Solved No internet after using malware removal software

Uphallman

New Member
Thread author
Verified
Jul 1, 2014
27
Hi!

After using the malware cleaning software the internet stopped working (it only worked intermittently before anyway). I tried various methods to resolve the internet problem but came up blank. I then saw your website and tried some of the methods suggested here (FSS, FRST, TFC) but again to no avail. Another site recommended MiniToolBox, AviraDNSRepair, Microsoft Fixit for Host Reset, and Rizonesoft's Complete Internet Repair. Still no internet!

I'm hoping you can help.

Thanks in advance for any reply,

Gav
 

Attachments

  • Addition.txt
    44.7 KB · Views: 206
  • AdwCleaner[R0].txt
    86.6 KB · Views: 91
  • AdwCleaner[R1].txt
    86.4 KB · Views: 239
  • AdwCleaner[S0].txt
    759 bytes · Views: 59
  • AdwCleaner[S1].txt
    84.1 KB · Views: 133
  • FRST.txt
    61.6 KB · Views: 143
  • FRST_30-06-2014_19-01-14.txt
    61.6 KB · Views: 94
  • JRT.txt
    2.6 KB · Views: 69
  • Result.txt
    615 bytes · Views: 61
  • FSS.txt
    1.2 KB · Views: 83

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hi,

Before we begin, I want you to have this in mind:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.




First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- Ask Toolbar
- FuzeZip
- GamingWonderland Internet Explorer Toolbar
- InboxAce Internet Explorer Toolbar
- Marine Aquarium Lite Internet Explorer Toolbar
- Media Player Classic - Home Cinema v1.5.2.3456
- Media_Play_AIR+
- OnlineMapFinder Internet Explorer Toolbar
- PenWes [11355]
- Plus-HD-V1.1
- Pogo Games
- PrrinceCoupon
- Updater
- Yahoo Community Smartbar
- Yahoo! Toolbar




***** NEXT *****




Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.
 

Attachments

  • fixlist.txt
    9.3 KB · Views: 204
  • Like
Reactions: Uphallman

Uphallman

New Member
Thread author
Verified
Jul 1, 2014
27
Hi,

Thanks for coming back to me. The following programs couldn't be deleted:

- GamingWonderland Internet Explorer Toolbar
- InboxAce Internet Explorer Toolbar
- Marine Aquarium Lite Internet Explorer Toolbar
- OnlineMapFinder Internet Explorer Toolbar
- PenWes [11355]
- Plus-HD-V1.1
- PrrinceCoupon
- Updater
- Yahoo Community Smartbar
- Yahoo! Toolbar

Carried out the FRST fix. I've attached the fixlog report.

Thanks again,

Gav


Hi,

Before we begin, I want you to have this in mind:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.




First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- Ask Toolbar
- FuzeZip
- GamingWonderland Internet Explorer Toolbar
- InboxAce Internet Explorer Toolbar
- Marine Aquarium Lite Internet Explorer Toolbar
- Media Player Classic - Home Cinema v1.5.2.3456
- Media_Play_AIR+
- OnlineMapFinder Internet Explorer Toolbar
- PenWes [11355]
- Plus-HD-V1.1
- Pogo Games
- PrrinceCoupon
- Updater
- Yahoo Community Smartbar
- Yahoo! Toolbar




***** NEXT *****




Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.
 

Attachments

  • Fixlog.txt
    24.5 KB · Views: 163

Uphallman

New Member
Thread author
Verified
Jul 1, 2014
27
Hi Nikos751,

Thanks for the info. I'm gonna go with TwinHeadedEagle first off. Fingers crossed!!

Cheers again,

Gav :)

I am NOT a malware removal expert, but I have used this in relevant situation and it has worked. http://www.tweaking.com/content/page/windows_repair_all_in_one.html
If you do so, tick the checkbox(es) that have to do with internet connection and everything else that you consider to be helpful, the others are not required.

Otherwise, there are awsome skilled guys here to help you :)
 
  • Like
Reactions: Nikos751

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Can you run FRST once more, press Scan and attach fresh report. Also tell me what exactly happens when you try to access Internet?
 

Uphallman

New Member
Thread author
Verified
Jul 1, 2014
27
Hi,

When I try to connect to the net IE just shuts down and the downloads window opens up to show a SuperMario.exe file (I've included a screenshot). The SuperMario.exe file cannot be saved nor the list cleared.

I've attached the latest FFS report.

Cheers,

Gav


Can you run FRST once more, press Scan and attach fresh report. Also tell me what exactly happens when you try to access Internet?
 

