I am working on a friend’s laptop. I connect to internet and the system lags out completely and unusable.
I pull HDD and connect to my SATA yo USB 3.0 cable and scan it from another computer using Avast Free edition. It finds a bunch of stuff. Mostly java stuff. Files ending is JS anyway. I didn’t think to save the logs.
I then place the HDD back into the laptop and zero Internet. No wi-fi, Ethernet, nor my wireless USB devicework.
I downloaded MBAM and FRST64 to a usb and copy it to the laptop.
Malwarebyte wouldn’t install without internet. Here’s the log for FRST64.
Thank you for any help.
Open Notepad (click Start button → type notepad.exe → press Enter )
Copy text from code block below and paste it into Notepad
() C:\Windows\runSW.exe
GroupPolicy: Restriction ? <==== ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13081
BHO: The weDownload Manager -> {11111111-1111-1111-1111-110411901174} -> C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll => No File
BHO-x32: The weDownload Manager -> {11111111-1111-1111-1111-110411901174} -> C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho.dll [2014-01-21] (weDownload)
R2 RunSwUSB; C:\Windows\runSW.exe [44104 2015-11-24] ()
S4 Update BetterBrowse; "C:\Program Files (x86)\BetterBrowse\updateBetterBrowse.exe" [X]
S4 Util BetterBrowse; "C:\Program Files (x86)\BetterBrowse\bin\utilBetterBrowse.exe" [X]
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {2C8BEB32-FD0B-4A11-AAA1-E032EBDF83DA} - System32\Tasks\The weDownload Manager-chromeinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe <==== ATTENTION
Task: {8EAC4042-9490-40BB-96A2-FC0156C6FE02} - System32\Tasks\The weDownload Manager-updater => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-updater.exe <==== ATTENTION
Task: {991D4F69-3571-4396-B0C3-5F4183A35CD1} - System32\Tasks\The weDownload Manager-firefoxinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe <==== ATTENTION
Task: {FF070BB2-AA37-4546-92E3-8B94A25105F1} - System32\Tasks\The weDownload Manager-codedownloader => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\The weDownload Manager-chromeinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exeΧ/installcrx /agentregpath='The weDownload Manager' /extensionfilepath C:\Program Files (x86)\The weDownload Manager\49074.crx' /appid=49074 /srcid='000898' /subid='verticals-intext,ads,pops' /zdata='0' /bic=CAA2AA38597843229686986B65E05BC3IE /verifier=44f3f4bd8056fbd95238c4a09cd1001a /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1390357476 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=ecoccdldklbjglocbgbfpmpehjegkode /extensionversion=1.26.21 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeB32QerBWwQuAdWz35zoWHcKmk69PyqxH+2Z8G33K0FoUlQCUr9bkCNuykwuTq7qZNxLIpeR/MkZeuqIfxBkFrMv1s2SOAN2P4eVJau3aYZ+38jQDbOaMk8ntExcC2x9AtR/f6qaLTB/nh6JtxK8IfJIKGVlbue25Ant1PVy/ZwIDAQAB /defbro=ie /allusers /allprofiles /crxlisturl=hxxp:/42766583.r.cdn77.net/alt/490/49074.jso <==== ATTENTION
Task: C:\windows\Tasks\The weDownload Manager-codedownloader.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exeǼ/reinstallapp /runfrom=task /agentregpath='The weDownload Manager' /appid=49074 /srcid='000898' /subid='verticals-intext,ads,pops' /zdata='0' /bic=CAA2AA38597843229686986B65E05BC3IE /verifier=44f3f4bd8056fbd95238c4a09cd1001a /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1390357476 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /codedownloaddomain=hxxp:/app-static.crossrider.com <==== ATTENTION
Task: C:\windows\Tasks\The weDownload Manager-firefoxinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exeϣ/installxpi /agentregpath='The weDownload Manager' /extensionfilepath C:\Program Files (x86)\The weDownload Manager\49074.xpi' /appid=49074 /srcid='000898' /subid='verticals-intext,ads,pops' /zdata='0' /bic=CAA2AA38597843229686986B65E05BC3IE /verifier=44f3f4bd8056fbd95238c4a09cd1001a /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1390357476 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com /extensionversion=0.93 /prefsbranch=ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074 /updateurl=hxxps:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/49074.rdf <==== ATTENTION
Task: C:\windows\Tasks\The weDownload Manager-updater.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-updater.exe <==== ATTENTION
C:\windows\mod_frst.exe
VirusTotal: C:\Windows\runSW.exe;
C:\Windows\runSW.exe
C:\Program Files (x86)\BetterBrowse
C:\Users\Owner\AppData\LocalLow\The weDownload Manager
C:\windows\mod_frst.exe
Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
Open Notepad (click Start button → type notepad.exe → press Enter )
Copy text from code block below and paste it into Notepad
() C:\Windows\runSW.exe
GroupPolicy: Restriction ? <==== ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13081
BHO: The weDownload Manager -> {11111111-1111-1111-1111-110411901174} -> C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll => No File
BHO-x32: The weDownload Manager -> {11111111-1111-1111-1111-110411901174} -> C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho.dll [2014-01-21] (weDownload)
R2 RunSwUSB; C:\Windows\runSW.exe [44104 2015-11-24] ()
S4 Update BetterBrowse; "C:\Program Files (x86)\BetterBrowse\updateBetterBrowse.exe" [X]
S4 Util BetterBrowse; "C:\Program Files (x86)\BetterBrowse\bin\utilBetterBrowse.exe" [X]
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {2C8BEB32-FD0B-4A11-AAA1-E032EBDF83DA} - System32\Tasks\The weDownload Manager-chromeinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe <==== ATTENTION
