Posted 24 October 2011 - 02:32 AM
OK granted I have been in the IT field for approx. 20+ years, luckily this happened on my equipment and not a clients. (It was late and I was tired from working...lol)
The laptop this whole mess happened is my spare Dell Vostro 1000 with Windows XP Home Svce Pack 3 and all updates.
I ran combofix and AVG was accidentally running. It appeared as a clash happened and combofix closed. I tried uninstalling AVG and re-running combofix but it said it had expired. I can not remember which I ran first, superspyware, anti-malware, MSRT, AVG, CCleaner, or Spybot, but one of them said my IPSEC.sys and other was infected and in turn proceeded to removed it. I noticed some of my services were not running now. I checked my events and was getting 7023 and others with messages that this service is not available or ready for deletion and the such. Now I got a new copy of combofix and ran it, and it found one of the rootkits in my files and proceeded to do it's thing. The report finished and I closed it. I tried getting on the internet and nothing happened. I rebooted and then proceeded to re-run combofix. It finished and re-generated a report. *NOTE* both times it did not connect to it's servers to install the recovery console. I tried getting on again and nothing. I remember seeing about running repair it you can not connect and it did not fix it. When I did an ipconfig at a command prompt I got internal error occurred request no supported. contact ms product support services. addition info: unable to query host name.
As of this typing, DHCP Client, DHS CLient, IPSEC Services, Windows Firewall/ICS have not started.
Event Viewer/System shows ID 7003 TC/PIP service depends on IPSec nonexistent, IPv6 Helper Service failed to start due to dependency service.
Any help is GREATLY appreciated and believe me THIS will never happen again.