Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

text enhance - links created for text enhance


  • This topic is locked This topic is locked
16 replies to this topic

#1 hattricknz

hattricknz

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 31 August 2012 - 05:51 PM

Hi there

following on from instructions here http://www.bleepingcomputer.com/forums/topic34773.html.

Appreciate any help here. Attached are my 2 logs. DDS.txt and attach.txt. I do not have a GMER log here as my machine is a 64bit machine.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 03 September 2012 - 09:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

After the log is generated delete the items found.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the logs for my review and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 09 September 2012 - 08:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 10 September 2012 - 08:23 AM

Topic was re opened.


Are you able to restore your computer to this date?

RP90: 17/08/2012 8:16:13 p.m. - Windows Update
How to:
http://pcsupport.about.com/od/fixtheproblem/ht/system-restore-windows-7.htm

p.s. if you have a restore point created by Combofix use it this will reset the computer to the state prior to running ComboFix.

Post a fresh DDS log and let me know if your internet has been re established.

#5 hattricknz

hattricknz
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 11 September 2012 - 02:36 AM

Hi Nasdaq

thanks for your help.

I tried the system restore after first running combofix but it did not work. The only retore point was the one combofix had created and when the PC came back on after restore it told me that it did not work because of posible conflict with AVG so I disabled AVG and attempted restore again. I got the same problem again. After that I tried to run combofix a couple of times and got the attached logs if that is off any use...

I am just after trying a system restore again and I got the same problem. So I ran a dds as requested and attached. My internet is still not fixed accessing over wireless or lan connection.I hope I have provided all the info required? Let me know what to try next?

Thanks

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 11 September 2012 - 07:15 AM

Lets concentrate in restoring your Internet.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
Click Go and copy/paste the log (Result.txt) into your next post.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#7 hattricknz

hattricknz
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 13 September 2012 - 04:14 AM

both logs attached. Thanks again

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 13 September 2012 - 07:14 AM

Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".

afd.sys <- file name.

Click Search Files button and post the log (FSS.txt) it makes to your reply.

#9 hattricknz

hattricknz
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 14 September 2012 - 12:08 AM

FSS log Attached after searching for afd.sys. Thanks again

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 14 September 2012 - 08:27 AM

Will replace the file with a good copy.


Open notepad and copy/paste the text in the quote box below into it:

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys | C:\Windows\System32\drivers\AFD.SYS

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Please let me know if your internet is now working.

#11 hattricknz

hattricknz
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 15 September 2012 - 04:06 AM

done that and it proceeded to run combo fix, saying that it was not up to
date and that it would be reduced functionality so i proceeded.
then it said AVG was running to disable able it before continuing, so i did. I also disabled ZA firewall, and below is my log. Thanks Again. Will come back to you on the net thing after restarting the laptop.

Attached Files



#12 hattricknz

hattricknz
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 15 September 2012 - 04:13 AM

Wayhey Internet is now working :thumbsup: . Thank you very much. How is my PC doing now? Do I need to do any more scans?? Thanks again nasdaq!!

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 15 September 2012 - 08:01 AM

Looking good.

Return to post no. 2 download and run these 2 programs.

Security Check

AdwCleaner

Post the logs for my review.

#14 hattricknz

hattricknz
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 15 September 2012 - 05:52 PM

done that and got the attached.
Ran adwcleaner and got ...R2.txt, then pressed delete and system restarted and then got ...S1.txt.
Thanks again!!

Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.1
JavaFX 2.1.0 SDK
Java™ 6 Update 31
Java™ 7 Update 5
Java SE Development Kit 7 Update 4
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Attached Files


Edited by nasdaq, 16 September 2012 - 08:00 AM.
SecurityCheck posted.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:47 PM

Posted 16 September 2012 - 08:05 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.



Java™ 6 Update 31
Java™ 7 Update 5

If not using the Development kits remove these as well.
JavaFX 2.1.0 SDK
Java SE Development Kit 7 Update 4


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users