Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Network Connections Empty


  • This topic is locked This topic is locked
3 replies to this topic

#1 MotoGeek

MotoGeek

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 28 December 2008 - 01:34 AM

Dec. 27,2008
I had svchost making zillion SMPT connections.
Eventually I got rid of it by running MalwareBytes AntiMalware program.
That resulted in this state:
-- Network Connections Folder is empty.
-- Network Connections Service is missing altogether in "Services". (not listed)
-- "Workstation" Service also missing in Services. (not listed)
-- No Network Icon in Tray
-- IPCONFIG shows 0.0.0.0

Tried so far:
-- regsvr32 netshell.dll, regsvr32 netcfgx.dll, regsvr32 netman.dll...all returned success..but made no difference.

Any help will be much appreciated. Thanks.

Dec 28, 2008
:thumbsup: SUCCESS
Following Missing Keys Added to Registry "HKLM\SYSTEM\CurrentControlSet\Services" (exported from another XP-SP2 laptop)
-- dhcp
-- DNSCache
-- lanmanserver
-- lanwanworkstation
-- netman
-- nla
-- rasman
-- ShellHWDetection

Result:
-- I got the icon in Tray back, along with Network Connections in Conrol panel.
-- Icon shows "connected"
-- However, no flow of packets in either direction

Next: Did following:
-- netsh winsock reset
-- netsh int ip reset

Result: Nothing...same as before.

Next: Uninstalled NIC in Device Manager and re-booted.

Now every thing good !!

Hope this helps some one else.....I have searched the internet for 3 days and not found this any where !!

:)



DDS Log below:
______________


DDS (Version 1.1.0) - NTFSx86
Run by kputcha at 1:21:51.33 on 12/28/08
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.136 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LckFldService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\Explorer.EXE
G:\DDS\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = wwwgate0.mot.com:1080
uInternet Settings,ProxyOverride = *.mot.com;*.gl.com;<local>
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: NoExplorer - No File
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
BHO: IeCaptureBho Object: {7c1ce531-09e9-4fc5-9803-1c2956615786} - c:\program files\google\google desktop search\GoogleDesktopIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: NTIECatcher Class: {c56cb6b0-0d96-11d6-8c65-b2868b609932} - d:\program files\xi\nettransport 2\NTIEHelper.dll
BHO: {FFFFFEF0-5B30-21D4-945D-000000000000} - No File
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
TB: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - No File
TB: {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [srmclean] c:\cpqs\scom\srmclean.exe
mRun: [TV Now] c:\program files\hpq\notebook utilities\TvNow.exe /RK
mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [TaskPlus] c:\progra~1\taskplus\TASKPL~1.EXE
mRun: [CARPService] carpserv.exe
mRun: [MXOBG] c:\windows\MXOALDR.EXE
mRun: [NWEReboot]
mRun: [WpsRePsw] c:\windows\system32\spool\drivers\w32x86\2\WpsRePsw.EXE
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winfax~2.lnk - c:\windows\system32\wfxsnt40.exe
uPolicies-explorer: EditLevel = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: SpecifyDefaultButtons = 1 (0x1)
uPolicies-explorer: Btn_Search = 2 (0x2)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Download with Star Downloader
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
Notify: biwdulem - biwdulem32.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\symantec\winfax\WfxSeh32.Dll

