Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got a white screen with in the top left corner "Please connect to the internet"


  • This topic is locked This topic is locked
5 replies to this topic

#1 lucabigon

lucabigon

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 31 January 2014 - 04:36 AM

I can only access Safe mode with command prompt.

 

This is my DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL
Internet Explorer: 8.0.6001.18702
Run by Administrator at 10:10:57 on 2014-01-31
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1014.788 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eeepc.asus.com/global
mWinlogon: Shell = Explorer.exe, "c:\documents and settings\xp\impostazioni locali\dati applicazioni\kb8311777\KB8311777.exe"
BHO: Supporto di collegamento per Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\programmi\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\programmi\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\programmi\microsoft office\office12\GrooveShellExtensions.dll
BHO: Guida per l'accesso a Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programmi\file comuni\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\programmi\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\programmi\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Eee Docking] c:\programmi\asus\eee docking\Eee Docking.exe
mRun: [SynTPEnh] c:\programmi\synaptics\syntp\SynTPEnh.exe
mRun: [AsusACPIServer] c:\programmi\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\programmi\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\programmi\eeepc\acpi\AsTray.exe
mRun: [Parental Control] "c:\programmi\parental control\bin\pcontrol.exe" --start
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\programmi\microsoft office\office12\GrooveMonitor.exe"
mRun: [ETDCtrl] c:\programmi\elantech\ETDCtrl.exe
mRun: [SynAsusAcpi] c:\programmi\synaptics\syntp\SynAsusAcpi.exe
mRun: [AVG_UI] "c:\programmi\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [ModemListener] c:\programmi\hspa usb modem\ModemListener.exe start
mRun: [KB8311777] "c:\documents and settings\xp\impostazioni locali\dati applicazioni\kb8311777\KB8311777.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [KB8311777] "c:\documents and settings\xp\impostazioni locali\dati applicazioni\kb8311777\KB8311777.exe"
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\superh~1.lnk - c:\programmi\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: DisableTaskMgr = dword:1
uPolicies-System: DisableRegistryTools = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\programmi\widcomm\bluetooth software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\programmi\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmi\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\programmi\microsoft office\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programmi\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programmi\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\programmi\aibelive\voice command\skype4com.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\programmi\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-21 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 39224]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\run\a2ddax86.sys [2014-1-30 22056]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-9-13 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 171320]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 182072]
S1 policyappblockservice;Parental Control Application Filter;\??\c:\programmi\parental control\bin\policyappblock.sys --> c:\programmi\parental control\bin\policyappblock.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\programmi\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
S2 avgwd;AVG WatchDog;c:\programmi\avg\avg2013\avgwdsvc.exe [2013-11-20 283136]
S2 DeviceManager;DeviceManager;c:\programmi\file comuni\devicehelper\devicemanager.exe -start --> c:\programmi\file comuni\devicehelper\DeviceManager.exe -start [?]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-12 55152]
S2 privoxy;privoxy;c:\programmi\privoxy\privoxy.exe --service --> c:\programmi\privoxy\privoxy.exe --service [?]
S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\programmi\srs labs\srs premium sound\SRS_VolSync.exe [2009-4-22 107744]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-12 1684736]
S3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2014-1-30 50200]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-12-28 119592]
S3 fsssvc;Windows Live Family Safety;c:\programmi\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [2013-12-18 107904]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-4-9 38912]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2013-5-22 103552]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-5-12 232872]
S3 u9usbser;MYWAVEU9 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\u9usbser.sys [2011-12-19 99456]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-4-2 39040]
.
=============== Created Last 30 ================
.
2014-01-30 14:29:44    --------    d-----w-    C:\FRST
2014-01-30 13:50:52    --------    d-----w-    C:\EEK
2014-01-30 12:00:40    --------    d-sh--w-    c:\documents and settings\administrator.your-agtg9o476m\IETldCache
2014-01-30 11:44:11    20040    ----a-w-    c:\documents and settings\administrator.your-agtg9o476m\dati applicazioni\microsoft\identitycrl\production\ppcrlconfig.dll
2014-01-30 11:44:09    --------    d--h--w-    c:\documents and settings\administrator.your-agtg9o476m\Modelli
2014-01-30 11:44:09    --------    d--h--w-    c:\documents and settings\administrator.your-agtg9o476m\Impostazioni locali
2014-01-30 11:44:09    --------    d--h--r-    c:\documents and settings\administrator.your-agtg9o476m\Dati applicazioni
2014-01-30 11:44:09    --------    d-----w-    c:\documents and settings\administrator.your-agtg9o476m\impostazioni locali\dati applicazioni\SRS Labs
2014-01-30 11:44:09    --------    d-----w-    c:\documents and settings\administrator.your-agtg9o476m\impostazioni locali\dati applicazioni\Microsoft
2014-01-30 11:44:09    --------    d-----w-    c:\documents and settings\administrator.your-agtg9o476m\impostazioni locali\dati applicazioni\Adobe
2014-01-30 11:44:08    --------    d-----r-    c:\documents and settings\administrator.your-agtg9o476m\Preferiti
2014-01-24 12:30:14    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2014-01-24 12:30:14    --------    d-----w-    c:\windows\system32\wbem\Repository
.

Attached Files



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:04 PM

Posted 02 February 2014 - 07:10 AM

Greetings and   :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know. I am in training and an instructor will need to check my fixes so a little delay may happen at times.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now    :thumbup2:

 

--------------

 

Hi lucabigon,

 

I will be handling your log to help you get cleaned up. Please give me some time to look it over, and I will get back to you as soon as possible. 

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:04 PM

Posted 04 February 2014 - 10:55 AM

Hi lucabigon,

 

You will need a clean computer for this step and a CD/USB for these steps.

 

Please download Farbar Recovery Scan Tool and save it to your USB/CD plugged into your clean computer.

Note: You need to download the version compatible with your system. Please make sure to download and run the 32 bit version.

  • On the infected machine, enter safe mode with command prompt like you did before, plug in the USB/CD and navigate to the USB/CD.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Save the log to your USB/CD and plug it into your clean computer.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 

--------------

 

To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


Edited by xXToffeeXx, 04 February 2014 - 10:55 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 lucabigon

lucabigon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 05 February 2014 - 03:56 AM

Problem solved. Thank you anyway. :bananas:



#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:04 PM

Posted 05 February 2014 - 02:49 PM

Hi lucabigon,

 

How did you solve the problem? I would be interested to know what steps you took specifically.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:04 PM

Posted 12 February 2014 - 01:42 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users