Jump to content

Help required


Recommended Posts

Hello paraic87 and welcome to Malwarebytes,

Couple of questions:

1, Why is system running in Safe mode with Networking.

2, There Group Policy restrictions set, did you set those restrictions...

Run the following scans..

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:
 
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
 
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Next,

Please download MiniToolBox from here:

http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

Transfer to sick PC save to desktop and run it.

Checkmark the following checkboxes:
 
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Let me see those logs....

Thank you,

Kevin...
Link to post
Share on other sites

Thanks Kevin, I will run all those scans tonight and post results in the morning.

To respond to your 2 points:

1, Why is system running in Safe mode with Networking.

I could not get the Farbar scan to run normal mode. It hung (stopped responding) every time. Safe Mode was my only option.


2, There Group Policy restrictions set, did you set those restrictions...

No, I most definitely did not set those restrictions so that is suspicious.

Thanks you, I will update with logs in the morning.

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Is your conection restored?

 

Fixlist.txt

Link to post
Share on other sites

Unfortunately not.

Although I am now able to ping my router and 8.8.8.8 with replies. But no browser gives me anything, nor does any 'web' application (e.g. Skype which crash on launch)

I had to run FRST in safe mode as it hangs in normal mode on "Checking for update. please wait"

The fixlog is attached. Hopefully that will provide some clarification.

8pm here (Western Australia) and I will keep an eye on this topic. Thanks for your efforts! Much appreciated.

Fixlog.txt

Link to post
Share on other sites

Thanks for the log and updated information, looks like the TCP/IP rebuild did not work... try this :

Select the Windows Key and X key together, from the list select Command Prompt (Admin)

At the prompt either type of copy/paste netsh int ip reset resettcpip.txt select the enter key....

When complete reboot your PC, check the connection...

 

 

Link to post
Share on other sites

In the current configuration (obtain an IP automatically) it returns: "Ethernet 2" doesn't have a valid IP configuration - with the following detailed information:

PrintWindows Network Diagnostics Publisher details

Issues found
"Ethernet 2" doesn't have a valid IP configuration"Ethernet 2" doesn't have a valid IP configuration Not fixed Not Fixed
Investigate router or broadband modem issues Failed
Reset the "Ethernet 2" adapter Completed

Issues found Detection details

6 "Ethernet 2" doesn't have a valid IP configuration Not fixed Not Fixed
 
Investigate router or broadband modem issues Failed
 
If you're connected to a hotspot or domain network, contact the network administrator. Otherwise: 1. Unplug or turn off the device. 2. After all the lights on the device are off, wait at least 10 seconds. 3. Turn the device on or plug it back into the power outlet. To restart a router or modem that has a built-in battery, press and quickly release the Reset button.
Reset the "Ethernet 2" adapter Completed
 
This can sometimes resolve an intermittent problem.
InformationalNetwork Diagnostics Log
File Name:  C62EEAA0-C1CF-462F-89D2-B3B5029279D6.Repair.1.etl

Detection details Expand

Collection information
Computer Name:  CHARLENE
Windows Version: 10.0
Architecture: x64
Time: Friday, June 17, 2016 3:12:08 AM

Publisher details Expand

Windows Network Diagnostics
Detects problems with network connectivity.
Package Version: 3.0
Publisher: Microsoft Windows

 

No pings succeed in this state.

 

If I then set the IP config for IPv4 to "Use the following" 10.1.1.5 with DNS and gateway 10.1.1.1 I get the following: "Ethernet 2" doesn't have... FIXED with the following detailed information:

PrintWindows Network Diagnostics Publisher details

Issues found
"Ethernet 2" doesn't have a valid IP configuration"Ethernet 2" doesn't have a valid IP configuration Fixed Fixed
Reset the "Ethernet 2" adapter Completed
Investigate router or broadband modem issues Not run
Change the TCP/IP settings for the n"Ethernet 2" adapter Not run

Issues found Detection details

6 "Ethernet 2" doesn't have a valid IP configuration Fixed Fixed
 
Reset the "Ethernet 2" adapter Completed
 
This can sometimes resolve an intermittent problem.
InformationalNetwork Diagnostics Log
File Name:  EF629FC7-310E-432E-BE1E-9C88B2F5511D.Repair.Admin.1.etl
 
Investigate router or broadband modem issues Not run
 
If you're connected to a hotspot or domain network, contact the network administrator. Otherwise: 1. Unplug or turn off the device. 2. After all the lights on the device are off, wait at least 10 seconds. 3. Turn the device on or plug it back into the power outlet. To restart a router or modem that has a built-in battery, press and quickly release the Reset button.
Change the TCP/IP settings for the n"Ethernet 2" adapter Not run
 
The adapter is currently set to use a specific IP address that is incorrect, rather than obtaining an IP address automatically.

