Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet After Running Combofix for Rootkit infection of TCPIP


  • This topic is locked This topic is locked
6 replies to this topic

#1 chrismgraham

chrismgraham

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 26 November 2011 - 02:01 AM

Hey everyone..hope I can get some help on this ASAP, as my wife depends on her PC/Internet for her job..that said, I'll get right to the pertinent info:

I ran COMBOFIX, as I found it to be the best option to fix the "Ping.EXE" virus that had infected her desktop PC (Windows XP Home), it found a "Rootkit infection" right off the bat and told me to run Combofix again if I didn't establish an internet connection after it did it's job, and after at least 1 reboot.. I ran it again, and still no luck.

I didn't want to touch anything further, due to the nature of the program/Virus...figured I'd leave it up to the team here, this time. Hope I can get some quick help from the pro's here with my log reports, which are attached below. Thanks in advance.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:31 AM

Posted 26 November 2011 - 11:14 AM

Hello chrismgraham,

Welcome to Bleeping Computer.

What is the point of attaching the same log twice? Or you want to post logs of the both runs.:)

Please make sure you are (preferably wired) connected to the network when running the tools.

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List installed programs.
    • List Users, Partitions and Memory size.
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
  • Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check "Include All Files" option.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


#3 chrismgraham

chrismgraham
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 26 November 2011 - 04:24 PM

Yes, I just wanted to show the logs from both runs to give as much info as possible, and didn't know if they differed.

Thanks for the prompt response, and I will be doing those scans you instructed as soon as I get home, then will post results here. I apologize for posting in the wrong forum, it was late and I was a hurry.

Edited by chrismgraham, 26 November 2011 - 04:26 PM.


#4 chrismgraham

chrismgraham
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 26 November 2011 - 11:22 PM

I've attached the result logs of both scans below.

Also, I received a "Trojan horse Agent_r.ATS" pop-up from AVG upon completion of the "FSS" scan. I'm assuming this is normal, as AVG thinks it's a threat that we're trying to reproduce? Did seem a little odd that it came up as a Trojan, though. Figured I'd mention it to be sure..

Farbar Service Scanner
Ran by Amanda (administrator) on 26-11-2011 at 23:10:19
Microsoft Windows XP Service Pack 3 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2008-04-14 07:00] - [2011-08-17 08:49] - 0138496 ____A () 9B00527FDE82CE1BC281BDF46E8DF2DC

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Attempt to Google returned error: Google IP is unreachable
Attempt to yahoo returend error: Yahoo IP is unreachable

**** End of log ****


MiniToolBox by Farbar
Ran by Amanda (administrator) on 26-11-2011 at 23:06:44
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Network Connect Adapter"

set address name="Network Connect Adapter" source=dhcp
set dns name="Network Connect Adapter" source=dhcp register=PRIMARY
set wins name="Network Connect Adapter" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Amanda

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 00-1C-C0-B6-40-D7

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.71.175

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :



Ethernet adapter Network Connect Adapter:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter

Physical Address. . . . . . . . . : 00-FF-88-04-67-8A

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c c0 b6 40 d7 ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 ff 88 04 67 8a ...... Juniper Network Connect Virtual Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.71.175 169.254.71.175 20
169.254.71.175 255.255.255.255 127.0.0.1 127.0.0.1 20
169.254.255.255 255.255.255.255 169.254.71.175 169.254.71.175 20
224.0.0.0 240.0.0.0 169.254.71.175 169.254.71.175 20
255.255.255.255 255.255.255.255 169.254.71.175 169.254.71.175 1
255.255.255.255 255.255.255.255 169.254.71.175 3 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/26/2011 10:30:48 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (11/26/2011 00:54:48 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (11/26/2011 00:42:48 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (11/26/2011 00:29:07 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (11/26/2011 00:27:24 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (11/26/2011 00:27:24 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (11/26/2011 00:27:24 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (11/26/2011 00:27:24 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (11/26/2011 00:27:24 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (11/26/2011 00:27:23 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (11/26/2011 10:34:20 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (11/26/2011 10:33:50 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (11/26/2011 10:33:50 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (11/26/2011 10:33:20 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (11/26/2011 10:33:17 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (11/26/2011 10:32:48 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (11/26/2011 10:32:29 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (11/26/2011 10:31:59 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

Error: (11/26/2011 10:31:59 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (11/26/2011 10:31:29 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).


