BleepingComputer.com: Firewall/ICS Issues

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Firewall/ICS Issues Split from different topic

#1 User is offline   sydsbengals 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 21-December 11

Posted 21 December 2011 - 09:10 PM

View Postjsw30143, on 20 December 2011 - 12:45 PM, said:

After removal of a Rootkit with Combofix, I can no longer get on the Internet, however everything else seems to be working fine. Here is what I get when trying to restart the Windows Firewall/Internet Sharing Connection Service. (Could not start the Windows Firewall/Internet Connection Sharing (ICS) service on Local Computer. Error 2: The system cannot find the file specified).

The OS is Xp Media Center Edition, SP3. Trend Micro Anti-Virus

Any Ideas?



Have the same problem. Ran the Farbar scan and below's the log.help....

Attached File(s)

  • Attached File  FSS.txt (2.71K)
    Number of downloads: 3

This post has been edited by hamluis: 21 December 2011 - 09:19 PM
Reason for edit: Split from different topic, PM sent new OP.

#2 User is offline   sydsbengals 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 21-December 11

Posted 23 December 2011 - 05:18 PM

help......

#3 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 23 December 2011 - 07:43 PM

Farbar Service Scanner
Ran by nc6220 (administrator) on 21-12-2011 at 20:44:31
Microsoft Windows XP Professional Service Pack 3 (X86)
********************************************************

Internet Services:
=================
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Nsi Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open Nsi registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open Nsi registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open Nsi registry key. The service key does not exist.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


Connection Status:
=================
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
================
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
========================


System Restore:
==============

System Restore Disabled Policy:
==============================


File Check:
==========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

**** End of log ****
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#4 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 23 December 2011 - 07:45 PM

You have at least one system file and one registry key missing.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :filefind
ipsec.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users