Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just Cleaned out Vista Antivirus 2012, no internetz


  • Please log in to reply
1 reply to this topic

#1 BloodWraith

BloodWraith

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 05 January 2012 - 12:56 PM

I apologize for the repetitive posts concerning this PITA but as the topic states I have cleared out the pesk Vista Antivirus 2012 and of course the internet is not working on the laptop. It appears that the tcp/ip stack is fubared but all fixes I have encountered thus far have not helped :(

Just as a summary of what has been done:

Cleaned out virus (should be gone but will know for sure when the internet comes back on and I can get mbam updated.

Fixed Legacy SDR issue (the registry entry got hosed somehow)

Ran TDSSKiller, mbam, FixNCR.reg, and pulled a FSS log afterwards

Reset everything of the tcp/ip stack I could think of a performed a netsh winsock reset as well for good measure.

Get a 169.254 address for IP

Please, I need your help :)

Sincerely,

bwraith

Farbar Service Scanner
Ran by User (administrator) on 05-01-2012 at 11:36:11
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-20 20:49] - [2008-01-20 20:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys
[2008-01-20 20:49] - [2008-01-20 20:49] - 0024064 ____A (Microsoft Corporation) 1523AF19EE8B030BA682F7A53537EAEB

C:\Windows\SysWOW64\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2011-06-18 10:27] - [2011-04-21 08:20] - 0405504 ____A (Microsoft Corporation) 0CC146C4ADDEA45791B18B1E2659F4A9

C:\Windows\System32\drivers\tdx.sys
[2009-06-21 20:08] - [2009-04-10 23:43] - 0094720 ____A (Microsoft Corporation) 458919C8C42E398DC4802178D5FFEE27

C:\Windows\System32\Drivers\tcpip.sys
[2011-11-08 21:44] - [2011-09-20 15:06] - 1426304 ____A (Microsoft Corporation) 2CC45D932BD193CD4117321D469AD6B2

C:\Windows\System32\dnsrslvr.dll
[2011-04-12 20:00] - [2011-03-02 10:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-06-21 20:09] - [2009-04-11 01:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-06-21 20:08] - [2009-04-11 01:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys
[2008-01-20 20:49] - [2008-01-20 20:49] - 0081408 ____A (Microsoft Corporation) C92B9ABDB65A5991E00C28F13491DBA2

C:\Windows\System32\SDRSVC.dll
[2008-01-20 20:47] - [2008-01-20 20:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2009-06-21 20:10] - [2009-04-11 01:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-06-21 20:07] - [2009-04-11 01:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-06-21 20:08] - [2009-04-11 01:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll
[2009-10-01 18:10] - [2009-08-06 20:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll
[2009-06-21 20:10] - [2009-04-11 01:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-06-21 20:10] - [2009-04-11 01:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2009-06-21 20:09] - [2009-04-11 01:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Windows\System32\svchost.exe
[2008-01-20 20:50] - [2008-01-20 20:50] - 0027648 ____A (Microsoft Corporation) CDA9F1373805AF88F6FA4F2064BBA24D

C:\Windows\System32\rpcss.dll
[2009-06-21 20:10] - [2009-04-11 01:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

BC AdBot (Login to Remove)

 


#2 Jet Stream 1

Jet Stream 1

  • Validating
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 07 January 2012 - 02:06 PM

I had similar issues after eliminating the XP version of this malware.
This fix from Microsoft solved my internet connectivity problem (same 169.254. symptom)
http://support.microsoft.com/kb/299357




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users