Attachments

  • FSS.txt
    1.2 KB · Views: 74
  • Screen Capture 02-07-14.jpg
    Screen Capture 02-07-14.jpg
    319 KB · Views: 82

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach Fixlog.txt report after it is finished.



***** NEXT *****



1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.


--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
 

Attachments

  • fixlist.txt
    541 bytes · Views: 83

Uphallman

New Member
Thread author
Verified
Jul 1, 2014
27
Hi,

Ran both operations. Logs attached.

Cheers,

Gav

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach Fixlog.txt report after it is finished.



***** NEXT *****



1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.


--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
 

Attachments

  • Fixlog.txt
    1.6 KB · Views: 70
  • ComboFix.txt
    28 KB · Views: 170

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Open notepad and copy/paste the text present inside the code box below:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:
Folder::
c:\program files\SuperFastPC
C:\a253320856587ff9b155e4
C:\280b8dc75bf204ca9d
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
c:\users\brettahayes\AppData\Roaming\SmileysWeLove
c:\users\alexander\AppData\Roaming\SmileysWeLove
c:\users\Compaq\AppData\Roaming\smileyswelove
c:\program files\Smileys We Love Toolbar for IE

File::
c:\windows\system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w.sys

RegLockDel::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{E8150FF6-E972-4A0E-80F2-8AC633EC148A}"=hex:51,66,7a,6c,4c,1d,38,12,98,0c,06,
   ec,40,a7,60,0f,ff,e4,c9,86,36,b2,50,9e
"{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}"=hex:51,66,7a,6c,4c,1d,38,12,cd,26,45,
   eb,99,79,b5,0e,e7,63,69,7d,94,93,49,e9
"{3004627E-F8E9-4E8B-909D-316753CBA923}"=hex:51,66,7a,6c,4c,1d,38,12,10,61,17,
   34,db,b6,e5,0b,ef,8b,72,27,56,95,ed,37
"{48586425-6BB7-4F51-8DC6-38C88E3EBB58}"=hex:51,66,7a,6c,4c,1d,38,12,4b,67,4b,
   4c,85,25,3f,0a,f2,d0,7b,88,8b,60,ff,4c
"{3775AFD7-5921-4571-968F-85A631203D1C}"=hex:51,66,7a,6c,4c,1d,38,12,b9,ac,66,
   33,13,17,1f,00,e9,99,c6,e6,34,7e,79,08
"{F41A56D2-7B52-4D16-812C-A63C6CA9D4C5}"=hex:51,66,7a,6c,4c,1d,38,12,bc,55,09,
   f0,60,35,78,08,fe,3a,e5,7c,69,f7,90,d1
"{07189B84-B33B-4A1E-9B32-AD203C983C20}"=hex:51,66,7a,6c,4c,1d,38,12,ea,98,0b,
   03,09,fd,70,0f,e4,24,ee,60,39,c6,78,34
"{78BA36C9-6036-482B-B48D-ECCA6F964B84}"=hex:51,66,7a,6c,4c,1d,38,12,a7,35,a9,
   7c,04,2e,45,0d,cb,9b,af,8a,6a,c8,0f,90
"{074D3229-0A22-491B-B9DD-FF3171D75F25}"=hex:51,66,7a,6c,4c,1d,38,12,47,31,5e,
   03,10,44,75,0c,c6,cb,bc,71,74,89,1b,31
"{0EEAA2C3-0CD7-4364-B82E-F9257081C860}"=hex:51,66,7a,6c,4c,1d,38,12,ad,a1,f9,
   0a,e5,42,0a,06,c7,38,ba,65,75,df,8c,74
"{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}"=hex:51,66,7a,6c,4c,1d,38,12,95,87,3c,
   35,42,c7,bd,0a,c2,cd,33,52,ef,9a,eb,dd
"{48909954-14FB-4971-A7B3-47E7AF10B38A}"=hex:51,66,7a,6c,4c,1d,38,12,3a,9a,83,
   4c,c9,5a,1f,0c,d8,a5,04,a7,aa,4e,f7,9e
"{5848763C-2668-44CA-ADBE-2999A6EE2858}"=hex:51,66,7a,6c,4c,1d,38,12,52,75,5b,
   5c,5a,68,a4,01,d2,a8,6a,d9,a3,b0,6c,4c
"{6A79CDAC-F710-4996-842B-FDC33B785A35}"=hex:51,66,7a,6c,4c,1d,38,12,c2,ce,6a,
   6e,22,b9,f8,0c,fb,3d,be,83,3e,26,1e,21
"{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}"=hex:51,66,7a,6c,4c,1d,38,12,2c,d9,4a,
   97,c9,48,9c,03,e1,5c,46,80,5e,c6,e1,fb
"{C547C6C2-561B-4169-A2A5-20BA771CA93B}"=hex:51,66,7a,6c,4c,1d,38,12,ac,c5,54,
   c1,29,18,07,04,dd,b3,63,fa,72,42,ed,2f
"{D5A1D22B-9E17-454F-8ECD-83C578FB3983}"=hex:51,66,7a,6c,4c,1d,38,12,45,d1,b2,
   d1,25,d0,21,00,f1,db,c0,85,7d,a5,7d,97
"{D9F16D8B-81B5-4667-AF4D-25365BBF7FC9}"=hex:51,66,7a,6c,4c,1d,38,12,e5,6e,e2,
   dd,87,cf,09,03,d0,5b,66,76,5e,e1,3b,dd
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,f7,7f,78,30,79,65,4e,9c,a3,19,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,f7,7f,78,30,79,65,4e,9c,a3,19,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,f7,7f,78,30,79,65,4e,9c,a3,19,\

