Author Topic: HAVE AN ERROR had a virus now no internet Please, Please help (Read 19428 times)

Donjuan · « **Reply #45 on:** January 11, 2012, 10:58:50 PM »

lol not thinking to straight i knew that one :'(

essexboy · « **Reply #46 on:** January 11, 2012, 11:19:45 PM »

Quote

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
? ??
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >

Quote

Description = The DHCP Client service depends on the following nonexistent service:
NetBT

Netbt is missing

Coee David could we borrow a reg export of this key pretty please

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT

I really must get my XP set up again on the VM

Donjuan · « **Reply #47 on:** January 11, 2012, 11:30:44 PM »

[2012/01/09 03:07:46 | 000,386,560 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\User\Local Settings\Application Data\trm.exe
[2012/01/09 03:07:46 | 000,386,560 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\User\Local Settings\Application Data\tni.exe

pretty sure i was looking at a southpark sight lol, and this is what i caught from it

essexboy · « **Reply #48 on:** January 11, 2012, 11:37:01 PM »

Could you rerun the OTL scan please but ensure that the log is saved as ansi as the one you posted is in unicode and hard to interpret... I will then kill off what else I can see

Donjuan · « **Reply #49 on:** January 11, 2012, 11:40:06 PM »

retuning scan, and thank you so much for your patience.

also I guess I am waiting fir simeone to post netbt so i can merge in my registry?

essexboy · « **Reply #50 on:** January 11, 2012, 11:42:40 PM »

Aye I have asked David very nicely for an export of that key from his system as I am on windows 7

Once you have merged then re-run farbar

Donjuan · « **Reply #51 on:** January 11, 2012, 11:44:37 PM »

I don't know if you can, but I am wondering how i caught this virus. I mean with Avast up and running. I just don't want to waste your time in the future.

On the upside this is fist virus that I am aware of in a long time.

DavidR · « **Reply #52 on:** January 11, 2012, 11:49:00 PM »

Quote from: essexboy on January 11, 2012, 11:19:45 PM

<snip>
Coee David could we borrow a reg export of this key pretty please

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT

I really must get my XP set up again on the VM

Dropbox link for the exported reg key http://dl.dropbox.com/u/56425897/avast/NetTB.reg

Donjuan · « **Reply #53 on:** January 12, 2012, 12:13:20 AM »

here is one file

Donjuan · « **Reply #54 on:** January 12, 2012, 12:34:24 AM »

I saved the nettb file on desktop as NetTb.reg, and as all files went to merge and it says i cannot brcause it is not a registry file, i can only import binary registry files from within registry editor

DavidR · « **Reply #55 on:** January 12, 2012, 01:11:18 AM »

I can't understand what is happening on your system.

How did you save it, right click and save as ?

I have never used the Import feature from within the registry editor, but that should work as well, by using that and navigating to the desktop and selecting the NetTB.reg file.

It was exported using the registry export function (as a .reg format) so it should be able to import in the same way.

That's me for the night here, I have an early start tomorrow and it is 12:10am here.

Donjuan · « **Reply #56 on:** January 12, 2012, 01:23:36 AM »

