Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Down after Rootkit and Cloud AV Removal


  • Please log in to reply
1 reply to this topic

#1 mainesnowrider

mainesnowrider

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 November 2011 - 01:31 PM

I cannot connect to the internet after removing the rootkit and cloud av viruses. Here are the results of farbar and system look scans. Thanks to whoever can help me.

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

tdx Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open tdx registry key. The service might not exist.
Checking ImagePath: Attention! Unable to open tdx registry key. The service might not exist.

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.
The ServiceDll of RpcSs service is OK.


File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll
[2011-04-14 21:00] - [2011-03-03 00:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9


Connection Status:
==================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

SystemLook 30.07.11 by jpshortstuff
Log created at 13:19 on 28/11/2011 by Ben & Kim
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt]
"DisplayName"="@%SystemRoot%\system32\drivers\netbt.sys,-2"
"Group"="PNP_TDI"
"ImagePath"="System32\DRIVERS\netbt.sys"
"Description"="@%SystemRoot%\system32\drivers\netbt.sys,-1"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)
"DependOnService"="Tdx tcpip"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Linkage]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Security]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Enum]


========== filefind ==========

Searching for "netbt.sys"
C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys --a---- 187904 bytes [04:17 21/11/2011] [08:39 20/11/2010] 280122DDCF04B378EDD1AD54D71C1E54
C:\Windows\System32\drivers\netbt.sys --a---- 187904 bytes [23:12 13/07/2009] [23:12 13/07/2009] DD52A733BF4CA5AF84562A5E2F963B91
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys --a---- 187904 bytes [23:12 13/07/2009] [23:12 13/07/2009] DD52A733BF4CA5AF84562A5E2F963B91

-= EOF =-

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:55 PM

Posted 28 November 2011 - 11:30 PM

Welcome aboard Posted Image

Your FSS log has a header missing so I don't know which Windows version we're dealing here with.
Please repost it.

Then...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdx /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users