ClearJavaCache::

Save this as CFScript.txt

CFScriptB-4.gif


Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )



***** NEXT *****



Tell me how is your computer now?
 

Uphallman

New Member
Thread author
Verified
Jul 1, 2014
27
Hi,

Run the secondary pass on Combofix. The report is attached.

The computer is running at a super fast rate. It's soooo much faster than it was. Unfortunately it's still not connecting to the net. I've rebooted it and no change.

Cheers,

Gav

Open notepad and copy/paste the text present inside the code box below:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:
Folder::
c:\program files\SuperFastPC
C:\a253320856587ff9b155e4
C:\280b8dc75bf204ca9d
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
c:\users\brettahayes\AppData\Roaming\SmileysWeLove
c:\users\alexander\AppData\Roaming\SmileysWeLove
c:\users\Compaq\AppData\Roaming\smileyswelove
c:\program files\Smileys We Love Toolbar for IE

File::
c:\windows\system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w.sys

RegLockDel::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{E8150FF6-E972-4A0E-80F2-8AC633EC148A}"=hex:51,66,7a,6c,4c,1d,38,12,98,0c,06,
   ec,40,a7,60,0f,ff,e4,c9,86,36,b2,50,9e
"{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}"=hex:51,66,7a,6c,4c,1d,38,12,cd,26,45,
   eb,99,79,b5,0e,e7,63,69,7d,94,93,49,e9
"{3004627E-F8E9-4E8B-909D-316753CBA923}"=hex:51,66,7a,6c,4c,1d,38,12,10,61,17,
   34,db,b6,e5,0b,ef,8b,72,27,56,95,ed,37
"{48586425-6BB7-4F51-8DC6-38C88E3EBB58}"=hex:51,66,7a,6c,4c,1d,38,12,4b,67,4b,
   4c,85,25,3f,0a,f2,d0,7b,88,8b,60,ff,4c
"{3775AFD7-5921-4571-968F-85A631203D1C}"=hex:51,66,7a,6c,4c,1d,38,12,b9,ac,66,
   33,13,17,1f,00,e9,99,c6,e6,34,7e,79,08
"{F41A56D2-7B52-4D16-812C-A63C6CA9D4C5}"=hex:51,66,7a,6c,4c,1d,38,12,bc,55,09,
   f0,60,35,78,08,fe,3a,e5,7c,69,f7,90,d1
"{07189B84-B33B-4A1E-9B32-AD203C983C20}"=hex:51,66,7a,6c,4c,1d,38,12,ea,98,0b,
   03,09,fd,70,0f,e4,24,ee,60,39,c6,78,34
"{78BA36C9-6036-482B-B48D-ECCA6F964B84}"=hex:51,66,7a,6c,4c,1d,38,12,a7,35,a9,
   7c,04,2e,45,0d,cb,9b,af,8a,6a,c8,0f,90
"{074D3229-0A22-491B-B9DD-FF3171D75F25}"=hex:51,66,7a,6c,4c,1d,38,12,47,31,5e,
   03,10,44,75,0c,c6,cb,bc,71,74,89,1b,31
"{0EEAA2C3-0CD7-4364-B82E-F9257081C860}"=hex:51,66,7a,6c,4c,1d,38,12,ad,a1,f9,
   0a,e5,42,0a,06,c7,38,ba,65,75,df,8c,74
"{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}"=hex:51,66,7a,6c,4c,1d,38,12,95,87,3c,
   35,42,c7,bd,0a,c2,cd,33,52,ef,9a,eb,dd
"{48909954-14FB-4971-A7B3-47E7AF10B38A}"=hex:51,66,7a,6c,4c,1d,38,12,3a,9a,83,
   4c,c9,5a,1f,0c,d8,a5,04,a7,aa,4e,f7,9e
"{5848763C-2668-44CA-ADBE-2999A6EE2858}"=hex:51,66,7a,6c,4c,1d,38,12,52,75,5b,
   5c,5a,68,a4,01,d2,a8,6a,d9,a3,b0,6c,4c
"{6A79CDAC-F710-4996-842B-FDC33B785A35}"=hex:51,66,7a,6c,4c,1d,38,12,c2,ce,6a,
   6e,22,b9,f8,0c,fb,3d,be,83,3e,26,1e,21
"{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}"=hex:51,66,7a,6c,4c,1d,38,12,2c,d9,4a,
   97,c9,48,9c,03,e1,5c,46,80,5e,c6,e1,fb
"{C547C6C2-561B-4169-A2A5-20BA771CA93B}"=hex:51,66,7a,6c,4c,1d,38,12,ac,c5,54,
   c1,29,18,07,04,dd,b3,63,fa,72,42,ed,2f
"{D5A1D22B-9E17-454F-8ECD-83C578FB3983}"=hex:51,66,7a,6c,4c,1d,38,12,45,d1,b2,
   d1,25,d0,21,00,f1,db,c0,85,7d,a5,7d,97
"{D9F16D8B-81B5-4667-AF4D-25365BBF7FC9}"=hex:51,66,7a,6c,4c,1d,38,12,e5,6e,e2,
   dd,87,cf,09,03,d0,5b,66,76,5e,e1,3b,dd
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,f7,7f,78,30,79,65,4e,9c,a3,19,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,f7,7f,78,30,79,65,4e,9c,a3,19,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,f7,7f,78,30,79,65,4e,9c,a3,19,\