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000006
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,6e,00,65,00,74,00,62,00,74,00,2e,\
00,73,00,79,00,73,00,00,00
"DisplayName"="NetBios over Tcpip"
"Group"="PNP_TDI"
"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="NetBios over Tcpip"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Linkage]
"OtherDependencies"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,\
00,69,00,70,00,36,00,5f,00,7b,00,43,00,32,00,35,00,32,00,30,00,30,00,39,00,\
44,00,2d,00,39,00,44,00,36,00,35,00,2d,00,34,00,33,00,34,00,43,00,2d,00,38,\
00,38,00,33,00,36,00,2d,00,35,00,42,00,39,00,30,00,42,00,44,00,38,00,42,00,\
38,00,30,00,32,00,35,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,\
00,5c,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,39,00,38,00,45,00,\
34,00,38,00,37,00,33,00,42,00,2d,00,35,00,31,00,36,00,45,00,2d,00,34,00,45,\
00,35,00,42,00,2d,00,39,00,45,00,38,00,43,00,2d,00,39,00,44,00,32,00,32,00,\
41,00,42,00,33,00,35,00,34,00,32,00,38,00,43,00,7d,00,00,00,5c,00,44,00,65,\
00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,\
43,00,32,00,35,00,32,00,30,00,30,00,39,00,44,00,2d,00,39,00,44,00,36,00,35,\
00,2d,00,34,00,33,00,34,00,43,00,2d,00,38,00,38,00,33,00,36,00,2d,00,35,00,\
42,00,39,00,30,00,42,00,44,00,38,00,42,00,38,00,30,00,32,00,35,00,7d,00,00,\
00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,\
70,00,5f,00,7b,00,36,00,30,00,46,00,30,00,38,00,43,00,42,00,42,00,2d,00,39,\
00,31,00,32,00,42,00,2d,00,34,00,42,00,44,00,31,00,2d,00,39,00,44,00,32,00,\
37,00,2d,00,30,00,43,00,44,00,44,00,46,00,31,00,41,00,43,00,41,00,42,00,41,\
00,38,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,\
63,00,70,00,69,00,70,00,5f,00,7b,00,41,00,42,00,34,00,41,00,46,00,45,00,33,\
00,36,00,2d,00,33,00,33,00,30,00,41,00,2d,00,34,00,42,00,44,00,36,00,2d,00,\
41,00,36,00,42,00,37,00,2d,00,31,00,39,00,31,00,41,00,41,00,30,00,44,00,31,\
00,30,00,44,00,41,00,37,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,41,00,46,00,41,00,38,\
00,35,00,39,00,45,00,46,00,2d,00,44,00,45,00,37,00,43,00,2d,00,34,00,46,00,\
37,00,41,00,2d,00,42,00,33,00,42,00,33,00,2d,00,42,00,46,00,32,00,32,00,42,\
00,30,00,39,00,38,00,33,00,37,00,39,00,45,00,7d,00,00,00,5c,00,44,00,65,00,\
76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,30,\
00,30,00,45,00,30,00,34,00,42,00,42,00,32,00,2d,00,44,00,46,00,44,00,31,00,\
2d,00,34,00,35,00,38,00,35,00,2d,00,39,00,30,00,37,00,38,00,2d,00,35,00,42,\
00,32,00,42,00,45,00,32,00,38,00,37,00,45,00,31,00,38,00,44,00,7d,00,00,00,\
00,00
"Route"=hex(7):22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,\
00,43,00,32,00,35,00,32,00,30,00,30,00,39,00,44,00,2d,00,39,00,44,00,36,00,\
35,00,2d,00,34,00,33,00,34,00,43,00,2d,00,38,00,38,00,33,00,36,00,2d,00,35,\
00,42,00,39,00,30,00,42,00,44,00,38,00,42,00,38,00,30,00,32,00,35,00,7d,00,\
22,00,00,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,\
00,39,00,38,00,45,00,34,00,38,00,37,00,33,00,42,00,2d,00,35,00,31,00,36,00,\
45,00,2d,00,34,00,45,00,35,00,42,00,2d,00,39,00,45,00,38,00,43,00,2d,00,39,\
00,44,00,32,00,32,00,41,00,42,00,33,00,35,00,34,00,32,00,38,00,43,00,7d,00,\
22,00,00,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,43,\
00,32,00,35,00,32,00,30,00,30,00,39,00,44,00,2d,00,39,00,44,00,36,00,35,00,\
2d,00,34,00,33,00,34,00,43,00,2d,00,38,00,38,00,33,00,36,00,2d,00,35,00,42,\
00,39,00,30,00,42,00,44,00,38,00,42,00,38,00,30,00,32,00,35,00,7d,00,22,00,\
00,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,4e,00,64,00,69,\
00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,\
00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,43,00,\
32,00,35,00,32,00,30,00,30,00,39,00,44,00,2d,00,39,00,44,00,36,00,35,00,2d,\
00,34,00,33,00,34,00,43,00,2d,00,38,00,38,00,33,00,36,00,2d,00,35,00,42,00,\
39,00,30,00,42,00,44,00,38,00,42,00,38,00,30,00,32,00,35,00,7d,00,00,00,5c,\
00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,\
5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,39,00,38,00,45,00,34,\
00,38,00,37,00,33,00,42,00,2d,00,35,00,31,00,36,00,45,00,2d,00,34,00,45,00,\
35,00,42,00,2d,00,39,00,45,00,38,00,43,00,2d,00,39,00,44,00,32,00,32,00,41,\
00,42,00,33,00,35,00,34,00,32,00,38,00,43,00,7d,00,00,00,5c,00,44,00,65,00,\
76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,\
00,70,00,69,00,70,00,5f,00,7b,00,43,00,32,00,35,00,32,00,30,00,30,00,39,00,\
44,00,2d,00,39,00,44,00,36,00,35,00,2d,00,34,00,33,00,34,00,43,00,2d,00,38,\
00,38,00,33,00,36,00,2d,00,35,00,42,00,39,00,30,00,42,00,44,00,38,00,42,00,\
38,00,30,00,32,00,35,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,\
00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,\
5f,00,7b,00,36,00,30,00,46,00,30,00,38,00,43,00,42,00,42,00,2d,00,39,00,31,\
00,32,00,42,00,2d,00,34,00,42,00,44,00,31,00,2d,00,39,00,44,00,32,00,37,00,\
2d,00,30,00,43,00,44,00,44,00,46,00,31,00,41,00,43,00,41,00,42,00,41,00,38,\
00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,\
74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,41,00,42,\
00,34,00,41,00,46,00,45,00,33,00,36,00,2d,00,33,00,33,00,30,00,41,00,2d,00,\
34,00,42,00,44,00,36,00,2d,00,41,00,36,00,42,00,37,00,2d,00,31,00,39,00,31,\
00,41,00,41,00,30,00,44,00,31,00,30,00,44,00,41,00,37,00,7d,00,00,00,5c,00,\
44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,\
00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,41,00,46,00,41,00,38,00,35,00,\
39,00,45,00,46,00,2d,00,44,00,45,00,37,00,43,00,2d,00,34,00,46,00,37,00,41,\
00,2d,00,42,00,33,00,42,00,33,00,2d,00,42,00,46,00,32,00,32,00,42,00,30,00,\
39,00,38,00,33,00,37,00,39,00,45,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,\
69,00,70,00,5f,00,7b,00,30,00,30,00,45,00,30,00,34,00,42,00,42,00,32,00,2d,\
00,44,00,46,00,44,00,31,00,2d,00,34,00,35,00,38,00,35,00,2d,00,39,00,30,00,\
37,00,38,00,2d,00,35,00,42,00,32,00,42,00,45,00,32,00,38,00,37,00,45,00,31,\
00,38,00,44,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"NbProvider"="_tcp"
"NameServerPort"=dword:00000089
"CacheTimeout"=dword:000927c0
"BcastNameQueryCount"=dword:00000003
"BcastQueryTimeout"=dword:000002ee
"NameSrvQueryCount"=dword:00000003
"NameSrvQueryTimeout"=dword:000005dc
"Size/Small/Medium/Large"=dword:00000001
"SessionKeepAlive"=dword:0036ee80
"TransportBindName"="\\Device\\"
"EnableLMHOSTS"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{00E04BB2-DFD1-4585-9078-5B2BE287E18D}]
"NameServerList"=hex(7):00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{60F08CBB-912B-4BD1-9D27-0CDDF1ACABA8}]
"NameServerList"=hex(7):00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{AB4AFE36-330A-4BD6-A6B7-191AA0D10DA7}]
"NameServerList"=hex(7):00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{AFA859EF-DE7C-4F7A-B3B3-BF22B098379E}]
"NameServerList"=hex(7):00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{C252009D-9D65-434C-8836-5B90BD8B8025}]
"NameServerList"=hex(7):00,00
"NetbiosOptions"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Security]
"Security"=hex:01,00,14,80,e8,00,00,00,f4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,b8,00,08,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,02,\
00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,14,\
00,40,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,00,00,14,00,40,00,00,00,\
01,01,00,00,00,00,00,05,14,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,\
00,00,05,20,00,00,00,2c,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Enum]
"0"="Root\\LEGACY_NETBT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