Microsoft Office Sessions:
=========================
Error: (11/26/2011 10:30:48 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (11/26/2011 00:54:48 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (11/26/2011 00:42:48 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (11/26/2011 00:29:07 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (11/26/2011 00:27:24 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (11/26/2011 00:27:24 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (11/26/2011 00:27:24 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (11/26/2011 00:27:24 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (11/26/2011 00:27:24 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (11/26/2011 00:27:23 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


=========================== Installed Programs ============================

µTorrent (Version: 2.2.0)
Acrobat.com (Version: 1.7.186)
Adobe AIR (Version: 2.5.1.17730)
Adobe Digital Editions
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.4.6 (Version: 9.4.6)
AVG 2012 (Version: 12.0.1872)
AVG 2012 (Version: 12.0.2101)
AVG 2012 (Version: 2012.0.1872)
Bonjour (Version: 2.0.3.0)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
DAEMON Tools Lite (Version: 4.41.3.0173)
DivX Plus Web Player (Version: 2.0.0)
Download Updater (AOL LLC)
FlashFXP v3 (Version: 3.6.0.1240)
Google Talk (remove only)
Google Update Helper (Version: 1.3.21.79)
GTK+ Runtime 2.14.7 rev a (remove only)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
Juniper Networks Network Connect 6.5.0 (Version: 6.5.0.15255)
Juniper Networks Setup Client Activex Control (Version: 2.1.1.1)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office Access Runtime (English) 2007 (Version: 12.0.6237.1003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60310.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MOSS v2.0 (Version: 2.0.0)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
PeerGuardian 2.0 (Version: 2.0.6.5)
Pidgin (Version: 2.6.4)
QuickTime (Version: 7.68.75.0)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.11.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.6316)
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Seesmic Desktop (Version: 0.8)
Skype™ 5.3 (Version: 5.3.120)
Solitaire
System Requirements Lab CYRI (Version: 4.3.1.0)
U.S. Robotics V.92 Voice Host Int
VC 9.0 Runtime (Version: 1.0.0)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
WebEx Support Manager for Internet Explorer (Version: 6.5.4917)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.61 )
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Management Framework Core
Windows Search 4.0 (Version: 04.00.6001.503)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 2035.77 MB
Available physical RAM: 1577.7 MB
Total Pagefile: 3394.17 MB
Available Pagefile: 2940 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.83 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:298.08 GB) (Free:147.99 GB) NTFS

========================= Users: ========================================

User accounts for \\AMANDA

Administrator Amanda ASPNET
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****

Attached Files


Edited by farbar, 27 November 2011 - 05:33 AM.


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:31 AM

Posted 27 November 2011 - 05:44 AM

Well done.

Also, I received a "Trojan horse Agent_r.ATS" pop-up from AVG upon completion of the "FSS" scan. I'm assuming this is normal, as AVG thinks it's a threat that we're trying to reproduce? Did seem a little odd that it came up as a Trojan, though. Figured I'd mention it to be sure..

This is normal but AVG is right about the warning. When FSS scanned the files associated with internet, one of them (afd.sys) was a patched (infected) file.

We are going to replace the patched file with a good copy and that will restore internet connection.

  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.
  • In case TDSSKiller didn't find the infection (afd.sys) and the internet connection was not restored please run Farbar Service Scanner.
    Type the following in the edit box after "Search:".

    afd.sys

    Click Search Files button and post the log (FSS.txt) it makes to your reply.

Edited by farbar, 02 December 2011 - 03:33 PM.


#6 chrismgraham

chrismgraham
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 27 November 2011 - 10:25 PM

That did the trick!

Much thanks for the help..i think it's all set to go now, but I'll be back if additional problems arise.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:31 AM

Posted 28 November 2011 - 01:55 AM

You are most welcome. :)

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you. If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users