ClearJavaCache::

Save this as CFScript.txt

CFScriptB-4.gif


Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )



***** NEXT *****



Tell me how is your computer now?
 

Uphallman

New Member
Thread author
Verified
Jul 1, 2014
27
Sorry - forgot to attach the file! :oops:

Open notepad and copy/paste the text present inside the code box below:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:
Folder::
c:\program files\SuperFastPC
C:\a253320856587ff9b155e4
C:\280b8dc75bf204ca9d
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
c:\users\brettahayes\AppData\Roaming\SmileysWeLove
c:\users\alexander\AppData\Roaming\SmileysWeLove
c:\users\Compaq\AppData\Roaming\smileyswelove
c:\program files\Smileys We Love Toolbar for IE

File::
c:\windows\system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w.sys

RegLockDel::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{E8150FF6-E972-4A0E-80F2-8AC633EC148A}"=hex:51,66,7a,6c,4c,1d,38,12,98,0c,06,
   ec,40,a7,60,0f,ff,e4,c9,86,36,b2,50,9e
"{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}"=hex:51,66,7a,6c,4c,1d,38,12,cd,26,45,
   eb,99,79,b5,0e,e7,63,69,7d,94,93,49,e9
"{3004627E-F8E9-4E8B-909D-316753CBA923}"=hex:51,66,7a,6c,4c,1d,38,12,10,61,17,
   34,db,b6,e5,0b,ef,8b,72,27,56,95,ed,37
"{48586425-6BB7-4F51-8DC6-38C88E3EBB58}"=hex:51,66,7a,6c,4c,1d,38,12,4b,67,4b,
   4c,85,25,3f,0a,f2,d0,7b,88,8b,60,ff,4c
"{3775AFD7-5921-4571-968F-85A631203D1C}"=hex:51,66,7a,6c,4c,1d,38,12,b9,ac,66,
   33,13,17,1f,00,e9,99,c6,e6,34,7e,79,08
"{F41A56D2-7B52-4D16-812C-A63C6CA9D4C5}"=hex:51,66,7a,6c,4c,1d,38,12,bc,55,09,
   f0,60,35,78,08,fe,3a,e5,7c,69,f7,90,d1
"{07189B84-B33B-4A1E-9B32-AD203C983C20}"=hex:51,66,7a,6c,4c,1d,38,12,ea,98,0b,
   03,09,fd,70,0f,e4,24,ee,60,39,c6,78,34
"{78BA36C9-6036-482B-B48D-ECCA6F964B84}"=hex:51,66,7a,6c,4c,1d,38,12,a7,35,a9,
   7c,04,2e,45,0d,cb,9b,af,8a,6a,c8,0f,90
"{074D3229-0A22-491B-B9DD-FF3171D75F25}"=hex:51,66,7a,6c,4c,1d,38,12,47,31,5e,
   03,10,44,75,0c,c6,cb,bc,71,74,89,1b,31
"{0EEAA2C3-0CD7-4364-B82E-F9257081C860}"=hex:51,66,7a,6c,4c,1d,38,12,ad,a1,f9,
   0a,e5,42,0a,06,c7,38,ba,65,75,df,8c,74
"{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}"=hex:51,66,7a,6c,4c,1d,38,12,95,87,3c,
   35,42,c7,bd,0a,c2,cd,33,52,ef,9a,eb,dd
"{48909954-14FB-4971-A7B3-47E7AF10B38A}"=hex:51,66,7a,6c,4c,1d,38,12,3a,9a,83,
   4c,c9,5a,1f,0c,d8,a5,04,a7,aa,4e,f7,9e
"{5848763C-2668-44CA-ADBE-2999A6EE2858}"=hex:51,66,7a,6c,4c,1d,38,12,52,75,5b,
   5c,5a,68,a4,01,d2,a8,6a,d9,a3,b0,6c,4c
"{6A79CDAC-F710-4996-842B-FDC33B785A35}"=hex:51,66,7a,6c,4c,1d,38,12,c2,ce,6a,
   6e,22,b9,f8,0c,fb,3d,be,83,3e,26,1e,21
"{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}"=hex:51,66,7a,6c,4c,1d,38,12,2c,d9,4a,
   97,c9,48,9c,03,e1,5c,46,80,5e,c6,e1,fb
"{C547C6C2-561B-4169-A2A5-20BA771CA93B}"=hex:51,66,7a,6c,4c,1d,38,12,ac,c5,54,
   c1,29,18,07,04,dd,b3,63,fa,72,42,ed,2f
"{D5A1D22B-9E17-454F-8ECD-83C578FB3983}"=hex:51,66,7a,6c,4c,1d,38,12,45,d1,b2,
   d1,25,d0,21,00,f1,db,c0,85,7d,a5,7d,97
"{D9F16D8B-81B5-4667-AF4D-25365BBF7FC9}"=hex:51,66,7a,6c,4c,1d,38,12,e5,6e,e2,
   dd,87,cf,09,03,d0,5b,66,76,5e,e1,3b,dd
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,f7,7f,78,30,79,65,4e,9c,a3,19,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,f7,7f,78,30,79,65,4e,9c,a3,19,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,f7,7f,78,30,79,65,4e,9c,a3,19,\

ClearJavaCache::

