Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet disabled after 2012 antivirus virus removal


  • Please log in to reply
11 replies to this topic

#1 Phatcraft

Phatcraft

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 05 January 2012 - 12:25 AM

I got the 2012 antivirus virus like everyone else seems to be getting and like everyone else my internet stopped working after removing the virus. I was able to get another computer going by following Broni's other threads but this one has me stumped. Here is my Fubar log. Thanks for all the great help on this site, you guys rock!


Farbar Service Scanner
Ran by al (administrator) on 04-01-2012 at 21:18:40
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-12-22 22:32] - [2011-04-24 19:24] - 0338944 ____A (Microsoft Corporation) C427F91A748CD342A2B3F9278D9FD6A5

C:\Windows\system32\Drivers\tdx.sys
[2012-01-02 21:29] - [2012-01-02 19:44] - 0074240 ____A () 51A4A659BA1A320ED0BDB221EDCB8AA9

C:\Windows\system32\Drivers\tcpip.sys
[2011-12-18 16:09] - [2011-09-29 07:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll
[2011-12-18 16:09] - [2011-03-02 21:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 15:53] - [2009-07-13 17:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 15:54] - [2009-07-13 17:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 15:23] - [2009-07-13 17:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 15:24] - [2009-07-13 17:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-13 16:15] - [2009-07-13 17:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-13 15:30] - [2009-07-13 17:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2009-07-13 15:33] - [2009-07-13 17:15] - 0135680 ____A (Microsoft Corporation) 9C231178CE4FB385F4B54B0A9080B8A4

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 AM

Posted 05 January 2012 - 12:56 AM

Welcome aboard Posted Image

You have infected/corrupted tdx.sys file.

Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".

tdx.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Phatcraft

Phatcraft
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 05 January 2012 - 02:01 AM

Wow that was fast! Here is the results of the search...

Farbar Service Scanner
Ran by al (administrator) on 04-01-2012 at 22:58:36
Windows 7 Ultimate (X86)

************************************************
================== Search: "tdx.sys" ===================

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
[2009-07-13 15:12] - [2012-01-02 19:44] - 0074240 ____A () 51A4A659BA1A320ED0BDB221EDCB8AA9

C:\Windows\System32\drivers\tdx.sys
[2012-01-02 21:29] - [2012-01-02 19:44] - 0074240 ____A () 51A4A659BA1A320ED0BDB221EDCB8AA9

====== End Of Search ======

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 AM

Posted 05 January 2012 - 06:17 PM

Unfortunately those two are are the very same files and no good.
Do you have an access to another Windows 7 computer you could copy that file from?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Phatcraft

Phatcraft
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 05 January 2012 - 08:28 PM

That did the trick! Thanks so much. How did you know that the file was corrupt?

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 AM

Posted 05 January 2012 - 08:40 PM

Your file didn't have MS signature.

I want to run couple more checks....

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Phatcraft

Phatcraft
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 05 January 2012 - 11:19 PM

Here it is


Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 23
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Mozilla Firefox (3.6.25) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 AM

Posted 05 January 2012 - 11:32 PM

Did you disable Windows firewall and system restore for any reason?
If you didn't see if you can turn them both on.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Phatcraft

Phatcraft
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 06 January 2012 - 10:54 PM

System restore works but the firewall doesn't.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 AM

Posted 07 January 2012 - 12:34 AM

Did you try to turn firewall on?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Phatcraft

Phatcraft
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 09 January 2012 - 12:54 AM

Yes error code0x8007042c

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 AM

Posted 09 January 2012 - 01:07 AM

Post new FSS log.

Then....

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

====================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users