I am pasting this into notebook saving on a stick, moving to other computer, right click and saving as, then saving name as NetBt.reg, changing it to all files, and saving it on desktop. then I am dbl clicking it, or right clicking and merging, either one is geting the error

DavidR · « **Reply #57 on:** January 12, 2012, 12:58:44 PM »

Why didn't you just download the copy that I placed on dropbox for you to access Reply #52 above, just right click on that link and select Save As and use that.

I think it is because you are creating the file outside of the registry that it is getting somehow corrupted. If you are literally pasting just that into the new notepad file then it will fail as it doesn't have the Header line/s that is in my file:

e.g. Windows Registry Editor Version 5.00

Followed by a blank line before the other stuff.

essexboy · « **Reply #58 on:** January 12, 2012, 09:27:15 PM »

David's file is a registry file in its entirety so it just needs downloading to your desktop and clicking

As stated without the header it will not understand what you are trying to do...

Your crash course on windows is progressing well

Author Topic: HAVE AN ERROR had a virus now no internet Please, Please help (Read 19428 times)

Donjuan

Re: HAVE AN ERROR had a virus now no internet Please, Please help

essexboy

Re: HAVE AN ERROR had a virus now no internet Please, Please help

Donjuan

Re: HAVE AN ERROR had a virus now no internet Please, Please help

essexboy

Re: HAVE AN ERROR had a virus now no internet Please, Please help

Donjuan

Re: HAVE AN ERROR had a virus now no internet Please, Please help

essexboy

Re: HAVE AN ERROR had a virus now no internet Please, Please help

Donjuan

Re: HAVE AN ERROR had a virus now no internet Please, Please help

DavidR

Re: HAVE AN ERROR had a virus now no internet Please, Please help

Donjuan

Re: HAVE AN ERROR had a virus now no internet Please, Please help

Donjuan

Re: HAVE AN ERROR had a virus now no internet Please, Please help

DavidR

Re: HAVE AN ERROR had a virus now no internet Please, Please help

Donjuan

Re: HAVE AN ERROR had a virus now no internet Please, Please help

DavidR

Re: HAVE AN ERROR had a virus now no internet Please, Please help

essexboy

Re: HAVE AN ERROR had a virus now no internet Please, Please help