Save this as CFScript.txt

CFScriptB-4.gif


Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )



***** NEXT *****



Tell me how is your computer now?
 

Attachments

  • ComboFix.txt
    19.3 KB · Views: 65

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
I would like one more check:



Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
For full instructions how MBAR works, read this article

> Doubleclick on the MBAR file
mbar.png
and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.


• On the Update Database screen, click on the Update button. Once you see 'Success: Database was successfully updated' click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.

Notice: with some infections, you may see two messages boxes:
- 'Could not load protection driver'. Click 'OK'.
- 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.


>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.

>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.

>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
- Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution ...
- When you see "press any key to exit" fix is completed, press any key to close the window. Reboot the system.



> The following reports will be created in mbar folder:
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Please post both logs in your next reply.
 

Uphallman

New Member
Thread author
Verified
Jul 1, 2014
27
Hi,

Pressed the 'Update' but the program was unsuccessful because it couldn't find a host. I ran the scan anyway.

No infections found.

Cheers,

Gav

I would like one more check:



Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
For full instructions how MBAR works, read this article

> Doubleclick on the MBAR file
mbar.png
and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.


• On the Update Database screen, click on the Update button. Once you see 'Success: Database was successfully updated' click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.

Notice: with some infections, you may see two messages boxes:
- 'Could not load protection driver'. Click 'OK'.
- 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.


>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.

>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.

>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
- Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution ...
- When you see "press any key to exit" fix is completed, press any key to close the window. Reboot the system.



> The following reports will be created in mbar folder:
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Please post both logs in your next reply.
 

Attachments

  • mbar-log-2014-07-02 (13-08-09).txt
    2 KB · Views: 60
  • system-log.txt
    50.5 KB · Views: 80

Uphallman

New Member
Thread author
Verified
Jul 1, 2014
27
Hi,

I'm out and about at the mo but will get on to it as soon as I get back. Just wanted to say thanks for all your help so far and for sticking with me. It really is much appreciated.

Cheers,

Gav


I would like you to download this program

http://www.majorgeeks.com/files/details/complete_internet_repair.html

Run it, then Extract where you wish, and then run CIntRep.exe found in extracted folder.

Check all boxes, and then press Go!

Get back to me when it is finished.
,
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top