Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet won't work after removing infected driver.


  • Please log in to reply
4 replies to this topic

#1 TheBlessed

TheBlessed

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 28 June 2012 - 07:55 PM

After running these programs,TDDSKiller and aswMBR, suggested by ELFasso to reactivate my firewall my internet started to not work after a restart, but the firewall became functional again. My network is currently frozen on 'Identifying' status and Im on my laptop as of now. Can anyone please help me with this issue? Also if needed, here is the current FSS scan log:

Farbar Service Scanner Version: 25-06-2012 01
Ran by minsu (administrator) on 28-06-2012 at 17:03:21
Running from "C:\Users\minsu\Desktop"
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx: "system32\drivers\tsk17F6.tmp".


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2010-07-04 05:10] - [2010-07-04 05:10] - 0265912 ____A (Microsoft Corporation) 0D5AD0E71FF5DDAC5DD2F443B499ABD0

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Edited by TheBlessed, 28 June 2012 - 07:59 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:04 PM

Posted 28 June 2012 - 08:09 PM

Create a restore point before running the registry fix

Press Windows+R key and type

notepad and click ok

Copy this script and paste it notepad

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tdx]
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,64,00,78,00,2e,00,73,00,79,\
  00,73,00,00,00

Click on FILE-SAVE AS

Filename:tdx.reg
Save as:All types

Launch the tdx.reg ,click YES

Restart the PC

Post the new FSS log

#3 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:10:04 PM

Posted 28 June 2012 - 08:12 PM

Please download and post a Mini tool box report, and post the log in your next reply. Then Download and Run Malwarebytes Anti Malware. When the scan completes please post the log file. Did you disable Windows Defender?


Edit: Someone is faster at typing then me Posted Image I will concede unless more help is needed Posted Image

Edited by Sneakycyber, 28 June 2012 - 08:14 PM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#4 TheBlessed

TheBlessed
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 28 June 2012 - 08:23 PM

Oh my god.

Thank you Naren! I appreciate your help to the max! I feel like I found a oasis in middle of a desert :D

Internet began to work clean! YOU SIR ARE A GENIUS!

FSS LOG AFTER :

Farbar Service Scanner Version: 25-06-2012 01
Ran by minsu (administrator) on 28-06-2012 at 18:20:28
Running from "C:\Users\minsu\Desktop"
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2010-07-04 05:10] - [2010-07-04 05:10] - 0265912 ____A (Microsoft Corporation) 0D5AD0E71FF5DDAC5DD2F443B499ABD0

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


EDIT : Thank you SneakyCyber for attempting to help me out! I really appreciate it. (: Hope you guys have a good day

Edited by TheBlessed, 28 June 2012 - 08:24 PM.


#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:04 PM

Posted 28 June 2012 - 08:32 PM

You're welcome :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users