DNS changer

My gf is having issues with her internet. When you click on a link say from google, 50% of the time, you go to some random website. I believe this to be the work of a DNS changer. I checked that TDSSserv.sys did not exist and it does not. However, when following your "READ & RUN ME FIRST. Malware Removal Guide" i came across several issues.

1) Superantispyware will not install. Before stumbling across this forum, i managed to get it to instal by changing the name of the install file and the exe file. Towards the end of the scan, the computer would lock up. To follow the guide, i unistalled it and then tried again and it would not instal still. I decided to leave it that way as the guide instructed.

2) Malware bytes will install but does nothing when you try to run it. Nothing pops up saying it is running and nothing comes up in the task manager. Again, by changing the name of the exe will allow it to run however it does run all the way through. Nothing comes up on that scan. Again, i unistalled it before following the guide.

3)running rootrepeal i got an error "could not read the boot sector. Try adjusting the disk access level in the options dialog". after closing this box several times (20-30) the scanner was startable. However, it crashed and gave a bunch of crash logs. I have attached those.

MSG tools was the only program to run without errors.

I appreciate any help in resolving this bug.

 

and the file that was spat out after mgtools ran

 

UAC was disabled and then the system rebooted.

Avast and Windows Defender was shut down.

Combofix installed but it gets an error message saying "ComboFix.exe has stopped working..." and will not run. It does nothing in Safe mode.

I tried running malware bytes and installing superantispyware in safe mode, but i encountered the same issues as before.

Here is the mglogs.zip file that you wanted. Thats my fault for assuming the text log that was spat out was what you were looking for. I should have read a bit more.

Hope this helps...

 

Here is another scan. It had completed last time also. So hopefully this time it gives you what you need. This time i made sure to run it as admin. I dont remember if i did or not last time.

 

I tried flushing the DNS and it said it was successful however the problem persisted. The laptop is not connected to any router and has been moved to several different jacks, in different buildings and different parts of the city yet the problem still exists. Tried plugging my computer into the same jack but i did experience any of the symptoms.

Any suggestions on where to turn next?

 

The problem does occur in both Internet explorer and firefox.

Looked in safe mode and i cant connect to the internet at all. I cant even get into the network and sharing center. If i double click the icon it registers that i selected it but does not come up.

Runnin Radix did not work as it is a vista machine and apparently Radix doesnt work on Vista. It gives a little box saying "Your windows version is currently not supported..." and then asks for a donation via paypal.

I am running the eset scan now but it seems to be stuck at 31%. the time ticker is still going. Not sure how long this scan is supposed to take. I disabled the antivirus and everything to do with it. Left the firewall up. Ill update when its done or in a couple hours if the scan hasnt gone anywhere

 

you are correct. should proof read my stuff to make sure it actually makes sense. The default webpage and search was www.lge.com. It came preloaded this way. It is the LG site. (www.lge.com/gateway/index.html is what comes up as her home page) The Laptop is an LG model so i figured it was just factory default.

Firefox addons:

EXTENSIONS
Microsoft .Net Franwork Assistant 1.0
Skype extension for firfox 3.3.0.3290

THEMES
Default 3.5.2

PLUGINS
Adobe Acrobat 9.0.163
BitTorrent 1.0.0.1
DNA Plug-in 1.0.0.1
iTunes Application Detector 1.0.1.1
Java Deployment Toolkit 6.0.140.8 6.0.140.8
Java(TM) Platform SE 6 U14 6.0.140.8
Mozilla Default Plug-in 1.0.0.15
QuickTime Plig-in 7.6.2 7.6.2.0
Showave Flash 10.0.22.87
Windows Presentation Foundation 3.5.30729.1

Internet Explorer addons

TOOLBARS AND EXTENSIONS
Adobe PDF Link Helper 9.1.0.163
Windows Live Sign-in Helper 5.0.818.5
Research 12.0.6423.0 -->publisher is Microsoft
Corporation
Research --> publisher is "not availible"
Discuss v6.0.6001.18 --> publisher is "not availible"
Java(TM) Plug-in 2 SSV Helper 6.0.140.8

SEARCH PROVIDERS
Google
Live Search

ACCELERATORS
Blog with Windows Live
Email with Windows Live
Map with Live Search
Translate with Live Search

InPrivate Filtering
no add ons in this category

Have not tried disabling any of the addons. Never though to look there to be honest.

If i insert "Superanti spyware" as the search in google, here are a couple sites that pop up instead of the super antispyware site when clicking on the link to the site:
www.tazinga.com
http://125skooble.com (which loads http://smartbizsearch.com)
and a bunch of other ones.

The Eset scan eventually locked up the computer after 5hours 13 mins.

Restarted the computer after uninstalling malwarebytes. Superantispyware was not installed. However, upon trying to reinstal them, i got the same results. Malware bytes installed but would not run and superantispyware would not instal.

Ran the MGTools with the two windows open and here is the log.