Task: {8EAC4042-9490-40BB-96A2-FC0156C6FE02} - System32\Tasks\The weDownload Manager-updater => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-updater.exe <==== ATTENTION
Task: {991D4F69-3571-4396-B0C3-5F4183A35CD1} - System32\Tasks\The weDownload Manager-firefoxinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe <==== ATTENTION
Task: {FF070BB2-AA37-4546-92E3-8B94A25105F1} - System32\Tasks\The weDownload Manager-codedownloader => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\The weDownload Manager-chromeinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exeΧ/installcrx /agentregpath='The weDownload Manager' /extensionfilepath C:\Program Files (x86)\The weDownload Manager\49074.crx' /appid=49074 /srcid='000898' /subid='verticals-intext,ads,pops' /zdata='0' /bic=CAA2AA38597843229686986B65E05BC3IE /verifier=44f3f4bd8056fbd95238c4a09cd1001a /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1390357476 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=ecoccdldklbjglocbgbfpmpehjegkode /extensionversion=1.26.21 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeB32QerBWwQuAdWz35zoWHcKmk69PyqxH+2Z8G33K0FoUlQCUr9bkCNuykwuTq7qZNxLIpeR/MkZeuqIfxBkFrMv1s2SOAN2P4eVJau3aYZ+38jQDbOaMk8ntExcC2x9AtR/f6qaLTB/nh6JtxK8IfJIKGVlbue25Ant1PVy/ZwIDAQAB /defbro=ie /allusers /allprofiles /crxlisturl=hxxp:/42766583.r.cdn77.net/alt/490/49074.jso <==== ATTENTION
Task: C:\windows\Tasks\The weDownload Manager-codedownloader.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exeǼ/reinstallapp /runfrom=task /agentregpath='The weDownload Manager' /appid=49074 /srcid='000898' /subid='verticals-intext,ads,pops' /zdata='0' /bic=CAA2AA38597843229686986B65E05BC3IE /verifier=44f3f4bd8056fbd95238c4a09cd1001a /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1390357476 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /codedownloaddomain=hxxp:/app-static.crossrider.com <==== ATTENTION
Task: C:\windows\Tasks\The weDownload Manager-firefoxinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exeϣ/installxpi /agentregpath='The weDownload Manager' /extensionfilepath C:\Program Files (x86)\The weDownload Manager\49074.xpi' /appid=49074 /srcid='000898' /subid='verticals-intext,ads,pops' /zdata='0' /bic=CAA2AA38597843229686986B65E05BC3IE /verifier=44f3f4bd8056fbd95238c4a09cd1001a /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1390357476 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com /extensionversion=0.93 /prefsbranch=ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074 /updateurl=hxxps:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/49074.rdf <==== ATTENTION
Task: C:\windows\Tasks\The weDownload Manager-updater.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-updater.exe <==== ATTENTION
C:\windows\mod_frst.exe
VirusTotal: C:\Windows\runSW.exe;
C:\Windows\runSW.exe
C:\Program Files (x86)\BetterBrowse
C:\Users\Owner\AppData\LocalLow\The weDownload Manager
C:\windows\mod_frst.exe
Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
Thank you very much for your help.
Here’s the long file you requested.
What is system status now?
Still no internet. Troubleshooter still errors and won’t start. (Windows Network Diagnostics)
error message in Chome:
DNS_PROBE_FINISHED_NO_INTERNET
Please post new FRST.txt and Addition.txt logs.
Doh, I forgot to include it in my last post as I figurerd you’d probably need it.
Anyway, here it is.
Doh! How did I miss that?
Here it is.
Open Notepad (click Start button → type notepad.exe → press Enter )
Copy text from code block below and paste it into Notepad
Tcpip\..\Interfaces\{35748A48-7B66-4598-87E0-A58B4C8B5578}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{3BDE4237-6F84-48D1-9DAE-6CB80F37B3FC}: [DhcpNameServer] 192.168.0.1 205.171.3.65
Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
Do you now have Internet connection?
No, not all.
EDIT
I added my two log files again.
I was bored and Googled some stuff the other day, and found this tool, Farbar SeviceScanner (FSS) and it seems all of my internet services are off. I turned them on one time and it still says off, like it’s not installed on my hard drive at all.
I don’t know if it is of any help. But I thought it was interesting what was all off/missing
Thanks again for all of your help. It is very much appreciated…
Please download and run this tool to repair ceonnection problem you have.
https://www.rizonesoft.com/downloads/complete-internet-repair/
Hmm, I’m not sure what to do.
The thing says is red, “Remember! Never fix something that is not broken, you could break stuff.”
It also says at the bottom, make a system restore point, which is also removed and not possible to do.
System restore says something like, Shadow Volume Copy service is not working.
This virus seemed to remove a lot of the major parts of windows.
Okay, everything is working fine now. I have no idea what I did, but it is working 100%.
The last thing I did was create a win7 rescue DVD and it allowed me to use system restore files that were locked somehow before and didn’t list any.
I choose the oldest one (January 2016), and it failed. It aid it was too old or corrupt and aborted. When I restarted and went to safe mode to see if it would work there with no drivers or anything, and nothing still.
I then rebooted to normal mode and when I got to the desktop I got a Toshiba pop-up menu and Windows Defender upfate notification and the internet access logo appeared.
I tested it, and everything seems fine. I installed the latest Java as the old 6.29 is know to have vulnerabilities, I rebooted and it is still fine.
Running windows update and hopefully it will be fine.
Anyway, I just anted to let you know it’s working, and to again, thank you for all of your time and help.