Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet no longer works after removal of Vista Antivirus 2012


  • Please log in to reply
27 replies to this topic

#1 tsneds

tsneds

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 16 January 2012 - 04:57 PM

Hi

I removed Vista Antivirus 2012 using Malwarebytes and Superantispyware and it seems to be gone when I run scans now nothing is found. My problem now is that I cannot get on the internet at all,I fortunately have a second laptop that I can use but I need a fix for my internet problems on my main computer. Help Please!

Edited by Budapest, 17 January 2012 - 11:26 PM.
Moved from Vista


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:31 PM

Posted 16 January 2012 - 05:07 PM

Download

http://download.bleepingcomputer.com/farbar/FSS.exe


and run it on the infected PC.


* Click on "Scan".
* It will create a log (FSS.txt) in the same directory the tool is run.
* Please copy and paste the log to your reply

#3 tsneds

tsneds
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 16 January 2012 - 05:52 PM

Farbar Service Scanner
Ran by Erica (administrator) on 16-01-2012 at 17:50:12
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:31 PM

Posted 16 January 2012 - 06:14 PM

Launch FSS again and type

tdx.sys
in the BOX and click on search files

Post the generated log

#5 tsneds

tsneds
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 16 January 2012 - 06:43 PM

Farbar Service Scanner
Ran by Erica (administrator) on 16-01-2012 at 18:40:00
Windows Vista ™ Home Premium Service Pack 2 (X86)

************************************************
================== Search: "tdx.sys" ===================

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
[2008-01-20 21:24] - [2008-01-20 21:24] - 0071680 ____A (Microsoft Corporation) D09276B1FAB033CE1D40DCBDF303D10F

====== End Of Search ======

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:31 PM

Posted 16 January 2012 - 06:54 PM

Press Windows+R key and copy this line

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7

click ok

COpy tdx.sys from the location and paste it in

C:/Windows/system32/drivers folder

Restart your PC and check your browser

Good luck

#7 tsneds

tsneds
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 16 January 2012 - 07:17 PM

It worked!!! Thanks soo much!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:31 PM

Posted 16 January 2012 - 07:17 PM

You're welcome :thumbsup:

#9 tsneds

tsneds
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 17 January 2012 - 12:25 PM

I have one more computer that will not connect to the net,should I run the same scan and go through the same process?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:31 PM

Posted 17 January 2012 - 01:41 PM

Please run the FSS log for that computer

and post it here

Good luck

#11 tsneds

tsneds
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 17 January 2012 - 03:49 PM

Farbar Service Scanner
Ran by JAY BABI (administrator) on 17-01-2012 at 16:09:05
Windows Vista ™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2008-01-20 21:24] - [2008-01-20 21:24] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2009-01-05 21:15] - [2008-04-26 03:26] - 0891448 ____A (Microsoft Corporation) 82E266BEE5F0167E41C6ECFDD2A79C02

C:\Windows\system32\dnsrslvr.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0086528 ____A (Microsoft Corporation) F5A0F1DA1ED8B429597E71D27D976E31

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-21 16:20] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:31 PM

Posted 17 January 2012 - 04:34 PM

Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

#13 tsneds

tsneds
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 17 January 2012 - 05:32 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-17 17:53:08
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01
Running: p774rjmf.exe; Driver: C:\Users\JAYBAB~1\AppData\Local\Temp\uwlirfog.sys


---- System - GMER 1.0.15 ----

SSDT 8EB8B820 ZwAlertResumeThread
SSDT 8EB8B900 ZwAlertThread
SSDT 8F80BEF8 ZwAllocateVirtualMemory
SSDT 8F8DD218 ZwAlpcConnectPort
SSDT 8EB8B570 ZwCreateMutant
SSDT 8EBF1A38 ZwCreateThread
SSDT 8EA46060 ZwDebugActiveProcess
SSDT 8F80BD58 ZwFreeVirtualMemory
SSDT 8EB8B660 ZwImpersonateAnonymousToken
SSDT 8EB8B740 ZwImpersonateThread
SSDT 8F80BC58 ZwMapViewOfSection
SSDT 8EB8B450 ZwOpenEvent
SSDT 8EBF19B8 ZwOpenProcessToken
SSDT 8F80B998 ZwOpenThreadToken
SSDT 8F81B780 ZwResumeThread
SSDT 8F80B8B8 ZwSetContextThread
SSDT 8F80BA88 ZwSetInformationProcess
SSDT 8F80B7C8 ZwSetInformationThread
SSDT 8EB8B318 ZwSuspendProcess
SSDT 8EB8BA48 ZwSuspendThread
SSDT 8EBF1B18 ZwTerminateProcess
SSDT 8EB8BB28 ZwTerminateThread
SSDT 8F80BB78 ZwUnmapViewOfSection
SSDT 8F80BE28 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 82106914 8 Bytes [20, B8, B8, 8E, 00, B9, B8, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 364 82106928 4 Bytes [F8, BE, 80, 8F]
.text ntkrnlpa.exe!KeSetTimerEx + 370 82106934 4 Bytes [18, D2, 8D, 8F]
.text ntkrnlpa.exe!KeSetTimerEx + 428 821069EC 4 Bytes [70, B5, B8, 8E]
.text ntkrnlpa.exe!KeSetTimerEx + 454 82106A18 4 Bytes [38, 1A, BF, 8E]
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8A35C480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8A39D900, 0x3CA, 0x48000040]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:31 PM

Posted 17 January 2012 - 06:25 PM

Download

http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

Click on GO and paste the result

#15 tsneds

tsneds
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 17 January 2012 - 06:43 PM

MiniToolBox by Farbar
Ran by JAY BABI (administrator) on 17-01-2012 at 19:02:58
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Wireless WiFi Link 5100 = Wireless Network Connection (Connected)
Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JAYBABI-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 5100
Physical Address. . . . . . . . . : 00-21-6B-28-38-DA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dcd3:1e63:55f1:2f6c%11(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.47.108(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-1E-33-77-55-B4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{FF760607-1879-4406-AC47-128752A558DA}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{21D5FA56-C953-4D5A-8C38-4C6A8A5CD3E8}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:

General failure.

General failure.



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

===========================================================================
Interface List
11 ...00 21 6b 28 38 da ...... Intel® Wireless WiFi Link 5100
10 ...00 1e 33 77 55 b4 ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.{FF760607-1879-4406-AC47-128752A558DA}
13 ...00 00 00 00 00 00 00 e0 isatap.{21D5FA56-C953-4D5A-8C38-4C6A8A5CD3E8}
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.47.108 281
169.254.47.108 255.255.255.255 On-link 169.254.47.108 281
169.254.255.255 255.255.255.255 On-link 169.254.47.108 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.47.108 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.47.108 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::dcd3:1e63:55f1:2f6c/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users