Detection details Expand

InformationalDiagnostics Information (Network Adapter)
Details about network adapter diagnosis:

Network adapter Ethernet 2 driver information:

   Description . . . . . . . . . . : Intel(R) 82579V Gigabit Network Connection
   Manufacturer  . . . . . . . . . : Intel Corporation
   Provider  . . . . . . . . . . . : Microsoft
   Version   . . . . . . . . . . . : 12.12.50.6
   Inf File Name . . . . . . . . . : C:\WINDOWS\INF\net1ic64.inf
   Inf File Date . . . . . . . . . : Friday, October 30, 2015  7:17:18 AM
   Section Name  . . . . . . . . . : E1503.6.2.1
   Hardware ID . . . . . . . . . . : pci\ven_8086&dev_1503
   Instance Status Flags . . . . . : 0x180200a
   Device Manager Status Code  . . : 0
   IfType  . . . . . . . . . . . . : 6
   Physical Media Type . . . . . . : 14

 InformationalNetwork Diagnostics Log
File Name:  EF629FC7-310E-432E-BE1E-9C88B2F5511D.Diagnose.Admin.0.etl
 
InformationalOther Networking Configuration and Logs
File Name:  NetworkConfiguration.cab
 
Collection information
Computer Name:  CHARLENE
Windows Version: 10.0
Architecture: x64
Time: Friday, June 17, 2016 3:16:54 AM

Publisher details Expand

Windows Network Diagnostics
Detects problems with network connectivity.
Package Version: 3.0
Publisher: Microsoft Windows


In this state I can successfully ping 10.1.1.1 and 8.8.8.8 but can get no web access from any browser. Hope that helps.

 

Link to post
Share on other sites

I want you to run FRST from outside of normal windows...

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit...

Next,

Hold down the Shift key and re-boot your PC. Windows should open to the "Choose an Option" window....

From that window select "Troubleshoot" from the next window select "Advance Options" from there select "Command Prompt" ensure to plug the flash drive into an open USB port...

Continue with the following:
 
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Thanks,

Kevin...

 

Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Re-boot to normal windows, is there any improvement..

 

fixlist.txt

Link to post
Share on other sites

Thanks for the update, good to hear we finally have a connection. As you`ve probably noted we`ve taken your system back to its settings as of 9th June, so I advise you make sure all software etc is checked for updates, specifically security apps.... We also need to run the following scans to check your system status..

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Post those logs.... also let me know if you have any remaining issues or concerns.

Thank you,

Kevin...

 

 

Link to post
Share on other sites

Thanks for those logs, system looks good... Run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

 

 

Link to post
Share on other sites

Unfortunately Kevin, less than a few hours after the restore I noticed that malwarebytes had discovered a virus. I cleaned it but I noticed that my default home page and search were now set to Yahoo. I ran full scans of mwb, sas and win defender - which turned up some more stuff (mostly adware). But then the network dropped out again - and the time is again shifted.

It seems like I'm back close to square one. I'm gutted.

The behaviour this time is different, in that all the applications (including Skype) run without crashing on launch.

I have rerun frst and attach the first and addition logs. Hopefully something can be done. Any help would be MUCH appreciated.

Addition.txt

FRST.txt

Link to post
Share on other sites

Can you run FRST again as per the instructions in Reply ID 14, that should get your Internet connection back.... When that completes I want you to run ESET online AV scan, this scan is very thorough and may take a a couple of hours.....

user posted imageScan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:
 
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:
 
  • Select "Enable detection of potentially unwanted applications"
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable security software!

Thanks,

Kevin....

Link to post
Share on other sites

Please download http://www.majorgeeks.com/mg/getmirror/complete_internet_repair,1.html Complete Internet Repair and transfer it to your Desktop. <--- Do not save anywhere else

Download Mirror http://www.majorgeeks.com/mg/getmirror/complete_internet_repair,2.html

Double click the icon and select Extract (accept UAC alert if applicable)

Double click the Complete Internet Repair folder on your desktop.

Run the version relevant to your system, 32 bit or 64 bit.

Double click the CIntRep.exe icon <----32 bit version.

Double click the ClntRep_64.exe icon <--- 64 bit version

Place a checkmark next to the following entries:
 
  • Reset Internet Protocol (TCP/IP)
  • Repair Winsock (Reset Catalog)
  • Renew Internet Connections
  • Flush DNS Resolver Cache
  • Repair Internet Explorer
  • Clear Windows Update History
  • Repair Windows / Automatic Updates
  • Repair SSL / HTTPS / Cryptography
  • Reset Windows Firewall Configuration
  • Restore the default hosts file
  • Repair Workgroup Computers view



Click Go!
Ignore any error messages for now
Click OK to reboot your computer....

Any change?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.