New Virus?

[RoughDobermann]

OK what I think is that TDSSKiller deleted the netbt file - lets find a copy and then move it

OK run OTL and run the following script as I need to check the dependency files

• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
afd.*
tcpip.*
netbt.*
/md5stop
C:\Windows\assembly\tmp\U /s
CREATERESTOREPOINT

Thanks essexboy.  Log attached.  I'm sending this from a hotel PC, so the fewer things I have to attach from now on would be best!  I look forward to your next reply.

[essexboy]

Once this has run give the net a try again

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Files
  ipconfig /flushdns /c
  C:\WINDOWS\system32\drivers\netbt.sys|C:\WINDOWS\ServicePackFiles\i386\netbt.sys /replace
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[RoughDobermann]

Ok I did that.  Will have to find a machine with Internet access to post log.

[RoughDobermann]

Log attached.  Did I see that you are going to be unavailable soon!?

[RoughDobermann]

Log attached.  Did I see that you are going to be unavailable soon!?

I had to re-write (not copy and paste) the above since I was doing it from me phone.  I just copied the above and can paste into my laptop.

Run OTL again?

[essexboy]

Yes I am off on a weeks holiday wednesday night

Well all the right files are in the right place... Next step is to remove all elements of Norton in case the firewall reactived and blocked you

Download the Norton removal tool from here and then uninstall the reamins of Norton https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-home

[RoughDobermann]

Yes I am off on a weeks holiday wednesday night

Well all the right files are in the right place... Next step is to remove all elements of Norton in case the firewall reactived and blocked you

Download the Norton removal tool from here and then uninstall the reamins of Norton https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080710133834EN&product=home&version=1&pvid=f-home

Which one/link do I select?

[essexboy]

This one I believe https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20080828154508EN&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb

[RoughDobermann]

This one I believe https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20080828154508EN&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb

It's asking me to uninstall Symantec through Add/Remove.  That is asking for a password I don't have.

[RoughDobermann]

I checked to see if DHCP client would start.  It won't.  Same error as before.

[essexboy]

Could you go to this page http://support.microsoft.com/kb/915162

It will ask you to enter the registry this is a brief synopsis - what I would like to know is, are there any additional entries apart from the three mentioned ?

1.Click Start, click Run, type regedit in the Open box, and then click OK.
2.In Registry Editor, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp

3.Right-click the DependOnService entry, and then click Modify.

4. In the Value data box, delete the service that is described in the event that appears in the "Symptoms" section.
 
Note Typically, the only services that are in the DependOnService entry are the following services:

■Tcpip
■Afd
■NetBt

5. Close Registry Editor, and then restart the computer.

[RoughDobermann]

No, there are just those three entries, but NetBt is listed as "NetBT" not "NetBt"

[RoughDobermann]

Not sure if this matters, but the first entry (default) is (value not set)

[essexboy]

I wonder if this a permissions problem as that is one of the zero access symptoms

Download this tool from here and install http://www.tweaking.com/content/page/windows_repair_all_in_one.html

Start the programme and go through steps one to four, or if time is short then select start repairs
Select the advanced option
Place a tick in reset registry permissions only
Then click start - reboot on completion

[RoughDobermann]

Okay did that.  Still no internet