Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix...now no internet


  • This topic is locked This topic is locked
4 replies to this topic

#1 Ppwfam

Ppwfam

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 12 February 2014 - 09:41 AM

Hello,
I see people have had the same issue but following advice from other threads hasn't helped me.
http://www.bleepingcomputer.com/forums/t/432892/no-internet-access-after-running-combofix/

I made a mistake and ran combofix. I don't think it ever completed correctly. Now my computer is running slowly and won't connect to the internet. I've never had to post on a forum before but now I'm way over my head.

BC AdBot (Login to Remove)

 


#2 Ppwfam

Ppwfam
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 12 February 2014 - 09:46 AM

Here's the FSS log:

 

Farbar Service Scanner Version: 02-02-2014
Ran by HP (administrator) on 12-02-2014 at 09:27:32
Running from "C:\Users\HP\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-13 08:07] - [2014-02-11 21:07] - 0020048 ____A (AVG Technologies CZ, s.r.o. ) A3C13A0135BEAE18C7E2310D95F0D605

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED.

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#3 Ppwfam

Ppwfam
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 12 February 2014 - 10:13 AM

I ran a SystemLook for afd.sys and here's what it came up with:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 10:01 on 12/02/2014 by HP
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "afd.sys"
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys    --a---- 499712 bytes    [03:24 21/11/2010]    [03:24 21/11/2010] D31DC7A16DEA4A9BAF179F3D6FBDB38C
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18264_none_35d81beb75355772\afd.sys    --a---- 497152 bytes    [01:35 10/10/2013]    [01:10 14/09/2013] 314C17917AC8523EC77A710215012A65
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18272_none_35cb4b6b753f40b5\afd.sys    --a---- 497152 bytes    [13:07 13/11/2013]    [01:09 28/09/2013] 79059559E89D06E8B80CE2944BE20228
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22457_none_366f8b668e482477\afd.sys    --a---- 496128 bytes    [01:35 10/10/2013]    [01:11 14/09/2013] 26EF7E0DF4EDCD898EB7A671529410B8
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22467_none_3664bb7a8e504068\afd.sys    --a---- 496128 bytes    [13:07 13/11/2013]    [01:14 28/09/2013] 50AB05903CBEF298D135A943D4432E3C

-= EOF =-



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:15 PM

Posted 12 February 2014 - 03:03 PM

I am helping this OP with this topic over at MBAM Forums.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:15 PM

Posted 12 February 2014 - 03:03 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users