============= SERVICES / DRIVERS ===============

R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\aw_host5.sys [2001-10-22 33496]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\awlegacy.sys [2000-9-11 10816]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
R2 WpsPeppy;WpsPeppy;c:\windows\system32\drivers\WpsPeppy.SYS [2000-1-20 31968]
R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [2002-11-22 26112]
R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2004-2-17 292352]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2004-2-17 273536]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.SYS [2002-11-22 16512]
S0 ati6ioxx;ati6ioxx;c:\windows\system32\drivers\ati6ioxx.sys [2008-12-10 32768]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys []
S2 VGABIN;VGABIN SYSTEM SERVICE;c:\windows\system32\VGABIN.exe -start []
S2 VRDVC10;Sony VRD-VC10 [Video Capture];c:\windows\system32\drivers\vrdvc10x.sys [2005-1-10 31104]
S3 acfva;acfva;c:\windows\system32\drivers\acfva.sys [2004-4-10 28445]
S3 AIR300;Sierra Wireless AirCard 300 CDPD Driver;c:\windows\system32\drivers\ac300nd5.sys []
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2001-11-2 114749]
S3 Cerberus FTP Server;Cerberus FTP Server;d:\program files\cerberus\Cerberus.exe -Service []
S3 DumpTimer Service;DumpTimer Schedule Service;d:\program files\dumptimer\DTService.exe [2004-7-11 1998852]
S3 EL3C589;3Com Megahertz LAN PC Card Driver;c:\windows\system32\drivers\el589nd5.sys [2004-7-7 26141]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575nd5.sys [2004-6-7 69692]
S3 MSW;Microsoft Broadband Networking Driver;c:\windows\system32\drivers\MN520-51.sys [2003-6-19 647168]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [2007-4-28 169984]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.SYS [2004-3-18 184576]
S3 SampleService;Sample NT Service;d:\my documents_original\downloads\vb_nt_svc\NTService.exe [1999-6-6 28672]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;\??\d:\program files\ufasoft\sniffer\usft_sn4.sys [2007-4-29 15728]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys []

=============== Created Last 30 ================

2008-12-27 20:35 <DIR> -cd----- C:\Reg_backup
2008-12-27 18:23 36,864 a------- c:\windows\system32\LCKFLDSERVICE.EXE
2008-12-27 17:58 5,878 -c------ C:\WinsockxpFix.exe
2008-12-27 15:52 18,944 a------- c:\windows\system32\simptcp.dll
2008-12-27 15:25 <DIR> -cd----- C:\!KillBox
2008-12-27 07:42 <DIR> --d----- c:\docume~1\kputcha\applic~1\Malwarebytes
2008-12-27 07:41 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-24 12:28 143,360 a------- c:\windows\system32\dunzip32.dll
2008-12-24 12:05 <DIR> --d----- c:\program files\McAfee
2008-12-23 21:03 <DIR> --d----- c:\docume~1\kputcha\applic~1\Locktime
2008-12-23 20:54 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Locktime
2008-12-23 10:25 <DIR> --d----- c:\program files\ComcastToolbar
2008-12-23 10:25 <DIR> --d----- c:\docume~1\kputcha\applic~1\ComcastToolbar
2008-12-23 10:11 <DIR> --d----- c:\docume~1\kputcha\applic~1\Ethereal
2008-12-21 16:13 <DIR> --d----- c:\windows\ERUNT
2008-12-21 16:01 <DIR> -cd----- C:\SDFix
2008-12-17 10:35 <DIR> --d----- c:\docume~1\kputcha\applic~1\Auslogics
2008-12-16 06:28 533 a------- c:\windows\system32\MRT.INI
2008-12-10 08:35 32,768 a------- c:\windows\system32\drivers\ati6ioxx.sys

==================== Find3M ====================

2008-12-27 20:47 3,103 a------- c:\windows\system32\HPANT.DAT
2008-12-21 15:22 2,616 a------- c:\windows\system32\tmp.reg
2008-12-16 05:54 14,336 a------- c:\windows\system32\svchost.exe
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-03 05:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2006-05-05 04:48 3,550,208 ac------ c:\documents and settings\kputcha\ArubaOnline.zip

============= FINISH: 1:23:09.47 ===============

Edited by MotoGeek, 28 December 2008 - 11:42 AM.


BC AdBot (Login to Remove)

 


#2 MotoGeek

MotoGeek
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 28 December 2008 - 01:25 PM

Should have added:

-- Reboot after each step

:thumbsup:

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:54 AM

Posted 09 January 2009 - 07:17 AM

Are you needing help or just sharing information? I am glad you were able to solve your problem. Do you know why the files were missing?
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:54 AM

Posted 19 January 2009 - 03:02 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users