.

Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.


Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair Windows Firewall
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Set Windows Services To Default Startup
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished. If it does not then reboot it yourself.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

 

See my last message. I have been adding to it. Give that fix a try. Make sure that the Windows Repair tool runs properly all the way through to completion.

 

Well that fixed a few of the Windows services but not necessarily all of them.

Please do the below so that we can boot to System Recovery Options to run a scan.

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)

 

Download this >> View attachment fixlist.txt


Save fixlist.txt to your flash drive.

• You should now have both fixlist.txt and FRST.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now boot into normal Windows and continue with the below.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• Fixlog.txt
• C:\MGlogs.zip

 

Okay we have done all we can here in the malware forum. Your problems are due to Windows itself being corrupted. Still many services are not running properly. Manually fixing this could be difficult. You may want to post in the Software Forum about doing a repair install. See the below links for info on this:

http://www.pcworld.com/article/243190/how_to_repair_a_corrupt_windows_7_installation.html

http://www.sevenforums.com/tutorials/3413-repair-install.html

 

You're welcome. I suggest that you back up important data before going any further just to be on the safe side.