Rootkit Zero, tcp/ip

Hello all, my cousin's computer is killing me. He is coming upstairs and taking ove my brand new 55inch led, because his internet wont work in his "room". I have performed, to no avail, the read/run. The only error I ran into was combofix telling me the rootkit was there and when it took forever to save log, infact i ended it and ran again, no rootkit warning, but it also did not finish log again. SOme things ive tried: ipconfig /release and renew. it tell me the ip has already been released. when doing renew="error occurred while renewing interface local area connection 3:rpc server is unavailable", he tried uninstalling and reinstalling....?something?...drivers, hardware, not sure. If someone could please help he (I) would appreciate it.

 

SAS and mbr log maybe...

 

Hi and welcome to Major Geeks, jdoginc!

========WARNING========
The below is specifically for jdoginc's computer
Do NOT run the below if you are not jdoginc
Doing so may damage your PC!
========WARNING========

Attached is afd.zip

Inside is:

• afd.reg
• fixme+restart.bat

Extract both files to the infected computer's desktop.

First double-click afd.reg and allow it to merge into the registry. You should receive a successful message.

Now reboot your PC.

Once you have rebooted...

Test your internet, If it still is not working, run the fixme+restart.bat file by double-clicking it.
Your PC will reboot again. Once you are back in Windows, test your internet again.

If it still does not work, attach the fixme_results.txt file the .bat file created.

Reviewing the rest of your logs for malware traces.

 

http://img823.imageshack.us/img823/2039/msnmsg.gif Please download Disable/Remove Windows Messenger by Doug Knox to your desktop.

• Double-click MessengerDisable.exe to run it.
• Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
• Click Apply
• Click Exit

http://img194.imageshack.us/img194/4930/combofix.gif Now download and run ComboFix and attach the latest log. The one you attached was from Feb 2011.

http://img195.imageshack.us/img195/9049/javaz.gif Now install the current version of Sun Java from: jre-7u2-windows-i586.exe

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

Let me know how the system is running after you have completed the above steps

 

WHoops! so I did some things out of order, I read the second post you made, and did that, with the exception of the combofix log, because I attached the wrong one but have the new one. Then I saw the second post and did that. sorry. I:
1. uninstalled/Hid the messenger
2. INstalled Java
3. saw the second post and ran the afd.reg.
4. rebooted
5. the internet works!
I have NO TIME today, given that it is Christmas weekend, so as soon as i appeased him, I jetted. I really really appreciate the time you have taken to resolve this issue so quickly and easily (well easy for me!) I will attach the combofix log i ran on the 23rd. Thank you again, and I will be rerunning the combofix and mgtools when I can.

 

No problem, we'll be here
Merry Christmas